Pay Yammer or Else
Jan 09
Soon after I began using Twitter, I thought – this is exactly what my company needs. But, you know, “inside the firewall.” That’s the way we boomers think, in terms of these ancient concepts like “firewalls.” Something like feeling protected against invasion in New York City because there’s a natural moat around the city walls. Yes, there are bridges, tunnels, ships, but that’s ok. The moat has rules, we’ll be safe.
Anyway, what if the only people on Twitter were people who worked at my company? What a great way to keep track of ideas, needs, questions – all in a searchable archive. All knowledge is fragmented, so intuitively the ability to survey information fragments promises great value.
Along comes Yammer, a service that provides exactly this. The only way to get an account for your company on Yammer is to provide an email address from your domain. Presto, the only voices on your Yammer, um – I’ll call it subnet – are fellow employees. I embraced the idea, encouraged others to do so.
But something nagged at me. In order to “appoint an administrator,” the company had to buy the service. ”Own” your Yammer capability, else the community is adrift and unregulated. This is completely fair, in my view. Some companies, however, apparently use Yammer without going to the bother of administering the list. After all, you have all the functionality of Twitter for no cost, why pay Yammer’s rates?
Because if you do not, you have no promise of security for the conversations you are having on Yammer’s servers. Put aside for a moment the idea that you are having potentially proprietary conversations on a server outside that pesky firewall – that happens all the time. But it happens under service-level agreements, with a contract to preserve data in case the company is party to litigation requiring legal discovery – to name one contingency.
Brief sidebar on discovery, which can be extremely costly (disclaimer: my father is the lawyer, I have a different yet higher degree than he does). The Federal Rules of Civil Procedure (link is pdf) were revised in December of 2007. Here is a relevant snippet:
(B) Specific Limitations on Electronically Stored Information. A party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery. [emphasis added]
So if you are a party to a lawsuit, even if not the target, you may be required to furnish conversations from Yammer servers. Companies keep this in mind when they sign agreements with Salesforce and other hosted solutions, but that unpaid Yammer party line poses a problem.
In the world of risk management; this is a low probability, high impact event. You probably won’t be a party to a lawsuit (yes, I’m being tongue-in-cheek), but if you are, it will cost you in discovery costs that do nothing to advance your business interests.
However, we also have a high probability, high impact event. I posed this question on Twitter – through the magic of the cloud, I received a helpful response from Yammer. Here’s what I asked:
How do people on Yammer know they’re not talking with ex-employees?
The reasonable response from Yammer pointed me to a FAQ, where administrators can manage the Yammer list for their company. This, by the way, means there is an administrative burden – assign this to HR or IT – adding a step to the outprocessing paperwork when someone leaves your firm. If you have a paid Yammer account, add a step where someone goes in and removes their access from the list.
My conclusion: If you have an unpaid Yammer account, at some point, you likely have ex-employees listening to proprietary chatter. This is not Yammer’s fault – they have no way to manage the employment status of your people. If you value corporate proprietary information and do not want to pay Yammer, you may want to issue a policy telling employees not to use Yammer for sensitive conversations. In which case, of course, they may as well use Twitter.
If I am mistaken, I welcome a correction – but I think the risk far outweighs the benefits. Your employees have no good reason using an unpaid Yammer account to discuss business plans, project needs, client data, code, etc.
Final disclaimer: I have no business affiliation with, or financial interest in, Yammer or any of its partners or competitors. Wrote this without looking, Dad.
Two more questions:
– what if an employee has just always lurked (you know who you are!!)…never posted, just read posts…now they’re an ex-employee, still lurking and reading. How would any employee notice that was happening so that they would suspend the account?
- how ‘persistent’ is the storage of messages on the Yammer server? (didn’t see that in their FAQ)
Nice write up, John…I started wondering about the security model used by Yammer because of discussion of business sensitive information as well as the e-discovery concern. I was (along with you) in the thick of the e-discovery discussions…interesting how something started ‘in the field’ vice by infrastructure has grown so large w/o anyone (apparently) noticing from an official viewpoint.
I would think Present.ly avoids some of the issues I outline in this post, but chiefly because, unlike Yammer, Present.ly is only free for up to five users. My post is a caution against using the free version of Yammer – Present.ly is not targeting this market the same way, they don’t offer a free service for any but the tiniest of companies. This TechCrunch article has more: http://www.techcrunch.com/2008/09/18/presently-takes-on-tc50-winner-yammer/
I am looking for a twitter-like service and found Yammer and presently. What about the latter?
Adam,
Yes, I too liked the idea of using Yammer for non-sensitive information. However, as an old intel analyst, I can tell you that fragments of non-sensitive information can add up to sensitive information. Even if employees are as disciplined as you are, and that expectation is heroic, it is an easy art to piece together sensitive information from “harmless” chatter.
Thanks for adding to the conversation!
jb
Thank you Keith, that is a good point for clarification – I wasn’t aware anyone can suspend anyone else’s account, that is good to know.
However, my larger point remains intact – as the company is not protected by relying on the “greater community or network.” While I’m a big fan of crowdsourcing, this is a matter of firm preservation, and the risk tolerance should be much lower. This *should* be an administrative burden for the firm, as it is their responsibility to provide for secured conversations regarding their intellectual property.
Allowing use of an unpaid Yammer account still requires a firm to patrol and monitor usage to ensure ex-employee accounts are suspended. My former company’s CEO sent a New Year’s greeting, but I wonder if his managers are aware of this administrative need or how to go about managing it.
Good points you make, especially the potential legal ramifications concerning discovery. And I agree that conversations (“yams”) on Yammer should be at the not-so-sensitive level. But that doesn’t mean it offers no benefit over Twitter. On the contrary, I consider Twitter as my “outward facing” network, whereas I use Yammer to ask (non-sensitive) inquiries or seek (non-sensitive) resources from within my company. On the other hand, if Twitter offered groups (like other similar platforms), then yes, I might see a non-paid Yammer account as redundant.
John,
Thank you for the mention of Yammer. We just wanted to clarify that non paying networks can restrict ex employees from accessing their network. At any time, any person can suspend another persons account within their network. This forces the suspended person to reconfirm their email address. If the suspended person is not a current employee, they shouldn’t have access to their email account, and thus wouldn’t be able to confirm resulting in no access to the Yammer network.
The FAQ that explains this can be found in our knowledgebase here:
http://help.yammer.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=311
Since anybody in the network can suspend another person’s account, having to manually remove ex employees is less of a burden because the burden is not on a select set of admins but rather a greater community or network. However, we are looking into other ways, such as LDAP integration, to make this process automated.
If you have any additional questions, suggestions, or feedback please let us know. Once again, thank you for the mention.
Thank you,
Keith McCarty
The Yammer Team