Open government strategies may want to consider security, governance...Sharepoint?


Back in December 2009, the White House challenged the federal government to be more transparent and better leverage social media by issuing an Open Government Directive. More than a year later, many agencies have published social media policies, actively use new media to disseminate information and err on the side of disclosure versus confidentiality.

But open government translates more easily at some agencies than others, and the initiative has made the job of privacy officers and records managers increasingly difficult.

"More and more and more, with the push toward transparency, privacy officers are pulling their hair out because they're being told that everything has to go online," says Dana Simberkoff, vice president of Public Sector for HiSoftware, a web content and compliance software company.

It's not just the documents labeled as "classified" or the personally identifiable information that create problems, either. For the Defense Department and intelligence agencies, operations security (OPSEC) necessitates the identification of more ambiguous risks.

"DoD has specific information assurance or security standards that address information that creates a security risk that is not necessarily classified information, but information that is related to operations or military movements," explains Simberkoff. That includes information about shipments of goods, details of major contracts or locations of military personnel and their family members.

This can create a content-management nightmare as information that is not overtly sensitive leaves through social media outlets, Freedom of Information Act (FOIA) desks and agency websites.

While agency managers may know what presents an OPSEC risk, or a regulatory compliance failure--think the Health Insurance Portability and Accountability Act (HIPAA) or the Federal Information Security Management Act (FISMA)--those managing internal and public-facing content may not.

"We typically see a big gap between the people that write the policies and the people that implement the solutions," said Simberkoff.

That's where automation can help, she explains. One offering from her company couples with Sharepoint 2010 to automatically distinguish what content should be blocked, quarantined or published with a notice for immediate review, as it's moving through the content management system.

Sharepoint has become a nearly ubiquitous tool across federal agencies. While many agencies interpret a Gov 2.0 strategy as one with a presence on platforms such as Twitter, Facebook or YouTube, Simberkoff argues Sharepoint 2010's web content management features can be used to fulfill federal open government requirements.

"I always tell them, you can actually use the social media capabilities in Sharepoint, and that can be a part of your social media strategy and then you can have governance built into that," she said.

The trade off in using Sharepoint may be a diminished reach or engagement level compared to more consumer-centric tools, but for some agencies it may be a sacrifice worth making in order to centralize open-government operations through a single platform and get a better handle on security.

Related Articles:
EMC attempts to simplify, unify governance, risk, compliance
Mobile phones create hazards and opportunities for records managers
Fatwire-EMC release web content compliance product