Search in the Enterprise and HR Systems

Image: Eric Ziegler

Three weeks ago I started a series of blog posts about search engines in the enterprise.  My premise was that the search engines in the enterprise are not as good as the search engines in the internet.  I do have to say though, that this is most likely not completely the fault of the vendors that provide such tools, but more about the difference on how people create content for consumption on the internet vs. the enterprise.  This was the premise of my first post.  In the next set of posts, I started to propose that there are ways around the behaviors of employees for people on the internet and the search engines used in the enterprise could adapt to improve the search experience.  In my second post, I discussed how using the context of the employee can provide enterprise search engines a boost in providing improved search results. In my last blog post, I started to provide more details on what I mean by employee context by discussing connections of employees (e.g. following each other). I provided several ways connections can improve search results.  

In this blog post, I plan on discussing another part of how employee context can improve search results.  The Human Capital Management (HCM) profile is my focus for this blog post.  Companies have a wealth of profile information on each employee.  This profile information comes from the Human Resource or Human Capital Management (HCM) systems.  HCM systems contain data that captures who each employee works for and who each employee works with.  These systems also know what each employee's job title, where they are located (building, country, etc.) along with having the employees entire job history.   

HCM Connections : As discussed in my previous blog post, connections provide information that can improve search results. HCM systems provide many different types of connections.  The first connection is between employee and boss.  The second connection is the connection between peers on a team or within a department.   While the employee might not be following their boss or the people they work with, they still have connections with these people.  Bosses, employees and their peers all work together on projects, documents or presentations.   Using similar reasoning as the Directly Following example in my previous blog post, search results can be improved by these HR releated connections. The content created by a manager or by a peer should get bump in relevance because of the relationship between that employee and the person doing the search.

Location : Another piece of information that often comes from the HCM systems is the location of the person.  When I talk about location I mean, the country and city the person works.  I also mean where the office the person sits in, assuming they don't work from home.  If they work from home, this information is typically captured also.  Each of these locations can be used to improve the search results.  For example, if the employee is located in Belgium, and searches benefits information, search results should be returned in context, and not return a link to the Japanese benefits content.    Or if the person searches for what is being served for lunch today, the lunch menu for the company cafeteria that is closest to his building (if it is not actually in his building) should be the top result returned.  Again, search results in context.

While I highlight only two types of data from the HCM system, there is the potential for a log of other information that could be used to improve the search results for the employee.  Of course there are concerns that need to be addressed.  If there is personal information about the employee, there are privacy or security concerns.  But if careful planning occurs and the correct legal and security teams are consulted, the data from the HCM system can dramatically improve search results for each employee.

What other types of HCM data could be used to improve search engines in the enterprise?  What other types of connections can make search engines better?

Social Business, Mobility, and Security

Lock by xserve (Lok Leung) from Flickrhttp://www.flickr.com/photos/xserve/368758286/

Time for some viewer participation.  Raise your hand. If any of the following statements is not true, you can lower your hand.

• You work for an organization that strictly enforces security?  
• You work for an organization that is strictly regulated and require lots of compliance?  
• You work for an organization that does Social Business?  
• You work for an organization that allows you to mix mobility and social business and compliance together while doing it securely?

If you are still raising your hand, look around and count the number of people with their hands still raised. I would guess that you could count the number of people with their hands still raised on one hand.

The solution of building a secure social business solution with compliance buy-in is tough enough as it is, but once you decide to put it on a mobile device, all bets are off.  Why?  Instead of answering the question directly, let me ask you more questions ...  Is your organization willing to lose that valuable information that occurred when two or more employees collaborated on a solution?  How about if that collaboration occurred between an employee and a customer? Partner?  What happens if that collaboration between employees and customers included privacy data or confidential data?  So think of this scenario if you are not worried.

Joe, your star salesman is out and about, meeting with one of his best clients, Jill.  Jill asks a question about how the next version of software will work.  The information she is asking about is confidential at this time, as the company does not want its competitors to know about the new features in the next version of software. 

Unfortunately, Joe doesn't know the answer to the question and would like to get the answer quickly. He would rather not have to get back to Jill and prefers to provide a thorough but quick answer.  He knows the development team can answer the question and uses his mobile social business application to ask the question.   

Jan, one of the developers sees the question from Joe and quickly responds back to Joe, but warns him that if this information gets out, they could have some serious issues.  Joe trusts Jill to not spill the beans and since Jan responded quickly, Joe is able to respond to Jill with the latest information (since he was gabbing it up with Jill).

After Joe meets with Jill, he heads to the airport and while there, leaves his phone in the bathroom.    

What do you do?

The organization has the ability to remotely wipe the device. The organization manages the device and enforces the use of PIN/password on the device and the organization enforces the use of encryption on the device.  

But are those security mechanisms enough?  Managing the device is difficult.  If the device is taken off line, remote wiping the device is not possible.  While a pin/password is good, hacking a PIN (typically 4 digits) is not difficult (9999 combinations).   Passwords are harder but not that much harder.  The device can have a policy set to wipe the device if too many attempts to type in the PIN or password occur.  But in all honesty, who cares about the PIN when you are most interested in the data on the device. Cracking/rooting the device without the use of the password/pin is easier and safer to ensure the data on the device is not wiped.  And once you do that, the device's flash memory(think disk drive) is available to be read.  

So how secure is that confidential data on the device?

You can decide to wait until the device manufacturers and O/S developers play catch-up to make this type of  "security" more "secure".  That could take years.   What do you do?

There is another solution, build an application that is secure.  Have you ever heard of the term, managed application (as compared to managed device).   Managed devices dictate what the owner of the device can and can't do on their device.  It enforces the encryption of the device, forces passwords and other security mechanisms.  In contrast, a managed application allows the developer to dictate what is available for the application and enforces its own security, without relying on the device manufacturer.

How?  A managed application ensures that all of the application data is encrypted, separate and potentially in addition to the device encryption.  A managed application enforces a password for the application.  In the above example, the social business application and the messages sent are secured in transit and if they are stored locally to the device, they are encrypted by the social business application (managed application). If compliance is needed, build it into the system, either capture it at the server side, or provide some means to capture it from the device.