Something's missing from our discussions about social media and Web 2.0 more generally. (And indeed, cloud computing even more generally.)

We often discuss the benefits of user-managed technologies (is that a useful phrase?) and despair of "The answer's no. Now what's the question?" from corporate rottweilers. Thought leaders like Euan Semple provide clear case studies and benefit realisation.

That stereotypical response -- and admittedly no, it's not always like that in practice -- is driven perhaps by two things. A perception that central is better and that the need for control is absolute. And, more in line with the business, a strongly developed sense of risk both to the corporate infrastructure and its data stores, and to potential leakage of intellectual property.

As I've commented elsewhere, these reactions are not new. They characterised many companies when email and the Web began to replace newsgroups and FTP networks. But let's look at more positive scenarios.

Suppose you're a member of an enterprise research team; you use many external sources of information. Should you create a Googlemail account for these, separate from more specifically workplace-oriented email? What's the case for? and against?

Suppose you're a senior international manager, with direct reports in several countries and your own boss in yet another. You have a range of industrial strength collaborative tools at your disposal, but simple desktop videoconferencing isn't one of them. Some conversations benefit substantially from face to face contact, and your travel budget has been cut. So should you buy a cheap webcam and use Skype on your company computer? Or on your mobile phone? Or from your home computer if Skype is blocked at the firewall? What's the case for any of these options? Or against all of them?

You're a marketer. You want to experiment with virtual presence but SecondLife isn't accessible through the company network. Do you just go and do it from your home computer?

These choices can be made without involving the corporate IT department. Or even in order to circumvent the restrictions of the corporate environment, which might be as simple as lack of bandwidth, as complex as incompatibility with a core company application, or as explicit as the threat of disciplinary action.

User Guided Assessment

But so far as I'm aware there's little help for responsible users trying to make decisions, or which supportive IT groups might deploy to guide them. Not "can this do the job?" but how to assess terms of use, risk to the organisation, standards, interoperability, unintended consequences ... We can ignore cost, I think; these services conform to Euan's rule that "No-one bothers about ROI if the I is small".

But take the SecondLife (2L) example and suppose that our user is a genuinely responsible corporate citizen. How far is it reasonable to go?

In her own time at home she creates a private persona in 2L and experiments with what she can do there -- learns to walk, sit down, communicate, attend meetings, build property and so on. I don't think anyone at work would be concerned.

But she then begins to develop ideas for a marketing campaign and wants to keep the credit. She stays home for a couple of days, on her own initiative, and works intensively in 2L. Still on her home computer, and not involving the use of company information. No problem?

Later, her enhanced presence could identify her or the company to those with sufficient information to recognise the clues. The competition, most likely. She forgets to fence off her 2L area with "No entry" barriers. She then discovers that the 2L protocol isn't actually blocked at the company firewall, so she demonstrates her work to a couple of colleagues through the company network ...

Now re-cast the example, but with the latest, newest, unproven, "risky" cloud service in place of SecondLife (which, after all, is getting pretty respectable by now).

The point is this. Our employee is working for the best interests of the company, as she perceives them. But she's working in a vacuum. There's no set of guidelines she can consult. And I do mean guidelines, not rules. Not "SecondLife is forbidden", for example. There might need to be a few like that, but it's a losing battle of the boil-the-ocean variety.

Here are a quartet of ideas. I'd like to gather yours.

1. Always look at the terms and conditions when you sign up. Read them with the company's needs in mind. These are enforceable legal contracts.
2. Do you lose control over the content which you confide to this system? Look at Sharing your Content and Information, for example, on Facebook
3. How far does the provider claim the right to monitor your activities? Most systems at least prohibit explicit or inflammatory content)
4. Does the service claim access to your computer? You don't get a more respectable institution than the BBC; but the early versions of iPlayer operated peer to peer, so they used everybody's processor cycles and disk storage)

Please contribute, so we can build up a body of advice on this. I look forward to your ideas. And if anyone knows of a body of best practice like this that already exists, I shall be delighted to be corrected!

Past Articles by This Author:

• Four Strategies for User-Guided Enterprise Social Computing