Updated: December 13, 2010

Michael Brzozowski, the creator of Watercooler, the internal social media system for HP, recently left HP for Google.

Talents move around all the time, especially in the bay area where the industry is rife with interesting opportunities. However, in this case, the departure of Mr. Brzozowski has put the fate of the Watercooler system in question.

To understand why this is worth blogging, we need to first understand what the Watercooler system is about. Many of you may not know this, but Watercooler is a social media system that currently has 100,000 users! Brzozowski originally started Watercooler aggregate RSS feeds from across the company. Over time, it has morphed into a social media aggregation platform that aggregates content from  HP’s internal wikis, microblogs, various discussion forums, and social bookmarks. The system has a documented set of open APIs and supports a powerful and expressive set of content filters across different social media systems. It is also integrated with HP’s user directories.   

Brzozowski wrote a nice paper on a study he conducted with Watercooler data. Published in Group 2009, the study revealed some interesting facts about social media usage inside HP. Perhaps one of the most concrete statistics arguing for the value of enterprise social networks to date, Brzozowski’s paper points out that 69% of all Watercooler blog users subscribe to content generated by someone outside their business unit. This kind of cross-company instant collaboration is a huge benefit as a social media system because it provides a user community.  

Though Watercooler can be considered a success from HP labs, it has not generated the kind of support from HP proper. Brzozowski has been trying for the last two years to get the system out of HP labs and into the hands of HP operations. But his efforts proved futile – HP operations were not interested, or at least not interested enough to take actions. After Brzozowski’s departure, another researcher from HP labs took over the system. But this person is only doing it on a volunteer basis – he’s got his other core tasks. As we all know, researchers are not great at maintaining production systems, especially one that requires such scale and performance. Now you might ask why HP would ignore a social media system that’s already got such a large user base? Do you know how many social media startups would kill to have 100,000 users? Well, perhaps only HP can answer this question.  

The whole thing came to its head a few weeks ago when some of HP’s executives were meeting with salesforce. The latter mentioned Chatter, the new social media system SFDC is launching at DreamForce this week. Chatter is a cool system, but is not nearly as developed or as widely used as Watercooler. Especially when you consider Watercooler had supported a documented API for users to modify for their own purposes.

The HP executives, after meeting with salesforce, said about Chatter: “Hmm, that’s a good idea, we should have something like that” [Obviously this is a mock conversation, not their actual words]. Finally someone in HP said, “Well, we do have something like it, it’s called Watercooler.” The executive then said: “Really? Well, let’s take a look at that. Maybe we can make something out of it.”

As if on cue, Watercooler stopped working because the whole system had been running on one server (What? One server you ask? Yep. You heard right, one server to support 100,00 users; that’s how Research Labs typically work). The researcher who had been supporting it after Brzozowski left was unable to get it up running again quickly.

HP labs had many top industry talents, but these people are now leaving the organization because their work has not been properly respected and utilized. Last year, they lost one of their HP fellows, John Wilkes, to Google. In addition to the recent departure of Michael Brzozowski and Kevin Lai, a game theory specialist, Joe Pato, a noted computer security expert, though ostensibly still an HP person, has been spending most of his time at MIT. HP has come a long way since the garage company days of Hewlett and Packard, but it seems like the company has lost some of its innovative spirit along the way.

Yes, it’s difficult to remain innovative when you’ve got 300,000 employees. But people are the greatest asset of any organization: If you lose them, you lose the future of the company. This is why Google recently implemented measures of a 10% pay raise and bonuses to retain talents against the new-kids-on-the-block competitors like Facebook. Companies like HP should take notice. Innovations like Watercooler should have flourished instead of being left to flounder.

Why should Security & Risk Professionals care about Watercooler?

There are several reasons. First, Forrester believes that only employees are agile enough to respond to the escalating demands of empowered customers. They're also in the best position to see the problems and to experiment with solutions that take advantage of new technologies (this is discussed at length in the report Welcome To The Empowered Era by Ted Schadler and in the book Empowered co-authored Ted Schadler and Josh Bernhoff). HP’s Watercooler was an example of employees using social technology to breakdown traditional corporate barriers and to foster innovation. As mentioned above, 69% of HP’sWatercooler users read content generated by authors outside their business group, which results in a powerful informal information-flow network that is substantially different from a traditional organization chart. Second, it is also an example of a “shadow IT” a set of functions that are not in any official IT infrastructure diagrams or IT service catalogues. This is another lesson not only are employees innovating with groundswell technologies like social, mobile, video, and cloud but they are doing it independently of IT and security.

Forrester strongly believes that in this era of the empowered organization, security and risk professionals need to engage. You need to meet with major business functions proactively to understand their approach to social, cloud, and mobile technologies. And remember, the goal is not to block or suppress, it’s to enable, and enable securely. You need to help the business mitigate the risks so that they can more confidently take advantage of these technologies with your support because otherwise, they’ll do it without you. If you haven’t had a chance to read it, check out my report, “Securing An Empowered Organization."

As Security & Risk Professionals, it’s not always in our nature to share, but Forrester also believes that there is an opportunity for Security & Risk professionals to use groundswell technologies to improve their own functions and processes. Here are a few ways:

  • My colleague, John Kindervag, has written a report describing how IT can use a social network as a part of security operations. See the report “SOC 2.0: Virtualizing Security Operations."
  • My colleague, Chris McClean recently held a teleconference with case study examples of how risk and compliance professionals have leveraged groundswell technologies to strengthen their programs. See the teleconference, “Compliance Professionals Need To Leverage Empowered Employees."
  • Think about how you might use social and video to improve security awareness and communication.