It's not difficult to argue that we're in a new era of computing when a hacking attempt against your company's IT stack hacked is very likely, if you have any info of interest. So companies have two choices: secure and maintain their infrastructure more than they ever used to (= spending more than they ever used to), or transfer their infrastructure to companies that will do it for them.
No. Illegitimate third parties, such as criminals, want your data. So you throw in the towel and give your data to legitimate third party companies that you have signed privacy and service contracts with. They're really not comparable.
This is a bad excuse. So a printer leaks information to the internet and that's why I should leak all information to Facebook? Try to convince an CIO with that.
Well, what's your threat model that you are worried about? I would imagine all of these companies have much better security and reliability than most internal IT departments. And I don't see them snooping for their own purposes. The NSA can get what they want anyways.
The one big issue is subpoena's / third party doctrine issues, but I imagine for many companies that's a decent tradeoff for the reduced IT overhead / security / reliability issues. Other industries, like law, should obviously avoid such services.
>>And I don't see them snooping for their own purposes.
This is snarky, but have you looked? If you were suddenly trying to be acquired by FB, would you want all your secrets available to them? Sure, that particular problem affects a very small percentage of companies, but I'm not evil enough to imagine all the ways FB could and would use your data.
These don't seem like particularly new concerns to me, though. U.S. businesses have used 3rd parties to carry or store sensitive information for decades.
Do you worry that Verizon is listening to or recording all your phone calls? Or FedEx is opening and reading the documents you're overnighting around? Or that document storage companies are opening every box they store, in case there's something useful in there? How do you know Quickbooks isn't mining your bookkeeping data so they can sell leads to tax or collections firms?
And what about IAAS and PAAS companies like AWS, Google Compute, or even hosting companies like Rackspace or Softlayer, who typically have root access to every machine they manage? How many companies--even big companies--own all their servers and the buildings they are in?
Ultimately, our economy is based on specialization and carefully constructed relationships of mutual obligation. Contracts have to mean something or there's not much business going to get done.
> And I don't see them snooping for their own purposes.
Well, Google does read your email to show you better ads. But they never made a secret of that.
> The NSA can get what they want anyways.
If they really want to, yes. That doesn't mean one shouldn't try to make it as hard as possible for them. They won't bother if their cost/benefit analysis says you aren't worth it to get out the big guns. (Reliable 0 days aren't cheap and using them too often soon makes them worthless.)
> Well, Google does read your email to show you better ads. But they never made a secret of that.
I really wish this trope would die already. Google is not a person. Google does not read your emails. Employees at Google aren't sitting there reading your emails. An algorithm scans your emails for certain keywords, and displays ads based off of what it finds. That is not the same thing as reading your emails, and it's ridiculous that a forum like this would fall for such fear mongering.
> An algorithm scans your emails for certain keywords, and displays ads based off of what it finds
It's more than that. For example, they also scan images to identify child porn. Or Google Buzz, which showed that they scan and track the people you contact most often, and may do undesirable things with that information, like publish it.
It's naive to expect that Google/Facebook/whatever supplier of corporate IT stuff will just serve as a wholly passive platform, especially if the service is not paid.
I'd change that 'read' to 'scan' but I can't anymore. I really don't care about that particular phrasing. Not being a native speaker I don't think I'm even qualified to argue the semantics of the word 'read' and whether it can be applied to an algorithm or not.
I was trying to point out that some level of snooping by the cloud providers themselves is going on right now. Note that I tried to defend Google's behavior by saying that it is no secret and people are opting into it willfully.
I think the important point here is that you still have some anonymity in the sense that your data is processed in the same way as everybody else's. Saying "Google reads your emails" is basically a fear-inducing way of saying "Google scans everybody's emails."
Yes, they scan your emails. But not _particularly_.
I don't think you're a shrinking minority at all, especially since the article itself mentions that people are concerned.
The problem with this approach is that you also give up control. Want an extra feature or bugfix? Petition FB and see if anything happens. Want to interface with some other system? Get used to browser hacks (cf all those things for Gmail).
I also find it laughable that the article discussed whether or not there will be ads - as if that's the most salient point. Of course the companies will be paying for it and it's obvious to me that FB will want to mine that data regardless of whether they happen to show you ads. They'll also be strongly encouraging users to link accounts too so that the profiles they have of you are even more complete. Depending on how this is adopted, some of my friends who've avoided FB may be forced to join anyway via their employers. Should they switch jobs?
Having said all the above, I'm sure this product will be successful. Most groupware in companies sucks (just think of the convoluted way of arranging a meeting), so a UI like FBs is a great step forward - esp since most of your employees likely need no training.
FWIW I'm working on decentralised alternatives. I don't want to live in a world where my future kids' only options are to either give a tiny handful of companies unfettered access to everything or to go and (literally) live in a cave. http://nymote.org/blog/2013/introducing-nymote/
I'd absolutely switch jobs if I was required to set up a Facebook for Work account with my real information. Then again, I'm an engineer, and am allowed a certain amount of leeway with my crackpot privacy theories.
While I agree I believe that for now this is mostly the case for US-based companies.
Working in the finance sector, it's interesting to see a strong divide between US companies that are more than happy to have an external company hold all/most of their data in the cloud and European and Asian financial institutions who insist on hosting everything on site using their IT department, their software and hardware etc.
I'm a netsec freak that doesn't have ANY social media accounts, but I can't rationalize hating on this.
Social Networking at the workplace has potential to really make things flow better, and you're using it on the behalf of a company rather than putting anything personal on there. I'm not afraid of vacation photos leaking to the internet because I'm not going to have them anywhere near this service.
I'm sick of receiving emails like, "Jeff is out today" when instead I could look at the meeting event on my FB@Work account and see that Jeff is no longer attending.
Information in the workplace really does need a bit of decluttering and I see this as a positive thing.
Just as you don't own your work computer and shouldn't have anything personal on it that you're not willing to have your bosses see, don't include any information on here that is anything other than planning around getting real work done and poking others about a ticket.
(If they include ticketing, I could see this being huge. Someone needs to bring request tracker to the modern era.)
How about putting emphasis on "have to" instead? For most people, the advantage of these services is that you get very good services for little cost. It's simply cheaper to use 3rd party services. That why they've become so popular.
Better you upload your unencrypted data to a third party you know about, than that some hacker collective uploads your unencrypted data to pastebin for you. I think Sony pictures would have been quite a lot better off if their data was all on Google drive and Facebook.
It is incredibly difficult to prevent attacks from technical people inside your own company, and when this happens to a company like Google or Facebook it will be a huge disaster.
It is just so expensive to provide 99% uptime on your own servers. Who is going to go into the office at 2:00AM when an executive can't access his power point presentation?
I guess ERP will be the next thing to end up in the cloud, probably wouldn't be too hard for Facebook to extend this new product to generate timesheets for each employee.
The question companies should be asking themselves is "How bad do you want NSA/FBI/police to scour through your data without ever telling you about it?"
If the answer is "Pretty bad!" - then they should go ahead and sign-up for Facebook at Work.
Facebook - Company info/announcements/chat
OneDrive/Google/Dropbox - Company documents
VOIP Services - Company communications
All stored in clear-text obviously (or at least not encrypted by company using the service before transfer to said services, same thing really).
I myself think this trend is hilariously ridiculous, but I'm in a shrinking minority I assume.