Governance Gone! Wild!

While to some the acronym, ‘GGW’ might conjure up beautiful visions of fancy tour buses traveling the country capturing everything in sight on video for the whole world to see (as long as you pay the $9.99 per DVD, or opt for the $19.99 for full-DVD collection, or get their online subscription for $9.95 per month — or whatever it costs), I have just witnessed a different version of ‘GGW’ that is anything but beautiful.  In fact, ‘Governance Gone! Wild!’ is down-right scary!

I recall the Dreamforce 2012 conference in San Francisco a few years ago.  I was impressed with the creativity of all the Software as a Service (SaaS) applications available built upon the Force.com, heroku and/or other Salesforce platform services.  There were apps for this, and apps for that, and apps that work with other apps, and integrated apps.  In fact I’m on “app-overload” right now and tonight, instead of sweet sugar plums dancing through my head, I will most likely have a nightmare about all the possible lack of governance issues that are not being addressed in this quickly-evolving ‘cloud’ environment.  It’s truly like the Wild West!

This is not to say that these SaaS application vendors have overlooked governance issues completely.  In fact I suspect many of them take these items seriously and have built their respective solutions accordingly.  However, I can tell you what is an obvious generalization is the main pitch-points in these solutions is (1) easy user experience with a simple, familiar web-interface and (2) ability for organizations to self-manage or re-configure solutions without the need for costly professional services or software development.  These are not bad pitch-points in the least but what I must say is that conversations seem to rarely dig too much deeper than the surface of some point-and-click functionality and a demonstration or two.  I admire these vendors for their passion to solve very specific needs for enterprise customers and I’m invigorated with their energy to quickly have their Killer SaaS app deployed and being utilized by their customers to improve operational efficiencies.

Yet, as I put myself in the shoes of the SaaS vendor the last thing I would want to do is possibly slow down the sales cycle by bringing up governance and organizational readiness topics such as policies, processes or people that wasn’t directly related to my particular technology.  These topics are somewhat related to the technology but it’s more about the organizational readiness by the customers themselves.  We must remember that these applications are promoting their solutions to enterprise organizations, not consumer.  Therefore, I would like to give one specific example of what caused my “Governance Gone!” nightmare.

 

Wild! 

As seen below in the photo below (not to the left), Salesforce.com introduced their new “marketing cloud”.  At the Dreamforce conference they setup an example of the ‘Dreamforce Social Media Command Center’.  They had a full-time agent at each of several work stations.  Each of these work stations was monitoring a different social media feed.  One each for Facebook, Chatter, Twitter, LinkedIn, YouTube and maybe even a few other social networks to provide an example of a Social Media Command Center and how this could be a reality within your particular organization.  As I saw this incredible activity of feeds, tweets, #hashtags, likes, posts and other real-time social interaction – this is where it really struck me about Governance (or lack thereof in this scenario).  It was Wild!

These are the types of things I was thinking to myself, not from a technology perspective itself, but rather ‘are these people considering the following types of items’ before going buck-wild to immediately implement this type of Command Center within their own organizations:

  • People:
    • Since these are mostly real-time conversations and, naturally, the business wants to represent themselves professionally, what type of special training will be required for this new type of social media command center operator?
  • Policy:
    • As we all know, social networks are filled with people that sometimes spew nasty, disgusting or plain hateful messages because they think they are completely anonymous to the world.  In these cases what is the organizations policy about any responses, deletion of messages or any other action?
  • Process:
    • With this gluttony of electronic information overload from such a wide ranging variety of sources, in different formats and with such a diverse contextually meaning, what is the process to accurately analyze the data?  After all, I would imagine that video-’gamers’ are quite active on these types of social networks and “rad”, “bad” or “bitchin’” don’t quite translate into the true meaning if you just consider the official dictionary definition of a word or phrase.

In summary, in our zeal to innovate and offer powerful, useful, as well as, truly remarkable technology, which is going to revolutionize the way we do business, we should not be in such a rush to not consider and overlook an organizations preparedness from a governance standpoint.  Great technology is not always good enough.  If your organization decides to not consider well-thought out governance plans then the “Governance Gone!  Wild!” bus may be paying you a visit sooner than expected!

 

GRC from Microsoft

grc framework

Governance, Risk and Compliance (Microsoft)

GRC (Governance, Risk and Compliance) is one of those topics where you are continually learning, and then re-learning (or tuning) your processes whether it’s people, procedure or technology.

The above graphic is courtesy of Microsoft and provides a high-level overview on some of the issues to consider for GRC.  Here is a link to the full article:  http://technet.microsoft.com/en-us/library/cc531020.aspx

GRCIsAFad.com is born

Welcome to GRCIsAFad.com.  GRC is an acronym for Governance, Risk and Compliance.  GRC is not one product, nor one service.  Rather it’s a collection of industry best-practices, technologies and real-world experiences that help organizations effectively establish Governance, control Risk and remain Compliant.

No two organizations are exactly alike so there is no one right answer that fits-all.  There are many interesting applications for GRC so we hope you will enjoy our website and participate in the conversation!

  • Get notified from GRCIsAFad!

    Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1 other subscriber

  • Popular Tags

  • Recent Posts

  • Categories