CIOs need IT governance rethink

CIOs will need to rethink their IT governance policies as employees turn to social media tools to collaborate at work, according to research from analyst group Gartner.

CIOs will need to rethink their IT governance policies as employees turn to social media tools to collaborate at work, according to research from analyst group Gartner.

IT departments make the mistake of ignoring social media at one extreme or banning it at the other, when what they really need is a risk based strategy, says Gartner research director Julie Short.

"Just locking down systems is not a good approach. As social media becomes more a part of business, people find more creative ways of getting around the controls," she said. "You don't want them to do that. You want to know what they are doing."

Gartner: Three actions to support governance as business gets social. Click here to download this article from Garner. (Requires registration)

Gartner advises CIOs to look at the risks of social media to the business as a whole, not just the IT department.

The strategy will need to recognise that certain parts of the business are more risk averse than others, she says.

For example, HR and marketing may adopt social media and collaboration tools very quickly, while finance departments will be more cautious, and may have to take regulatory issues into account.

It is also important for CIOs to understand who the audience is for social media to assess the potential risks to the business.

"The danger is adopting social collaboration, is to take a thoughtless approach, without understanding the consequences, " she said.

"Propriety information may be opened up to people in the wrong part of the organisation or the outside. That might create issues for audit and compliance."

But a too prescriptive approach can make it harder for employees to do their jobs effectively.

Social media will encourage businesses to adopt principles based governance policies, that will leave more discretion to employees, rather than introducing strict controls.

"It brings in the human factor and we are not accustomed to that," she said. "How do you enforce principles, and how do you make your employees adhere to principles ? It's a completely different mind-set."

The biggest problem with governance in IT is that people have very different views what governance means, says Short.

"Many times when you are speaking with different individuals you have to clarify what you are talking about. In many instances governance equals control. But its also about decision making and being clear in the organisation what decisions are being made."

Principles for managing risks


1. Have a social media strategy



2. Understand the audience



3. Understand the risks


Sign-up to Computer Weekly to download articles from Gartner analysts:

Enterprise IT



Three actions to support governance as business gets social

The security risks of outsourcing

CIO briefing: The future of client computing

CIO briefing: The future of Oracle SPARC

How to measure the business impact of outsourced services

Two-tier ERP strategy - considering your options

Microsoft SharePoint: Watch out for new kinds of content and applications to manage in 2011

How businesses can make use of social apps

The IT department

How to plan the size of your IT department

The role of the IT department in mergers and acquisitions

Mobile IT

Android 2.2 for the enterprise

The future of videoconferencing

Cloud computing

The impact of cloud computing in retail

The impact of cloud computing on suppliers in banking

7 configuration management tips for virtual and cloud infrastructure

Public sector

Further IT spending cuts likely in Europe's public sector

Five Roles for Government in Cloud Computing

Read more on IT governance

Data Center
Data Management