Your Enterprise Has STSs. What Should You Do?




An HIV virus penetrating a healthy human immune cell

Nearly every large company is infected by STSs or what I call “Socially Transmitted Software.” I’m not talking about malignant agents like worms, Trojan horses or scumware. No, these STSs are the kind you read about in Mashable and RWW, those that get glowing praise from the technical chatterati. STSs are beloved by consumers seeking to use them at their office. But IT and internal security have a low regard for STSs. Such software is a serious threat in their view. Why does the enterprise fear STSs?

STSs are like STDs in many ways. STDs, Sexually Transmitted Diseases, used to be called social diseases not too long ago. Why ‘social?’ These diseases are passed from human to human via intimate sex, a special kind of social interaction based on mutual pleasure. But  how can software be a ‘disease?’ Isn’t ‘infection’ a bit over-the-top? Consider Wikipedia’s definition:

An infection is the colonization of a host organism by parasite species. Infecting parasites seek to use the host’s resources to reproduce, often resulting in disease.

STDs must have a host and willing partners. STDs are successful when they colonize, build up a sustainable internal population and then penetrate another host.

STSs infect the enterprise via willing and reckless employees. People install an STS at the request of a friend or family member. It may come from an app store or Web site. An STS may be mobile or browser-based. The experience is fun and effective. Naturally, when this person dons his employee badge, he will want to use the same software inside the company. Tasks are more enjoyable and productive that way.

Enterprises recoil at the idea of random software entering the corporate (from the Latin corpus, ‘body’) workplace. Such software is never vetted the old-fashioned way: no network analysis; no vendor background check; no license; no intellectual property protection; and so on. Substitute ‘risk’ for ‘disease’ and it is easy to see why antiseptic, obsessive-compulsive enterprises panic.

Companies’ immune systems are no longer adequate. The firewall isn’t the effective prophylactic it once was. Employees bring their own computers called ‘smartphones’ and network ‘wireless’ with them. Yes, STSs can be airborne, too.

Employees tether their devices to company computers. They will use cloud-based services to move corporate media back and forth. Blocking Facebook is no longer effective when the secretary can use her iPhone to check her news feed. And don’t think about blacklisting Youtube. You can’t; the marketing team has videos out there.

There are three STSs that really trouble companies: Yammer, Skype and file sharing services like Dropbox and Google. Yammer is a microblogging service whose preferred host is a business. Yammer is nicely made with features attuned to employee-to-employee sharing. Yammer appeals to the mobile employee with its ‘push’ notification to smartphones. The price is right: Yammer is ‘free’ with very limited terms of service. Employees really like this. Best of all, no need to get Big IT involved. Well, maybe later, when they get into trouble. Until they do, they just set up a Yammer account and invite their friends.

‘Free’ means ‘risk’ to the enterprise. It means no legal non-disclosure agreement. Yammer also permits non-sanctioned corporate impersonation. Anybody can add the corporate logo to a Yammer instance. Newly invited employees think the instance is corporate and safe, and they ‘yammer’ away. Meanwhile, the people guarding the corporate brand identity are dialing their lawyers.


‘EyE pEEp holE’ by eyemakeart


Everyone knows about Skype. It’s the Dick Tracy fantasy, delivered: talking heads on your device, any time. Inexpensive, too, and free (that word again) when used between computers. The interface is delightful. The most attractive feature for traveling employees? Skype works just about anywhere in the world. Perfect for the 8:00 pm phone conference with Japan.

What’s so scary about Skype? Um, there’s that risk thing again; company secrets fly across unsecured and unencrypted lines. And Skype is a bit creepy, too. If left on but not in use, it just does things. Skype wakes up and the hard disk light comes on. IT telecommunication teams suspect ‘theft of service’ issues with Skype. Is Skype using a corporate resource for non-company business?

Dropbox? What’s not to love about friendly little Dropbox? It’s so easy to use. The Dropbox cloud allows employees to telecommute or work on the go. Dropbox is the de facto file system for the mobile employee. Working on a sales forecast spreadsheet but it’s time to leave the office? Plop it into your Dropbox and you can finish it on your home computer after dinner. But how secure is the storage? Who is accountable if the spreadsheet is missing?

A progressive enterprise knows a good thing when it sees it. Employees are willing to work more — and more productively — when they can use their personal devices with the cloud. Companies are struggling to respond. Their old tools of policy and firewall are feeble against the STS. They hope their trusted IT partners  (IBM? Cisco? Microsoft?) will develop enterprise-safe inoculants for the STS. These vendors will catch up, eventually, but they are always cycles behind the consumer market. And just like human pathogens, the STSs will alter themselves to competitive-preventative pressure.

What to do? Personally, I have used all three of these tools and I love them. With the exception of Skype, they are free to me. As someone who evangelizes inside the company for social collaboration, I very much want to see the concepts of these tools to succeed.

The key may be found if we look again to biology. The solution may be adaptation, that ability of an organism to respond to a threat. The enterprise must become more tolerant, somehow, to mobile and external social software. The employee must adapt by assuming more forethought — and consequence. Instead of policies, companies should aggresively train employees. And yes, the enterprise should accept a little more risk.

And the STSs? They will adapt, too. STSs know the competition is coming. Look-alikes are easy to develop. Substitutes that play by corporate rules will get the phone call from the procurement department. Instead of blue Web pages with scant ‘About Our Company’ information, STSs will have actual phone numbers and names. Instead of encouraging software promiscuity, they’ll start calling the corporate C-suites. Instead of parasitism, they attain symbiosis.

The enterprise doesn’t trust STSs. To stay competitive and survive, the STS must be social with the enterprise, not just its employees. It’s all about trust.





Centralized, predictable, standardized and … vulnerable?


We like things predictable and uniform in business. We can manage things better that way. This assumes we have perfect knowledge of the future and can fend off the threats of competition, government regulation, and rogue events from technology. Yet bigger enterprises may tend towards a delusion: the assumption their formidable size and disciple around uniformity will protect them from risk.

But consider this: last month a single man from Nigeria boarded a plane with explosives hidden in his clothes. He managed to slip past TWO airport security checks. Were it not for his lack of preparedness and the heroic actions of the plane’s passengers, he might have killed hundreds of people. But he did cause disarray in the governments of many countries. And though travelers are not cowering, they are now inconvenienced by inane travel restrictions.


So, the bad guy won after all. And worse, the governments of the world did the same-old same-old: they reviewed their rules and decided to unify  and strengthen them.


This is not how Nature would respond to a threat. In his intriguing article, Nature’s Lessons For Adapting To The Terrorist Threat, Dr. Rafe Sagarin , a research scientist at the University of Arizona, tells us animals survive threats through decentralization. Octopuses’ skin cells change color to adapt to surroundings without a single command from the animals’ nervous system. He says “limited central control and lots of autonomy to individual parts that sense and respond to threats” help the animal quickly evade predators… and become a better predator.


Businesses face tradeoffs in an uncertain future. As the world’s economy improves, so do chances for corporate conquest. To seize them, should you find a new balance between centralization and autonomy? Predictability and risk? Standardization and creativity?