This week I had an engaging conversation with Mike Gotta of Burton Group, whose enterprise and architecture chops are as strong as anyone I know. Concerning enterprise social software, Mike says he’s seeing an increase in the breadth and depth of questions from his clients about security, privacy, control, and regulatory compliance. As I talked about Socialtext at a platform and architectural level, he encouraged me to talk about it more openly, so here goes.
Enterprise 2.0 requires much deeper thinking than merely copying Web 2.0 patterns, throwing in a little SSL and email integration, and charging money for it. In order for enterprise social software to enjoy long term success, vendors must recognize the importance of security, privacy, identity, IT policies and procedures, and architectural fit, etc. The entire team at Socialtext has deep enterprise pedigrees, and that experience has been key to the robust architectural and design choices we’ve made over the years.
In our early days, we learned a great deal about the dynamic tension between privacy and collaboration from pioneering the use of wikis in the enterprise. On one hand, we learned that too much privacy is an anti-pattern for collaboration and social software adoption. For example, if different pages in the same workspace have different privacy settings, people can get very confused about who can see or edit which content. On the other hand, we also learned that granular privacy can dramatically encourage collaboration because it helps people feel comfortable about the context of the group and the people with whom they are sharing. People naturally understand what’s appropriate to be shared in the “virtual watercooler” or “social intranet,” while the “Leadership Huddle Workspace” gives executives the confidence to discuss confidential or sensitive topics without worrying about leaks.
As we embarked on building out our complete Enterprise social software suite, we wanted to build a sophisticated privacy model into the architecture. It’s important for privacy rules and patterns of user experience to be as consistent as possible. This is key not only for enforcement, but also for adoption. I’m pretty proud of how well this has held up since we introduced Socialtext 3.0 back in September 2008, and especially since we rolled out our enterprise microblogging capability, Socialtext Signals.
To illustrate our privacy strength, take a look at how we implemented “Edit Summary,” which lets you summarize your edits to a wiki page. Some examples of edit summaries you might write: “Added links to Mike Gotta’s blog post” or “reorganized the lead paragraph.” Alongside edit summaries, we added a nice little feature called “Signal this edit”. If you choose to “signal this edit,” Socialtext sends the text of your edit summary out as a Signal (a short microblogging message) to your colleagues.– That signal will also contain a link back to the page you just edited. And it’s here where privacy safeguards are so important. What if the page you were editing was in a confidential workspace called “Acquisition Planning,” and the page was titled “Functions to be combined and reduced”? Could someone accidentally Signal this edit to the whole company?
The answer is no, and that’s because of the Socialtext platform’s underlying privacy architecture. The Signal you send, regardless of how broadly you send it (accidentally even), will only be visible to those people who have view privileges to that confidential workspace. From a technical perspective, this privacy is enforced on the server side. It is not an exercise left to the developer writing client-side code, a key to enforcing privacy rules in a consistent manner.
Privacy is a design pattern in the Socialtext platform. It applies to visibility (who can see a Signal, a group, a page) and participation (public vs. private vs. semi-private groups). This is on top of the fact that security is a core capability of our platform – whether it’s our shared hosted service, or our SaaS appliance that customers install inside their own firewalls. We’ve been thinking about and working on this for a long time – Adina Levin has written a few blog posts on the importance of privacy in enterprise social software, which I encourage you to read: Data Sharing, Context, and Privacy, What’s Different about Enterprise Twitter?, and Enterprise OpenSocial – A Year of Progress
But we never waver in our attention to these issues. We’re constantly listening to our customers and industry experts to see how we can make it better. It excites us that our customers do mission critical work inside our product, and our team constantly makes improvements in our agile development cycle to keep up with their complex privacy and security requirements.