Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Security, compliance come before collaboration

Vanguard is trying to balance regulatory compliance needs with its adoption of Web 2.0 tools

Enterprise 2.0 strategies are becoming more popular among companies today, but there are serious logistical and legal challenges along with the expected benefits of using social collaboration tools.

This is especially true for companies like Vanguard, a mutual fund with roughly 12,500 employees and US$1.3 trillion in assets under management, said Abha Kumar, principal in the information technology division, during a presentation at the Enterprise 2.0 conference in Boston this week.

Due to the nature of its business, Vanguard must contend with a wide variety of regulatory guidelines and compliance matters, with scrutiny coming from government agencies such as the U.S. Securities & Exchange Commission, private auditing firms and foreign regulators, she said. "We can never, ever let our clients' data get outside our four walls."

Therefore, historically, Vanguard's IT department has behaved quite conservatively, she said. "We tend to lock it down first and then open it up as the need arises."

She offered one example: Until recently, GPS capabilities on corporate BlackBerries were disabled. That didn't change until an executive called and asked for GPS to be turned on, as he was lost in Ireland, she said.

But despite these constraints, Vanguard has begun adopting Web 2.0-style tools, through a three-tier strategy focused on mobility, collaboration and "enriching" communications. Employees have responded enthusiastically, said Andrew Lazzaro, a Vanguard IT manager who co-presented with Kumar. "They're dying for it."

Still, the pace of progress has been deliberate. Vanguard only recently gained instant-messaging capabilities, because just like e-mails, it had to first figure out a way to save each message in a non-rewriteable format. The same goes for content produced by the company's emerging set of wikis and blogs.

Vanguard remains extremely conservative with regard to non-corporate social applications. While company users can access Vanguard's own Facebook page, they can't post messages to it or access any other pages on the site.

But "only so much can be done on the IT side" to ensure social tools are used in a secure and compliant manner, Lazzaro said.

Businesses have to work on a sound governance strategy before turning on such systems, as without one, they risk having "a real mess on [their] hands," Lazzaro said.

For example, Vanguard has created an array of collaboration sites for teams around the company. A manager is assigned to each site and held responsible for monitoring the content constantly to ensure compliance, Kumar said.

Users from a wide variety of departments should be heavily involved in the planning and development of any new social system, as they can provide valuable insights into whether the project is meeting regulatory guidelines, Lazzaro said.

Meanwhile, IT staffs need to consider the operational impact certain Web 2.0 tools could have, he said. "From day one, you've got to start thinking. Videoconferencing? What's that going to do to my internal bandwidth? Is that going to start bringing down my business applications?"

Looking ahead, Vanguard is planning to expand its use of collaboration sites and pursue "device independence," he added. "These social tools ought to work no matter the device employees are using."

It also plans to work on better integrating its range of social software. "As an IT shop we've been throwing puzzle pieces out there all over the place," he said. "We've got to bring these all together so they don't feel like stand-alone tools."

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Andrew, Facebook, IDG
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: collaboration, compliance, enterprise 2.0, security
Latest Blog Posts
Whitepapers
  • Government Communications 2.0
    The problem with data is that it’s only useful if you share and use it. Equally, the more data we share electronically, the greater the risk of it falling into the wrong hands. Public sector organisations can’t function without legitimately gathering and using personal information about the citizens they are mandated to serve. Technology has made a significant contribution to that process, but has also brought new risks. Read on.
    Learn more »
  • Staying Secure and Preventing Data Leaks in a Cloud-obsessed World
    If your organisation is to benefit from this explosive growth, it needs to be able to exploit all that the cloud has to offer. But at the same time, it is vital to protect your company’s employees, networks, data and reputation from the risks that exist in the cloud.
    Learn more »
  • Botnets: The dark side of cloud computing
    Botnets pose a serious threat to your network, your business, your partners and customers. Botnets rival the power of today’s most powerful cloud computing platforms. These “dark” clouds, controlled by cybercriminals, are designed to silently infect your network. Left undetected, botnets borrow your network to serve malicious business interests. This paper details how you can protect against the risk of botnet infection using security gateways that offer comprehensive unified threat management (UTM).
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments