Security, compliance come before collaboration

Vanguard is trying to balance regulatory compliance needs with its adoption of Web 2.0 tools

Enterprise 2.0 strategies are becoming more popular among companies today, but there are serious logistical and legal challenges along with the expected benefits of using social collaboration tools.

This is especially true for companies like Vanguard, a mutual fund with roughly 12,500 employees and US$1.3 trillion in assets under management, said Abha Kumar, principal in the information technology division, during a presentation at the Enterprise 2.0 conference in Boston this week.

Due to the nature of its business, Vanguard must contend with a wide variety of regulatory guidelines and compliance matters, with scrutiny coming from government agencies such as the U.S. Securities & Exchange Commission, private auditing firms and foreign regulators, she said. "We can never, ever let our clients' data get outside our four walls."

Therefore, historically, Vanguard's IT department has behaved quite conservatively, she said. "We tend to lock it down first and then open it up as the need arises."

She offered one example: Until recently, GPS capabilities on corporate BlackBerries were disabled. That didn't change until an executive called and asked for GPS to be turned on, as he was lost in Ireland, she said.

But despite these constraints, Vanguard has begun adopting Web 2.0-style tools, through a three-tier strategy focused on mobility, collaboration and "enriching" communications. Employees have responded enthusiastically, said Andrew Lazzaro, a Vanguard IT manager who co-presented with Kumar. "They're dying for it."

Still, the pace of progress has been deliberate. Vanguard only recently gained instant-messaging capabilities, because just like e-mails, it had to first figure out a way to save each message in a non-rewriteable format. The same goes for content produced by the company's emerging set of wikis and blogs.

Vanguard remains extremely conservative with regard to non-corporate social applications. While company users can access Vanguard's own Facebook page, they can't post messages to it or access any other pages on the site.

But "only so much can be done on the IT side" to ensure social tools are used in a secure and compliant manner, Lazzaro said.

Businesses have to work on a sound governance strategy before turning on such systems, as without one, they risk having "a real mess on [their] hands," Lazzaro said.

For example, Vanguard has created an array of collaboration sites for teams around the company. A manager is assigned to each site and held responsible for monitoring the content constantly to ensure compliance, Kumar said.

Users from a wide variety of departments should be heavily involved in the planning and development of any new social system, as they can provide valuable insights into whether the project is meeting regulatory guidelines, Lazzaro said.

Meanwhile, IT staffs need to consider the operational impact certain Web 2.0 tools could have, he said. "From day one, you've got to start thinking. Videoconferencing? What's that going to do to my internal bandwidth? Is that going to start bringing down my business applications?"

Looking ahead, Vanguard is planning to expand its use of collaboration sites and pursue "device independence," he added. "These social tools ought to work no matter the device employees are using."

It also plans to work on better integrating its range of social software. "As an IT shop we've been throwing puzzle pieces out there all over the place," he said. "We've got to bring these all together so they don't feel like stand-alone tools."

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com

This story, "Security, compliance come before collaboration" was originally published by IDG News Service .

Join the discussion
Be the first to comment on this article. Our Commenting Policies