What are the biggest roadblocks you see for CIOs?
McAfee: The biggest roadblock is the possibility that bad things can happen. All the risks and nightmare scenarios seem very real, very concrete and very likely, while all the benefits seem more distant and harder to understand. When you're faced with this concrete, immediate downside versus some distant, nebulous upside, a lot of people decide not to proceed.
So the risks and the downsides are, "Is sensitive information going to leave the company?" "Is this going to become a vehicle for sexual harassment or building an uncomfortable workplace?" "Is information going to go from one part of this organization to another when we shouldn't cross these boundaries?" "Is sensitive information going to our partners, suppliers or customers when it shouldn't?" or "Can these things respect the boundaries that are set up for good reasons here?"
There are some legitimate risks with Web 2.0. But, as much as I've looked for nightmare scenarios, I've found very, very few.
If that's the case, why hasn't there been more widespread adoption?
McAfee: I had my eyes opened to this when I was doing early research, and I spoke with the CIO of a fairly large multinational investment bank. He said that all these Web 2.0 technologies were his best defense because the contributions to them are highly visible--essentially public--and attributed to the people that made them. This means that the instant there's any hint of infraction, the community will help him figure out what happened, how bad it is, and who did it. Then he can show any regulator or authority when the problem occurred, when his company became aware of it, what action it took and how quickly it was removed.
Typically you don't get in trouble for isolated incidents--you get in trouble for patterns of misbehavior. These [social] platforms are great for making sure incidents don't turn into patterns. E-mail, however--which is fantastic because it happens via private channels--is great for allowing abuses to flourish.
That conversation changed my thinking and got me to believe that the risks, in practice, are very slight.
Some CIOs worry about negative comments posted on Web 2.0 sites about their company. What do you hear from CIOs about that?
McAfee: Say you run a product company and you turn on customer reviews for the site you host, but you don't want the negative ones. Well, you can't stop the negative comments from appearing somewhere on the Web. You can't shut down the conversation. We used to think that if you had 10 positive comments and one negative comment, everyone will remember the negative one. That's what I thought, too.
Someone who builds product review software for a living told me there's a different way to think about it. The existence of that single negative review gives consumers confidence that what they're looking at is a truthful, or unfiltered, sample of responses. This allows us to put more weight on the positive ones. It's a strong signal that we're not whitewashing.
In addition, people are decent consumers of information. If there are 10 positive comments and one negative, who are you going to believe? I believe the balance of evidence that's presented, not the biggest outlier.
Finally, companies can respond to that, make something positive out of it. They can put a comment up, they can reply, they show what action they took, and they can demonstrate that they're aware of the problem. That kind of thing goes a long way.
In the world of Web 2.0, you cannot shut down negative comments, reviews or conversations. By embracing them, you can show that you're not afraid and that you're taking action. This allows you to demonstrate that all the good stuff said about your company is true.