4 Replies Latest reply on Jan 28, 2011 8:32 AM by Bart.Schutte

    Mitigating the risks of email


      This morning, the president of the BU that ran our Jive Pilot  gave a presentation to our steering committee.. It was an excellent  presentation and underscores that we all can be as expert as we'd like,  we will never have the credibility in talking to SVPs that one of their  own does. Key message : do what ever it takes to get an SVP on board,  convinced, and willing to talk to others.


      He made a very important points about risks with email and how Jive can mitigate them.


      We  talk about the risks enabled by social business software, but there are  risks as well with email that we tend to ignore, and which can be  addressed by moving the conversations out of email and into a social  business solution.


      1.  With email, conversations can occur that are completely invisible to  management but which, in the context of e-discovery, can prove  devastating for the company. It is well known that law suits can be  based on an email exchange between two low-level engineers that no one  in the management ranks was even aware of.


      • If you move these conversations from email to Jive, they are then visible to management and corrective action can be taken.


      Today,  much knowledge is captured in email exchanges. Unfortunately, for the  organisation, this knowledge is unusable because it is not visible and  shared with the rest of the organisation. But the important risk to the  organisation is that it is very easy for someone leaving the group to  copy all of their Outlook PSTs to a CD and take it home with them.


      • By moving the conversations to Jive, you make the knowledge visible, accessible, and usable to a larger audience.
      • You also make it harder for someone to take with them.
      • And you get an audit trail of who has read and downloaded what.
        • Re: Mitigating the risks of email

          Bart, excellent post! It reminds me of a question I had around this subject when we were launching our employee community (posted here). It is true that capturing conversations an information in a platform such as Jive can actually be more secure than email alone.



          • Re: Mitigating the risks of email


            I was wondering about these last two items



            •   You also make it harder for someone to take with them.


            •   And you get an audit trail of who has read and downloaded what.

            Did you do a custom implement?  Where do you collect the audit trail?



              • Re: Mitigating the risks of email

                Regarding the first point, it is laborious for someone to go through all of the Jive conversations where something of interest was said and download it to their machine.  Far harder than copying their Exchange PSTs.


                Regarding the second point, if you activate the full tracing Jive (it is not set by default) you will capture all events in a log.  It is this log that is used for generating Analytics using the Jive Analytics module.  And is this log that will allow you to see what the person has done.  I don't know if there is a stardard Jive interface for showing this as well.  But the log captures views (unless my team has misinformed me).  And so when someone leaves the group and you suspect that they have taken material, you can look at the logs and see if in the last few days their activity level spiked.  Again, you have no trace that they copied their PSTs. 


                Now, there is a fine line here on personal data protection.  A company has the right to look at what an individual has done if they suspect that there has been a breach. They do not have the right to report all activites for all users on a monthly basis.