Many, including me, have said that if you get something for free, you are being sold, but while that was mostly about information, what other risks are out there for using free. Are you violating obligations, contractual provisions, allowing someone else to sift through your stuff and steal your idea? It is extremely important that you are fully aware of what you are agreeing to when you sign up to a free service. If you are on the employer side, this is one of those risks you need to be aware of and properly train your employees.
First off, this is going to scare some people out there. Mostly IT security people. Though they are already pretty scared about how little friction there is between confidential information and the big wide world out there. Second, while some have hailed consumerization of IT as a way to reduce expenses, you need to understand that it isn’t really all that advantageous to pass all those costs to your employees, because they will always go for free.
Tablets, iPhones, note-taking and meetings
Have you been in a meeting lately that didn’t have at least one iPad in it? If you are that minority, what about iPhones? Were they employee owned or employer owned? The more friction you put in front of employees doing their job the more probable it is that they will turn to easier to use solutions. Many employers have turned to secure containers, even on employer-owned devices, but what is available there? Good For Enterprise is a pretty decent solution to prevent your corporate information from being exposed to the other applications on your device. It allows you to have other applications in the container as well.
What applications do you allow? Do you have a good, easy-to-use note-taking app in there? If you don’t, I will guarantee that you have confidential information floating around in the unsecured cloud out there. Apps like Simplenote, Soundnote and Daily Note + Tasks are all incredibly useful productivity enhancing tools. They all have a sync function built into them. Do you know where they are pushing that information to? If you are just taking notes for the local book club, who cares. Your employees that are taking notes in that planning meeting are a different matter. Much like life finding a way in Jurassic Park,:
your employees will find a way to be productive. Put barriers in front of them and they will just break them down. That is why trying to control them is so darn hard. They want to do the right thing. They want to help your company. You need to show them how to do that instead of telling them they can’t.
The knowledge economy changes the world … of employee risk management
In the days of yore when manufacturing ruled the roost, employees went to work, did their shift, and then went home. They couldn’t do anything when the got home. Today with the distributed nature of information and work, we are never far away from our work. Want the productivity gain of someone thinking about your business problem on Saturday morning? Of course you do.
Knowledge workers and the new workers entering the workforce know they can work wherever and whenever they feel the most productive. Trends like results oriented work environments (ROWE) recognize that at the end of the day the most important thing is getting the work done. These workers believe it too.
Supporting the knowledge worker
Supporting these workers requires that you think like them. That you wonder how to make them productive, and ask them how they want to be productive. Then supporting that, or explaining, in good ways, how you can’t do that. That includes showing them how open their data is out there in the wild. I once heard of an employee using Google Voice to field their work calls. What they didn’t realize that the neat transcription service meant that Google had a transcript in their servers of potentially very sensitive information. Even if you trust Google, what about the fact that they emailed them a transcript of the voice mail. Not to their work address, but to the gmail account.
This is the problem with cloud services for your IT security people. It gets distributed and then it’s like all the bad stuff in Pandora’s Box. You can’t put it back. Understand that your employees are trying to do the right thing. Also understand that by putting barriers in front of them will force them to go around them.
Contracts, confidentiality and lawyers, oh my
As you move information to any cloud based service, including some of these container services, you need to audit your contracts with providers and your clients. You may very well be in violation of the confidentiality provisions there if you aren’t effectively managing your employee’s data collection and use.
If you are a lawyer, you have an additional worry. You have an ethical obligation to protect your client’s information. Have you audited any of the information security processes of these note-taking apps? What about your use of DropBox to send information. If you aren’t paying for it, what is your recourse when they have a breach? Will you be held liable as well? If the service is free, you can bet your bottom dollar that the free provider is not going to indemnify you at all.