Features

7.Beware the Stealth Attack and Stay Alert to Operational Risk

CIOs also need a better understanding of which social networking sites are relatively safe and which potentially dangerous. Late last year Facebook admitted its Beacon ad service was far stealthier than previously acknowledged.

The controversial ad system was tracking users' off-Facebook activities even when they were logged off from the social-networking site, and even where those users had previously rejected offers to have their activities on specific external sites broadcast to their Facebook friends. While Facebook insisted it was deleting the data transmitted back to its servers, the claim sparked outrage and forced the modification of Beacon. Even so, analysts warn the proliferation of social networking services suggests such privacy violations are likely to continue.

Sultan says other privacy issues include the danger of personal information being on-sold to the new owners of an application, and employees uploading their entire Outlook address book to a social networking site. "There is a huge danger of the 'corporate common man' or 'corporate common woman' inadvertently exposing their employer to risk," he says.

"A lot of this is completely uncharted territory and you've got a lot of legality issues. The CIO needs to look at it from a policy perspective.

"Fifty per cent of companies in the US ban Facebook at work. You need to remember that there is a multitude of different devices that people will be accessing information on from work and you really can't be a Nazi about it. At the same time, you're going to have to try to address work efficiency, and keep the peace between multiple groups of people from completely different generations.

"So there's that kind of social and policy concern. There is also the technological concern of what are these applications doing? Are they scraping information? Are they being loaded onto desktops?"

Even so, Joyent 's Boothby sees little risk of blogs or wikis opening up holes in the firewall, since most such technology internally is controlled in the data centre. But he warns there is a risk for the CIO from an operational perspective.

The open Internet is about general communication, whereas behind the firewall, inside an organization it's about operational efficiency. The tools that were designed for open freewheeling communication are not necessarily the best tools to help you deliver operational efficiency behind the firewall, he warns. So while a wiki may be a good thing outside the firewall, it may not have sufficient structure to be successful behind the firewall.

"My opinion is that when CIOs are setting up and starting to use some of these things it's best to experiment in the small group, it's best to run it on the flexible infrastructure, and it's also best to think about things that actually have enough structure to solve specific problems."

"I think for true Enterprise 2.0 stuff, it will still take a little while before they are as prevalent as Excel, but that doesn't mean that companies can't successfully start to benefit from them very quickly," Boothby says.

8.Know That Mashups'll Mess You Up

Beware the mashup - Web applications that combine data from more than one source into a single integrated tool, described by The New York Times as being "at the heart of a generation of Lego-style software that is emblematic of the second generation of the Internet".

While mashups may be growing in popularity, they have major security problems, warns Rick Welykochy, director of Australian company Praxis Services, who says the phenomenon reminds him of the notion of millions of monkeys typing on keyboards in an attempt to produce something legible. Plug-in and drag 'n' drop programming is not new, Welykochy points out. It is simply new to the Web. But often component "glue" in the form of programming "fu" (nous) is required to make components interact with each other correctly.

"I once watched someone drag 'n' drop a 'browser component' into a Delphi workspace windows. Voila! A new Web browser to take on the likes of Netscape and Internet Explorer. Not. A weak piece of componentry that was totally inadequate for its intended job.

"Methinks this is yet another novelty aimed at the me-too gadgetry generation that will have minimal if any use in the enterprise. Hey, but then again, the CEO of IBM predicted the need for only five or six computers worldwide back in the 1940s. So I could be wrong," Welykochy says.