Alex Barnett blog


Tagging behind the *firewall* - a case study

I've written about 'Enterprise Tagging' or 'tagging behind the firewall' before, but haven't come across any case study material in this area, until yesterday that is. In his latest post, Andrew McAfee has written up a short report on the intranet used at interactive agency Avenue A | Razorfish (AARF):

"What I found most interesting about the company was its own Intranet.  To hear David, Ray, and Amy tell it, the company's traditional static Intranet --  the place where an employee would go to look up benefits information or peruse the latest press releases --  still exists, but has been marginalized by a suite of Enterprise 2.0 tools."

What content shows up?

"AARF has built interfaces to the bookmarking site, the photo sharing site Flickr, and Digg, a site where members vote on the importance of news stories.  All three use tags, or something close. 

AARF employees have learned to add the tag 'AARF' when they come across a web page (using, a photo (Flickr), or a news story (Digg) that they think will be of interest to their colleagues.  Shortly after they add this tag, the bookmark (look at the top of the box), thumbnail of the photo (middle) or headline and description of the story (bottom) show up within the AARF E2.0 Intranet.  So AARF has found a fast and low-overhead way to let its employees share Internet content with each other.  It's also free; these interfaces with, Flickr, and Digg require no fees and no permissions.  I find this simply brilliant."

Corporate Attention Data Needs to be Secure

A potential issue to point out here. Since employees are using the AARF tag to share content with other employees and they are doing so on public sites such as, I can also see what AARF employees are bookmarking and sharing with other AARF employees. Is that a good thing? We'll, it's good for me :-). But is that good for AARF? Look, here is a sample. From a cursory look at the AARF tagged bookmarks, I can tell:

  • Someone is probably lobbying HR for Starbucks coffee machines at the office (I can't blame them...)
  • Someone is studying Second Life's audience size, probably as an opportunity to either establish their own presence for the agency, or collating info so they can advise clients
  • Someone is trying to figure out the ROI on blogging (rather you than me...)
  • Someone is interested in mobile social software apps

Are they giving away company secrets? Lobbying for Starbucks coffee machines, er, probably not. Corporate Second Life plans for AARF? Maybe...

Whoever is responsible for this approach at AARF has probably considered the risks of making this kind of corporate attentional data potentially public (I hope). This level of corporate transparency might be a deliberate decision, but then again, it might not. Either way, companies need to be aware that if they are going to use public tools as a way of sharing content and data in this way, there is the potential to have their corporate attention data tapped into. Today, there is nothing to stop non-AARF employees and competitors subscribing to AARF tag feed and thereby tapping into a thread of AARF's collective thought processes.

(btw, before you point this out, I do realise there is a 'don't share' checkbox in, so it might be the case that what I can see on the AARF tagged content in might only be a subset of content that AARF employees have tagged, and what I'm seeing is what they and feel is OK for the likes of me to see. Even if this is the case and I were the person in change, I'd still be nervous - someone forgets to check a box and well, you get the picture.)

This IP / corporate privacy issue is the precisely the reason why I felt sometime ago that new commercial offerings would emerge to enable corporate tagging be done securely and behind the firewall. That's the 'firewall' bit of 'tagging behind the firewall' idea. (and that's why last year's Mind Camp session was called Inside). This secure dimension would also allow to internal resources (URIs) to be bookmarked securely...Would you really want competitors to know that you've got a whitepaper written up on the next big thing for your company, with a url: "blah/why_we_will_invest_Xmillion_in_Y_in_2007.html?

Putting this implementation and security issue aside, I believe there is huge potential upside for using social bookmarking and tagging tools inside the firewall, if done right (and that means securely, amongst other things). The pioneering approach by AARF is giving us a glimpse into the future of intranets. I'll give McAfee the final word:

"It gives them 'the latest' about their work environment.  And it does so in a bottom-up and egalitarian fashion.  This page doesn't contain the latest information that the company's senior managers, or its IT staffers, think employees should know about; it contains the latest information that employees think employees should know about."


P.S. I'm going to bookmark this post 'AARF' on This should guarantee that it'll appear on the AARF intranet ;-)

P.P.S. If you are at all interested in 'Enteprise 2.0', you really should subscribe to Andrew McAfee's blog. He's associate professor at Harvard who regularly posts on the topic of social software behind the firewall.


Mike Gotta said:

Alex, I found this post to me quite timely. I had a similar conversation with a client recently and noted the security and risk issues associated with use of public services for tagging and RSS feeds. The client was rightly concerned about information residing on public sites that could be used for intrusion purposes as well as for a source of competitive intelligence. Organizations need to ensure that their Internet Usage Policies include how these services should be used (or not) and monitor how these sites are used.

# November 19, 2006 12:42 PM

alexbarnett said:

thanks for the pointer Mike, good post. A whole can of worms, maybe...

# November 19, 2006 1:03 PM

al said:

The other way to handle public tagging is to apply policies similarto coporate blogging. Where by you just keep it very simple by assuming everything you tag is public. Thus one should not tag items (with the public tag) that one would not talk about in public, or that directly relate to projects considered confidential. Secret tags could occur 'in secret' of course but there are still risks even with those as it relies on security by obscurity whcih obviously fails critically.

Often some of the benefits from public tagging are from what others tag that related to it (directly or indirectly) i.e. Mass social tagging provided by contributors outside of the organisation. What is also not indicated in the article is whether or not the outside contributions are being leveraged, indeed the only discrete tag mentioned is the single coporate/public tag (as utilised on the home page).

If there is no outside benefit being leveraged then they really should use an internal tagging system as they gain no other benefits. I would imagine they are gaining something else from the public tagging and we are just not privy to it at this point.



# November 19, 2006 2:46 PM

Halans said:

So I just give my items (links, fotos, etc) their tag and it appears on their intranet? It's the new spam.

It's a 1000 person company, and only 177 links in delicious? They are pretty picky, or don't like to share. I hope their integration of delicious is secure, because with delicious json api you can submit some nasty javascript into their intranet.

# November 19, 2006 2:59 PM

TrackBack said:

It might be brilliant, but as Alex Barnett points out in his post and as I have identified in a prior post as well, use of public online services for tagging/social bookmarks and...
# November 19, 2006 5:32 PM

Ray Velez said:

As you point out Alex, we've definitely thought about this ahead of time. To be clear that this is for bookmarking sites only! Our tagging algorithm used on the wiki content is completely behind our firewall. It may be interesting for people to see what sites we've bookmarked, but these are public sites. Yes, I've bookmarked Second Life myself, but I am not going to tell you why:).

Spam is definitely a concern, but at this point it hasn't been an issue. Sounds like a new product idea to me, building spam filters for social bookmarking tags.

From a tech perspective we avoided using the json api.  

# November 20, 2006 9:02 AM

Niall Cook said:

Alex - this is absolutely right, but there are plenty of open source and hosted options (including our own) that solve this problem.

Unfortunately people seem to get a bit carried away with all the attention being given to and start using it for purposes it isn't designed for. I'm not even sure your "don't share" option works, as then it becomes completely private to the user and cannot be shared with colleagues.

I encourage people interesting in tagging behind the firewall to check out some of the solutions available that permit exactly that.

# November 21, 2006 2:50 AM

Rob Fay said:


I think a number of the "Web 2.0" tools can be incorporated into the enterprise.  I've previously <a href="">blogged about</a> how Digg could be used to encourage innovation by literally promoting bottom-up idea generation.

I think adoption will happen when enterprise CMSs begin to adopt plugins that can be used for open AND secure knowledge management practices that we're seeing in the public sphere.

# November 28, 2006 9:12 AM

Process of Change said:

Alex sourced this gem . I'm so jealous... As I sit here and wade through an email distribution alias

# December 2, 2006 6:11 PM

The Working Network said:

Alex sourced this gem . I'm so jealous... As I sit here and wade through an email distribution alias

# December 2, 2006 6:11 PM

TrackBack said:

After I posted on Avenue A | Razorfish's Enterprise 2.0 Intranet, a few commenters pointed out a potentially troublesome feature.  When employees...
# December 4, 2006 5:06 PM
Thanks for sharing your feedback! If your feedback doesn't appear right away, please be patient as it may take a few minutes to publish - or longer if the blogger is moderating comments.