Replacing Email: Risky Business?
Email needs to be replaced. Whether you agree or disagree, you'll probably agree that the rise in social media is changing the way that we communicate. Perhaps email is not going to die altogether, but become more archaic like snail mail today. I was initially a little sceptical when I started exploring what may happen to email in the next five years until I mentioned it to my wife - she told me how just the other week she had asked her teenage niece to email her something, to which the response was "email!? That's so yesterday. I'll Facebook it to you!".
Now, the purpose of this article is not to get into a long debate about whether email is going to die in the next three, five or 10 years and what will replace it. What I want to address here is the perception, held by many, that using an Enterprise Social Platform to communicate within an organisation is risky. Let's face it, if we tried to launch email in this day and age it would never get approved by risk and compliance. Why? When we send an email, regardless of whether it is encrypted / protected or not, how many copies are created? There would be the copy on your local machine, the mail server, mail server replicas, probably on some Disaster Recovery system, and then there's the mobile devices which download them and store them. The number of copies will also multiply by the number of recipients and the infrastructure and policies at the recipients' company may differ to the sender's. Perhaps they have multiple server replicas and maybe the email would get downloaded to both a smartphone as well as a tablet. To throw another risk into the bag, how long are these emails going to be saved for? What are the data archiving policies at the sender and at the recipient?
Hopefully you can see that as we delve deeper and deeper into an analysis of email the number of risk considerations increase rapidly. Realistically, we are now comfortable with email and there are a number of good safeguards in place to secure confidentiality.
So how would this scenario look if we used an enterprise social platform to communicate? Since it's (often) hosted on a server in the cloud (save discussions around which flavour of cloud-based hosting you prefer), the system is accessible through a user's browser. Granted, this poses risks of its own. But now the message is stored on one server which is accessed via a virtual private network. There aren't multiple copies floating around on infrastructure own by multiple organisations. From a control perspective, so long as the server is managed correctly, is secure and an appropriate resilience and business continuity plan is in place I would argue that this is less risky than email.
Follow Phil Mennie on Twitter