Wikis are the future, but must be secure
A senior Microsoft lawyer explains the new tension between the use of wiki-style data and the increased level of data privacy policy.
The next generation workforce will use wiki-style technology in the enterprise, but the right controls must be in place to keep classified corporate data safe.
This was according to Thomas Daemen, senior attorney at Microsoft, who was talking about the competing tension between privacy law and distributed collaboration in Madrid at ISSE 08.
Daemen referred to Microsoft's own Sharepoint, but he was also talking about other companies who had their own tools which he claimed had three characteristics ease of use, decentralised control (not controlled by IT experts) and their vast storage and retrieval qualities.
He warned that from the increased use of this tech there was the danger of losing legacy data out there which could become problematic as large amounts of decentralised data is "shunted" into these collaborative tools.
Daemen said: "As you build into your corporate infrastructure greater search capabilities in the hope and expectation of expanding the use of distributed collaboration tools, you also make it easier for all those employees to access legacy data.
"Don't forget the history it will come back to bite us," he added.
He also said that because tools were so easy to use, groups within the business would build their own internal practices and set their own rules. Instead of the traditional HR and IT mechanisms for hiring and recruiting, it had shifted to much more free and open collaboration.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"For example, a group within an organisation is looking to hire somebody. They may use a distributed collaboration tool as a means of sharing thoughts and comments about the people who are interviewing for that job."
This new collaborative way of working conflicted with new compliance and data privacy laws that had very specific rules and mandates with more governmental scrutiny.
Daemen said that the resulting problems could be solved by following a find, fix and notify plan find the private data that has been distributed and hasn't been locked down, fix the data and lock it down, and then notify people and educate them about the challenges.