Your company email address - at your service?

The evolution of web services is forcing a huge leap forward in how we think about our information but has introduced a new, potentially hazardous, issue for IT departments –the unleashing of the power of the company email address.

Many modern web services allow, possibly even encourage, company employees to sign up for their new services and much of the time all that is needed is a company email address to get going. A verification email is sent to the subscriber and once validated, the employees are off into the Promised Land. Electronic mail invites to other employees inevitably follow and the technology profile of the business is changed at the speed of a click.

When signing up for an offline service in business there is typically a chain of authority involving justifications, authorisations, tender, ordering and legal processes to work through. These, seemingly archaic processes to some, have developed over time to ensure the protection of the company and the suitability of the service - but online web services are driving their diggers through this landscape.

Images of Arthur Dent jump to mind as IT managers across the land leap out of their server rooms to lie down in front of the oncoming technology demolishers.

Historically, the purpose of a company-assigned email address has been for sending electronic messages to trading partners but, especially with the advent of web services, the company email address is evolving into a full-blown passport to more tempting, greener, grassier lands. Now, as long as one has a company email address any member of the company can sign the business up for all manner of services: Google Docs anyone? Yammer perhaps? Maybe a company Flickr account? We could even get our company on Twitter and Facebook – fantastic?

You could argue these services offer great productivity tools that we should embrace - who really wants to stand in front of the board telling them why they should NOT embrace these, often free, technologies?

So, the services work their way in carefree of any consequences. No back up or security mechanisms, no supporting business processes, and question marks over the ownership, and confidentiality, of data. All of these things are pushed to the side in the name of productivity. That is until a problem occurs; now the grassy land becomes a dust bowl of the old Wild West where the IT marshall has to drive into town to clean things up.

When signing up for these services it is often the basic services which are signed up for as they are often free. These usually offer little administrative control and little auditing and one is left to wonder how many people signing up for these services read, understand, or appreciate the consequences of the small print?

Who reads small print anyway?

Even worse could be company individuals signing up collectively with their personal email accounts and creating workgroups that the business has no knowledge of and yet is ultimately responsible for. This is a whole new can of worms – the very thought of which leaves me with a cold shiver.

Of course, company policy should be in place, but I wonder how tempting it is to sign up for a web service account these days?