Replacing Email: Risky Business?

Phil Mennie
Phil Mennie Social Media Risk & Governance Leader, PwC

Posted on January 14th 2014

Replacing Email: Risky Business?

Email needs to be replaced.  Whether you agree or disagree, you'll probably agree that the rise in social media is changing the way that we communicate.  Perhaps email is not going to die altogether, but become more archaic like snail mail today.  I was initially a little sceptical when I started exploring what may happen to email in the next five years until I mentioned it to my wife - she told me how just the other week she had asked her teenage niece to email her something, to which the response was "email!?  That's so yesterday.  I'll Facebook it to you!".

Now, the purpose of this article is not to get into a long debate about whether email is Social Media Governancegoing to die in the next three, five or 10 years and what will replace it.  What I want to address here is the perception, held by many, that using an Enterprise Social Platform to communicate within an organisation is risky.  Let's face it, if we tried to launch email in this day and age it would never get approved by risk and compliance.  Why?  When we send an email, regardless of whether it is encrypted / protected or not, how many copies are created?  There would be the copy on your local machine, the mail server, mail server replicas, probably on some Disaster Recovery system, and then there's the mobile devices which download them and store them.  The number of copies will also multiply by the number of recipients and the infrastructure and policies at the recipients’ company may differ to the sender's.  Perhaps they have multiple server replicas and maybe the email would get downloaded to both a smartphone as well as a tablet.  To throw another risk into the bag, how long are these emails going to be saved for?  What are the data archiving policies at the sender and at the recipient?

Hopefully you can see that as we delve deeper and deeper into an analysis of email the number of risk considerations increase rapidly.  Realistically, we are now comfortable with email and there are a number of good safeguards in place to secure confidentiality.

So how would this scenario look if we used an enterprise social platform to communicate?  Since it's (often) hosted on a server in the cloud (save discussions around which flavour of cloud-based hosting you prefer), the system is accessible through a user's browser.  Granted, this poses risks of its own.  But now the message is stored on one server which is accessed via a virtual private network.  There aren't multiple copies floating around on infrastructure own by multiple organisations.  From a control perspective, so long as the server is managed correctly, is secure and an appropriate resilience and business continuity plan is in place I would argue that this is less risky than email.

Phil Mennie

Phil Mennie

Social Media Risk & Governance Leader, PwC

Phil leads PwC's Social Media Governance service, responsible for the review and implementation of effective Governance frameworks to support Enterprise Social Platforms and External Social Media. Social Media offers a wide range of benefits and those companies which effectively harness it grow rapidly, increase market share and drive innovation. However, appropriate Risk Management and Governance must sit at the heart of the Social Strategy if it is to be a success in the long term.

Phil's expertise in Social Media stems from his experience using Web Technology to better manage financial and operational data. He has lead engagements across a broad range of industries, including in Banking and Finance where he lead the development of a secure web-based payment system and a large-scale customer-facing web application to capture trade data.

See Full Profile >