From the user's point of view, it's not a complicated problem. I use Facebook, I blog, I twitter, I use an iPhone, I read RSS feeds, and I want to harness all this in my work as well as at home, for professional and personal benefit.
But when we start looking at things from a business point of view, the situation becomes much more complicated. The two main issues are technical support and intellectual property (IP). Technical support first; at the recent assignment, all the companies round the table were massive (all 100,000+ employees, I think). Supporting the technological needs of a company this size presents all sorts of problems, especially when you consider the breadth of employee technical competence. Computers are locked down to some degree, ensuring that virus protection updates and other software are pushed up to the user at frequent intervals, and unknown / unsupported software can't be installed. This makes the job of the IT department manageable, at least. And then there's IP; these companies all have ideas which need to be protected. Documents need to be stored safely, and the IT department is charged with preventing information from being leaked (either intentionally or accidentally).
But times change. Users are demanding greater freedom. The workforce is becoming far more adept at fixing their own technical problems. New technology and services offer significant benefits to the enterprise. And smaller, nimble companies (without support or IP legacies to worry about) are gaining a commercial edge through embracing these technologies. How should large companies change in this environment?
I believe there are a few principles which need to be embraced. First of all, recognise that this is first and foremost a cultural change. It isn't something that can be addressed just by changing a policy document. In the course of writing this post, I came across this wonderful description on Deborah Schultz's blog:
If you are an individual it is about creativity and expression and connection. If you are a company it is an attitude, behavioral and cultural shift. It should be about persistence and dialogue and being in it for the long-haul. It is strategic.Well put.
I'm sorry I keep bringing up the Cluetrain Manifesto, but once again it's totally relevant in this discussion. Customers are staff. Staff are customers. Technology is just an enabler. It helps us find new ways to engage in conversations, which lead to relationships, which lead to transactions.
The second principle is leading from the front. Why waste so much time focusing on weighty policy documents that staff don't even read? And which need to be re-written every time new technology challenges existing principles? The best way to help people understand the cultural change is by example. It also encourages people to share their findings, meaning the benefits multiply through the organisation.
That isn't to say there shouldn't be a policy. You need something which defines where the line is drawn. Some staff might need this for reference, especially if they're unsure. But I believe the main reason for defining this line is so that the security and IT guys agree how to support the employees, NOT as a stick to hit people with when they wander close to the line.
And that's the key. Define the people's needs. Design the policy and system around those needs. Keep the policy lightweight to keep it manageable and allow for the unforeseen technical advances to come. Then sit back, watch staff morale go up, watch innovation manifest itself throughout the organisation, watch staff retention improve and watch efficiencies spring up. Sure the IP and support issues increase, but the benefits outweigh the risks.