After the ubiquitous employee complaint about not being able to find anything on the corporate intranet, one of the next most common complaints is about passwords. “There’s too many passwords to remember!”

Of course, more important to satisfying the lazy memories of employees, is your organization’s security – particularly the authentication of any user’s identity. The organization must ensure that bad guys are not impersonating employees.  

The promise of Single Sign-On (SSO) for all an organization’s applications – one login, one password – is something that makes logistical and economic sense. Federated identity extends SSO one step further by integrating passwords across enterprises to include, for example, access to partner or vendor sites (for example, an external vendor site where you order office supplies online).

Of course, as Patrick Thibodeau writes in Hidden challenges of federated identity, the biggest challenge for Federated identify is one of politics and governance.

“For example, federating systems for employee portals raises questions about who owns the data associated with various identities and who has the final say when the data doesn't agree. Ownership issues aren't limited to external partners; federations between the HR and finance divisions of a single company can sometimes be the most acrimonious.”

Organizational politics; perhaps the biggest drag on corporate productivity, and without question the number one corporate problem limiting the evolution and value of the corporate intranet.

To effectively establish governance to combat the political challenge, Thibodeau stresses the four main components to a proper governance model:

• business issues (who does what, who pays, revenue-sharing, etc.)
• liability (auditability and mitigating risk)
• privacy (use and controls for personal information)
• security

RELATED READING:

Federated Identity: Single Sign-On Among Enterprises

Assessing your security risk

Best practices: securing your intranet

Securing your intranet from the inside

© 2006 Toby Ward - Prescient Digital Media

Troubled intranets often share many of the same characteristic problems:

• No defined ownership
• No content standards and policies
• Site proliferation and ‘sprawl’
• Poor usability and navigability (“I can’t find anything!”)
• Low use and employee up-take

This was the case with Atomic Energy of Canada Ltd. (AECL, makers of CANDU nuclear reactors) when I started to work with them two years ago. This case study was presented to today to the 2006 Information Highways conference in Toronto. Turning the dream into reality: Harnessing people power to create a high productivity intranet was a joint presentation with my colleague and client Andre Robillard, CIO for Atomic Energy of Canada Ltd.

A little more than two years ago when AECL started down the road to implementing a new intranet portal, the Canadian crown corporation was saddled with a number of challenges:

• Ongoing news and information not communicated in a timely and consistent fashion
• Business objectives and priorities not clearly communicated
• Absence of a Communication plan
• Too much reliance on email bulletins for communications
• Senior management not taking responsibility for communication
• Employee Intranet not effective:
• No governance or control
• No consistent look and feel
• Information not current or useful
• Publishing requires technical skills
• Difficult to find information

The old AECL intranet:

To address these challenges AECL hired Prescient Digital Media to develop an integrated communications strategy that addressed email communications, people and manager communications, and the intranet. Specifically, the process included the creation of a new intranet plan with a number of key priorities:

• Develop and formalize a governance model
• Develop an  intranet editorial policy
• Hire an Editor-In-Chief
• Develop Standardization policy that enforces intranet standards and limits individual intranet development
• Develop an email “Acceptable Use” policy
• Eliminate all stand-alone sites by consolidating them under a single intranet portal with a single navigation schema.
• Design a new “look & feel” that supports the AECL brand and communication needs.
• Deploy a full database content management platform and full employee self-service and online form submission

The process moved from planning to the technology selection (driven by an aggressive RFP that had a number of vendors work for the business) and an implementation of about 2.5 months of a new content management system/portal product (IronPoint).

New intranet portal: myAECL

Though launching a new intranet portal is all well and dandy, the work does not stop there. AECL still had a number of key issues to address in the months following the launch:

• Hiring and orienting a new Editor-in-Chief
• Developing daily news articles
• Setting up efficient content processes
• Migrating old environment to new
• Changing Behaviors
• Training content providers to use new tool
• Evolving Formatting standards and guidelines

Andre Robillard shared some of the key lessons learned in redesigning an intranet and implementing a new portal with new processes and standards. He has a number of recommendations for any organization attempting the same:

• Clearly define the communication problems in your organization
• Assess where you are today by polling staff
• Create a new communication plan based on best practices, employee feedback, and company needs
• Get executive approval of new internal communication plan
• Create a new Intranet design that provides staff with any easy to use tool, plus satisfies the communication plan
• Issue an RFP
• Implement using the 80/20 rule
• Use a vendor that does this for a living

By the way, have you noticed that the CIO keeps focusing on and talking about “communications” and not the technology?

CIO Robillard understands the driver is communications and customer service, and that the intranet portal is more than just a technology solution; it’s a business system to support the business. As CIO he’s just one of several owners on a governance council that also includes representatives from Communications, HR and Customer Service. I’d like to see more IT organizations like Robillard’s that are less concerned with ownership and more concerned with business results.

If you have a question about this case study – whether its related to process, content, technology, people, planning, etc. – feel free to post your question or comment below and I’ll get back to you shortly thereafter.

© 2006 Toby Ward - Prescient Digital Media

It’s been a hectic past couple of weeks juggling travel, clients, baby, blogging, etc. – with the latter suffering the most.

I had an interesting dinner with James Robertson of Step Two who was in Vancouver for the IA Summit. Over sushi and other nibbles at the Blue Water Café we discussed and debated the process for determining client organizational requirements for content management, and specifically workflow.

James isn’t a fan of surveys or focus groups. So, we agreed to disagree. But James has developed a very interesting process for working with a client to document and  prioritize an organization’s requirements for implementing a content management system. You’ll have to hire him to learn the full details but it involves locking the organization in a room for a full day or two and using cards (representing each functional requirement for a CMS, for example, workflow) and using glass beads to mark or ‘weight’ each of the top requirements (a few dozen in all).

The spicy tuna roll was most agreeable and so too was our joint conclusion of CMS workflow: everyone wants workflow, but almost no one uses it. With rare exception, most content is controlled by very few who use offline systems such as email to solicit and garner content approvals and edits – rendering built-in CMS workflow as redundant and often unnecessary.

“Somehow we need to spread the word that the "accepted wisdom" around workflow is wrong, and that new approaches must be innovated” says Robertson (see Workflow: we have a problem). “Workflow does, of course, work in certain circumstances. Where there is a well-defined, consistent and repeatable business processes, workflow rules can be used to automate them. This is the exception, however, with few (if any) editorial processes working this way for general web content.”

In my personal experience, the top priority of most CMS publishers is a true WSIWYG editor. Everyone promises and advertises a simple, user-friendly editor, but very, very few actually deliver. Of particular priority is a very simple if not automatic feature that strips out all MS-Word code (or cleans tags) and a simple to use syndication manager that allows the content manager to publish one piece of content in multiple places.

If you’re tighter on money than time, Step Two has a handy do-it-yourself Content Management Requirements Toolkit for aiding in the selection and implementation of a CMS.

--

I'm presently back in Toronto speaking this morning at the 2006 Information Highways conference. I'm co-presenting a client intranet case study Turning the dream into reality: Harnessing people power to create a high productivity intranetwith Andre Robillard, CIO for Atomic Energy of Canada Ltd. (makers of CANDU nuclear reactors). Their intranet has come a long way since I first started working with them two years ago... tomorrow I'll provide the detailed highlights of a troubled intranet turned high-powered employee portal. 

Did you know there is software that you can download for free that can crack password protected network in less than 5 seconds? Or that your website can be copied and replicated with a simple click of a mouse? What has your organization done to secure the intranet and the network?

Security – it’s perhaps the top issue on the minds of network administrators. It rarely though is on the minds of those managing the content in communications, marketing and human resources – but it should be.

Of the 556 executive interviewed in a recent Fusepoint/Sun Microsystems/Leger Marketing survey, 55% say that their confidential and private data is at risk of an attack. For good reason: your intranet is open to attack and requires security measures. Attacks happen every day.

GeoTrust’s Best Practices For Securing Your Enterprise prioritizes their “Top 10” recommended security practices for “building online trust both inside and outside your enterprise.” They admit that these are not comprehensive guidelines, but focused on most critical areas you need to adopt at your organization including:

• running SSL on servers
• supplying client side SSL certificates to employees
• establishing solid policies and procedures for security
• embracing paperless transactions
• physical network security including firewalls
• building a secure PKI system
• creating a testing environment

What’s the most important thing?

“The simplest but most powerful thing of all – ensure every security patch for all operating systems and applications is applied on all systems as soon as they come out. Hackers know well the vulnerabilities of Microsoft’s Internet Information System Web Servers and seek sites running them as easy targets. Patches that make IIS not vulnerable have been freely available for years and yet over 30 percent of IIS systems on the public web are not up to date. This one is worth repeating: apply all security patches immediately.”

RELATED READING:

© 2006 Toby Ward - Prescient Digital Media

Why would I, as an intranet consultant and the owner of a firm specializing in intranet consulting, try and dissuade you of hiring said consultant? Well, it’s still ski season here in Vancouver and there’s epic ‘pow’ at Whistler this year… combined with an intense sleep deficit wrought by a newborn baby at home (who likes to eat A LOT past midnight)!

No, in reality, I want to spend more time studying all of the subtle nuances and politics in this particular Survivor series… No seriously, there are two good reasons (and a whack of lesser reasons) why you would not hire a consultant:

1-     Limited budget

2-     “Knowledge is power”

Knowing what makes a powerful intranet and putting that knowledge to practice should be a requisite of any intranet or portal manager.

Australia-based Step Two Designs has released version 1.1 of The Intranet Review Toolkit. The toolkit is free and it’s designed to empower intranet managers with a comprehensive set of heuristics (guidelines) for evaluating an intranet.

Coinciding with this release, a new home for the Intranet Review Toolkit – released under a Creative Commons license – has been established at:

www.IntranetReviewToolkit.org

This site provides a central clearinghouse for resources related to intranets, including:

• The latest version of the Intranet Review Toolkit
• A commentary on the heuristics in the Toolkit, along with links to supporting resources, reports and books
• A simple mechanism for providing feedback or suggestions

 Step Two Designs, one of the lead authors of the Review Toolkit, has high hopes for the toolkit. “This will hopefully grow into a definitive resource for intranet teams, going beyond just explaining and supporting the Toolkit,” says James Robertson, one of the lead authors and Managing Director of Step Two.

This is a resource that every intranet team should download, to get a "health check" for their intranet. Comments and suggestions should then be posted on the site, to help the team at Step Two further grow the resource.

© 2006 Toby Ward - Prescient Digital Media

Knowledge management is a funny subject – it’s such a hot buzz word and yet its rare to read anything meaningful on the subject. In fact, most managers and executives are under the illusion that KM is something that can be purchased from a vendor.

I’ve not done a study on this but I’ll wager $1000 that if you were to ask 10 executives to define KM, 9 of 10 would make some reference to a plug-and-play solution.

I know this is old hat for some of you, but let’s redefine KM. Of course, depending on the vendor, there are also varying definitions, but I define KM as KM is how corporate knowledge – both tacit and explicit – is stored, retrieved and reused for achieving corporate objectives. Notice there is no direct reference to technology.

Effective knowledge management requires three key components:

·         Participatory individuals – employees who are willing, able and active sharers of tacit knowledge.

·         Process and rules – defined rules and standards (e.g. corporate taxonomy) for categorizing and storing information and knowledge.

·         Technology – physical infrastructure including software that enables the above and allows for effective knowledge retrieval.

A recent article It's what you know and how you use it in the Sydney Morning Herald takes a look at KM placing an importance on business and process…

And while technology plays a supporting rather than lead role in knowledge management, it is also providing ASIC with a method of measuring the effect of its knowledge management initiatives. Ms Sbarcea has implemented an open source social network analysis system which "visualises in a map the connections and pathways between people".

There are many, many tools and systems that fall under the KM umbrella – from search to social media such as blogs and wikis to content and document management. The future of KM may in fact be glimpsed by looking at Google.  In a recent ZDnet article Google dodges knowledge management question, Andrew Donoghue writes that Google is extremely well positioned to be a major player in the KM space, but as is typically Google, is sufficiently vague about its plans.

Google has hinted that it could create an extremely powerful corporate knowledge management or information management platform by integrating products such as its search appliances with its other search and communications applications.

Speaking at the launch of Google’s latest Mini search appliance on Thursday, product marketing manager Arvind Desikan admitted that integrating different Google enterprise-class search technologies together, such as the Enterprise Desktop Search and Google Enterprise Toolbar, would benefit business customers. "The more things we have integrated, the more useful it will be," he said.

Personally, I think KM is still in its infancy. So don’t despair if you find the subject matter confusing and daunting. It is confusing – and daunting. I’d watch Google closely as I also would watch Autonomy and Microsoft. In the meantime, focus on people and process. Build a strong, central intranet portal with an intuitive information architecture and a powerful search engine supported by well-defined and rigorous rules and policies including a corporate taxonomy.

RELATED ITEMS:

No silver bullet for Knowledge Management

© 2006 Toby Ward - Prescient Digital Media