Security, Part 1

(note that I'm not in an IT security group or anything, I just started thinking about this)

Several months ago when our group started looking at ning, I wrote up some general guidelines for using these Internet-based apps (vs. our intranet), just to have something.

Currently, after reading the policies & guidelines for our company's external blogs and wikis, I'm thinking that we've just flipped the model. We used to think we had to protect users from themselves, by giving them the safest default. Now that everyone wants to be connected via whatever device or appliance or location or situation they choose, we need to move our data onto the Internet. In addition, as we understand the value of open information (think Wikinomics), we (as a company) want to publish as much of our information, and thoughts, to as wide an audience as possible.

Anyway, I think the model is now something more like, "You, as an employee, have knowledge and ideas that may or may not be appropriate to share with the rest of the world, including our competitors. It is up to you to determine whether or not you should publish this information securely, or on the Internet. If you are unsure, contact blahblahblah for assistance."