DorobekInsider: DOD’s developing Web 2.0 policy — and collaborating around security

Monday - 9/14/2009, 8:44am EDT

Too often, enterprise 2.0 and security seem to be in conflict.

The Defense Department is on the front lines of this debate. DOD is now fleshing out its policy that could be released publicly later this year.

Much of this started when it was reported that the Marine Corps banned Web 2.0 applications. (As NextGov’s Bob Brewin notes, the Marine Corps didn’t bad Web 2.0. They just banned it on the Marine Corps networks. Hear Brewin talk about it here.) Some might argue that it is an issue of symantics — if you ban these applications from your network and computers, doesn’t it become a difference without a difference.

That being said, the Marine Corps stories spurred the Pentagon to look at the formulation of a DOD-wide policy. And the Pentagon has been collecting ideas and opinions online at web20guidanceforum.dodlive.mil. On Federal News Radio 1500 AM’s Daily Debrief, we spoke to Jack Holt, DoD’s senior strategist for emerging media. Hear that conversation here. (Read Holt’s intro to the Web 2.0 Guidance Forum — and the comments — here.)

There have been a few Web 2.0 policies out there. The Navy was the first… and GSA issued one earlier this year… And we told you about the British government’s Web 2.0 policy earlierwe even got to talk to them about it — but the DOD policy could be the significant moment for the evolution of enterprise 2.0.

Unfortunately, there are a few factions that have evolved — the big ones are the Web 2.0 camp, of course… the other being the security camp, who argue that these tools just aren’t safe.

It seems enormously important that these factions talk to each other — in fact, why not use these tools to collaborate to find a solution. Both sides have very important issues, but there isn’t nearly enough respect for the opinions of the two sides.

* Web 2.0 — These tools tend to get discounted — they are unfairly called “social” networking. Harvard Business School Prof. Andrew McAfee, author of the upcoming book Enterprise 2.0, notes that he specifically doesn’t call it social networking because that discounts the use of these tools. In the end, enterprise 2.0 is about collaboration and information sharing — and that has been an issue confronting the government… in fact, confronting all organizations… for years. Enterprise 2.0 tools are built on the concept that all of us are smarter then each of us individually. And you can just read the 9/11 Commission’s final — in the end, we had the information around 9/11. We just couldn’t connect the dots. These tools could help us deal with that. We’re just in the early stages of that, but… there seems to be so much potential here.

* Security — The fact is we have to figure out how to do all of this securely. Government agencies — particularly DOD — have information that can’t be ‘out there.’ But there are also issues about some of these applications themselves — and, unfortunately, some of these companies seem to scoff at their responsibility for securing their applications. If this can’t be done securely, it won’t work. The questions is — what is the security framework?

One of the big issues is we don’t have to secure everything. Linton Wells II and Mark Drapeau recently wrote a paper for the National Defense University looking at national security and social software. One of their assessments was we have to determine what actually needs to be secure — and what doesn’t. I’m hoping that some of those issues will be addressed in the Obama administration’s transparency and openness initiative.

But the Defense Department deserves a lot of credit for trying to bring the Web 2.0 and the security people together. It seems to me there are real opportunities here — for both Web 2.0 and security.