WorkBook: Getting Facebook Ready for Work

by Andrew McAfee on December 19, 2007

I’ve written a few times here about Facebook —  how it’s a potentially powerful tool for maintaining and supporting a network of weak ties, how it fits in with other E2.0 tools, and how at least one company is now using Facebook as its Intranet. Several commenters reacted to this final post with security concerns. Bill Benac’s critique was perhaps the most forceful:

"There’s a major security issue with using a public site such as Facebook as a company intranet in that most if its traffic (though not login) is trasmitted in cleartext over HTTP. It’s relatively easy to snoop that data. Companies usually require secure VPN for remote access to the intranet so this problem is avoided…

Facebook is not a viable solution for mainline companies. Let them retool their offering for the corporation if that’s what people are interested in (e.g. give companies their own url such as https://myco.facebook.com, let the corporate administrator manage who can log in, let the corporate admin manage who they can be friends with, what applications they can add, what types of information can get into their news feed, offer a SecureID feature, etc.). Until then, serious companies should stay away."

I’ve heard similar reactions from many line and IT executives when discussing social networking software (SNS) and the strength of weak ties. They realize the potential of SNS, they know that many people in their companies use and love Facebook, and they sense that they’d fall short if they tried to build their own social networking tool from scratch, but they can’t see a way to make the Internet’s current SNS OK for the enterprise. The risks identified by Benac are just too high.

When Facebook opened up its platform and data to outside developers early this year, I predicted that applications built specifically for enterprise would soon arrive. Yesterday, Worklight‘s David Lavenda stopped by my office to show me one (I have no financial interest of any kind in Worklight, and have had no commercial dealings with the company). 

Worklight sells a server + software combination that sits behind the firewall, takes data from all manner of legacy enterprise applications (ERP, CRM, HR, etc.), and serves that data out "Web 2.0-style" to those who are authorized to see it (according to the company’s existing policies). Web 2.0-style here means via RSS, Ajax, widgets, mashups, IM, etc.  And now Facebook.

In a quick demo, Lavenda opened up his standard public Facebook profile, then launched WorkBook (Worklight’s offering) just like he’d launch any other Facebook application. After he logged in, a separate section opened up within the profile. This section was devoted to the user’s employer —  let’s call it Lavendaco. Inside this section were a number of standard Facebook features —  friends, groups, Q&A, profiles, etc. — presented using the standard Facebook UI. But the data populating each of these were specific to Lavendaco, came from the Worklight server installed at Lavendaco, were encrypted as they travelled across the Internet, and did not pass through Facebook servers. A short description and screenshot of WorkBook in action are here.

I haven’t experimented with WorkBook myself and I haven’t talked yet with any of its corporate customers, so I can’t personally vouch for its features or robustness. But if it works as advertised it seems like a very smart approach to corporate SNS. I particularly like the approach of not reinventing the wheel by trying to build a tool that’s "just as good as Facebook." Instead, WorkBook is Facebook. It lets people continue to use this incredibly popular technology and leverages the investments Facebook has made in delivering a compelling interface and user experience. Lavenda said that Worklight considers Facebook just another "Web 2.0" style delivery vehicle for enterprise data. If OpenSocial or another SNS becomes popular in the future, Worklight will build tools for that platform as well. 

I asked Lavenda how Worklight got its initial set of customers for WorkBook, and he replied that the impetus typically came straight from the top. He said that the CEOs of these companies were well aware that Facebook networks and groups existed for their company, and wanted to take advantage of them rather than attempt to squelch them. 

This corresponds well with what I’ve observed. The line executives I’ve talked with have been eager to harness the power of social networks and technologies that let knowledge workers maintain and exploit weak ties. To date they’ve felt that security concerns prevent them from doing so, but this situation may be changing rapidly thanks to advances like WorkBook. 

Leave a comment and tell us what you think. If WorkBook works as advertised, does it allay your security concerns related to enterprise SNS?

  • http://www.sliker.com Tom Sliker

    The risk of losing sensitive data is great, and I personally think it will be a long time before these types of applications gain traction with mid-sized or larger businesses. If we had our way, we would keep all sensitive information inside the firewall.

    I know that in this day and age, this is becoming less and less practical, but the challenge for companies like WorkLight is to convince conservative managers and IT professionals that it is safe. Not 99% safe but 100% safe. As safe as it is on my hard drives in my basement behind my firewall. For some businesses, that’s going to take a while.

  • http://www.capgemini.com/ctoblog Peter Evans-Greenwood

    Worklight looks interesting, and definitely something that I’d love to trial. Leveraging external social/portal solutions to run the company intranet has a number of potential benefits. However, I’m not sure that this solves the security problem well enough for the majority of organizations.

    Protecting the delivery channel might protect your data in transit, but sometimes traffic analysis can provide equally valuable insights. While I can’t see your customer list in transit, I can probably deduce most of it from the social network around your employees, and employees of clients that I do know of. Or I might find key insights (target market, partners etc) into the launch of your next product as I can see what your product management team are doing. If I also scan Amazon (what are they reading and/or buying?) and del.icio.us (what web sites are they finding/sharing?) then it becomes easier. Fold in Beacon and the problems moves up to a whole new level. Upgrading the VPN isn’t going to help.

    If email was like writing your message on a 8×3 card and pinning it to a message board, then using Facebook as a business platform is like setting up your desks on a busy street corner. Most of these social solutions leak an amazing amount of information on what your doing day to day: where you are, who your talking to, who you’ve met recently, what topics you are interested etc. If you have a family, work for a competitor in sales (but we used to work together), and you are visiting Bentonville when it’s not school holidays, then I might be interested. Forcing your employees to use Facebook from behind the fire wall (over the VPN) might keep your corporate data secure, but it still leaves you wide open. And it’s not hard to imagine a vendor stepping in with a BI solution designed to grok competitive intelligence from the public Web 2.0 services.

    That said, I find it easy to imagine solutions like Worklight going main stream. The boundaryless business environment that many organizations find themselves is providing the need for the vendors to fill. The current solution will work for some companies, and given a market the vendors will sort out the bugs over time until solutions like Worklight become part of the standard business infrastructure.

  • http://www.learningapi.com/blog Larry Bouthillier

    I think it’s important to recognize that there’s a little smoke-and-mirrors going on here. Facebook integration like this is less scary than it may look at first glance. At the risk of getting a little too geeky ;-) , let me explain.

    Facebook allows application developers to create their own apps that live inside an “iframe” within the Facebook site. Whatever a company does within that iframed space is entirely their own secure environment, and can even have its own intranet login process just like the company portal.

    For example, in the application my team built for Harvard students to see and interact with their course schedules and classmates in Facebook, that application uses the standard Harvard intranet login process, runs on a secure (SSL/https) connection, interacts securely with the Harvard directory services (LDAP) and email services, and Facebook never sees any Harvard-specific data about the users whatsoever.

    So, our app looks like Facebook’s screens — same styles, same way to display lists of people, same Facebook photos of users. But it’s all generated by us to look that way.

    I suspect that Workbook does something similar. The application does not live *inside* Facebook, it just appears that way. It just happens to sit inside a Facebook iframe, and uses a few handy conveniences Facebook makes available (such as access to Facebook photos, friend lists, and messaging).

    Ultimately, it can be as secure (or insecure) as any other intranet application.

    A more important issue, I think, is the ever-changing Facebook environment. As it evolves quickly, the development APIs and features are coming and going quickly. Companies that invest in integrating with Facebook need to be careful about playing an endless game of catch-up. The more of Facebook’s features you make use of in your own app, the more vulnerable you are to having to do emergency re-engineering when Facebook changes something.

    I actually had to re-engineer some features several times before our application even launched due to API changes, and eventually removed some features altogether since I could not count on them to work reliably.

  • http://www.scdmarketing.co.uk Scott

    It would allay some concerns of basic value but I think in this situation – along with many situations across the Internet – truly sensitive information should be confided to secured systems with encryption or systems with security of ‘blanket vulnerability’; this is basically the concept of having sensitive information in such a large database of data that it would be extremely difficult to find. Messages on Myspace are an example of this.

    Even then however, careful communication of sensitive information should be acted out at all times.

  • Joe Schueller

    I think it creates a lot of unnecessary confusion and also sells you way to in with Facebook.

    The confusion is for the casual user who won’t be sure what’s in which system and why the search bar in FB doesn’t act the way anyone would expect. The other big issue is that “applications” in this interface are restricted to the paltry real estate FB elects to give them.

    The selling in is that you’re now dependent on FB as infrastructure. Truthfully, they have more incentive to be up than you do, but you are now living with their change management.

    The worst thing for me is the ad serving. No, I’m not a privacy nut, but what about when my work account gets banner ads about the Victoria’s Secret show during a demo presentation, am I now creating an environment of harassment? Is my company now endorsing what I see here? FB is an ad serving platform and very little else.

    Personally, I’m betting on an Open Social solution that let’s companies selectively share profile and social graph information as needed and providers like Zoho and SalesForce.com to allow me to tap in to that at a content-application level.

    This is a GREAT idea that has a lot of BIG flaws. They’re showing us the way, they just have the wrong vehicle to get there.

  • http://gerald-mann.com Gerald Mann

    If WorkBook works as advertised?
    YES

    Does it allay your security concerns related to enterprise SNS?
    NO

  • http://geld-lenen.welij.nl geld lenen

    About workbook, will it be also in Dutch like facebook? And the API’s is still a problem for me…

    Well I also see more an iFrame, could be wrong?

    Many thanks,

    GL
    The Netherlands

    http://geld-lenen.welij.nl

  • http://www.internet-adsl.nl/adsl-vergelijken/adsl-vergelijken ADSL vergelijken

    Hi Geld Lenen,

    I just send you a message :) there are some similar Dutch examples. Please check your e-mail, feel free to add me on Facebook as well.

    Regards,

    Vergelijken

  • Joe Murray

    Creating communities for enterprise is near and dear to my heart these days. I look at it from the software providers point of view. There seems to be a clear trend forcing software companies to truly deliver thought leadership beyond best practices “built in” to the software. More new software companies are evolving from Software as a Service to what I call “Solution as a Service”. Customers require not only on demand functionality but also on demand subject matter expertise, process outsourcing and community leadership. One tool provider I’ve discovered, but cannot truly vouch for yet, is Jive Software out of Portland, OR. Check them out and let me know what yo think. Also, please let me know what you think about my perceptions on how enterprise software providers are being forced to evolve.

  • http://www.mestoiger.com igre

    Facebooks is only cashmaking machine, nothing good is really inthere except little “free” ads. Thats why i don’t event want to enter this kind of world. Cheers

  • http://www.rpggames4free.com Rpg games

    I think that once social networks manage to prove mid and large-size companies that they are 100% safe, they will really become popular. The problem right now is that the IT personnel don’t mind spending a bit more money as long as they are backed up. Why would they go see the direction and tell them they can save a few buck when they might end up in trouble after important information is leaked. It’s part of the game and i think we’ll see some time pass before social network can be use as an intranet environment.

  • pixbook

    Ways to make money

    to me facebook is the worst social networking tools. That is used as a money making tools.

  • http://viettelonline.com ADSL Viettel

    Thanks man, just what I was looking for. Worked like a charm Thanks so much…

  • Guest

    Thanks man, just what I was looking for. Worked like a charm Thanks so much…

  • http://georgezapo.com George Zapo

    Dr. McAfee,

    Your absolutely correct concerning security issues with Facebook. I’m presently not aware if WorkBook is presently being used by Facebook or if any other security measures are in place. I plan to do some additional research to verify Facebook’s security. Thank you for informing us of the potential dangers.

    Sincerely,

    George Zapo
    http://georgezapo.com

Previous post:

Next post: