Risk Assessment For Use Of Third Party Web 2.0 Services

This posting contains the content of the “Risk Assessment For Use Of Third Party Web 2.0 Services” QA Focus briefing document. It has been posted here in order to explore the use of a Blog to receive feedback on a document, as described in my previous posting on “Blogs – Suitable For Reports“.

The briefing document was the initial attempt at providing advice for organisations considering making use of third party Web sites. I’d like to build on this initial work, so comments on the advice, suggestions on other approaches and details of any experiences people have had working in this area would be welcome.

---

Background

This briefing document provides advice for Web authors, developers and policy makers who are considering making use of Web 2.0 services which are hosted by external third party services.

The document describes an approach to risk assessment and risk management which can allow the benefits of such services to be exploited, whilst minimising the risks and dangers of using such services.

About Web 2.0 Services

This document covers use of third party Web services which can be used to provide additional functionality or services without requiring software to be installed locally. Such services include:

• Search facilities, such as Google University Search and Atomz.
• Social bookmarking services, such as del.icio.us.
• Wiki services, such as Jot.
• Usage analysis services, such Google Analytics and SiteMeter.
• Chat services such as Gabbly.

Advantages and Disadvantages

Advantages of using such services include:

• May not require scarce technical effort.
• Facilitates experimentation and testing.
• Enables a diversity of approaches to be taken.

Possible disadvantages of using such services include:

• Potential security and legal concerns.
• Potential for data loss.
• Reliance on third parties with whom there may be no contractual agreements.

Risk Management and Web 2.0

A number of risks associated with making use of Web 2.0 services are given below, together with an approach to managing the dangers of such risks.

Risk	Assessment	Management
Loss of service	Implications if service becomes unavailable. Likelihood of service unavailability.	Use for non-mission critical services. Have alternatives readily available. Use trusted services.
Data loss	Likelihood of data loss. Lack of export capabilities.	Evaluation of service. Non-critical use. Testing of export.
Performance problems	Slow performance	Testing. Non-critical use.
Lack of interoperability	Likelihood of application lock-in. Loss of integration and reuse of data.	Evaluation of integration and export capabilities.
Format changes	New formats may not be stable.	Plan for migration or use on a small-scale.
User issues	User views on services.	Gain feedback.

Note that in addition to risk assessment of Web 2.0 services, there is also a need to assess the risks of failing to provide such services.

Example of a Risk Management Approach

A risk management approach [1] was taken to use of various Web 2.0 services on the Institutional Web Management Workshop 2006 Web site.

Use of established services:

Google and Google Analytics are used to provide searching and usage reports.

Alternatives available:

Web server log files can still be analysed if the hosted usage analysis services become unavailable.

Management of services:

Interfaces to various services were managed to allow them to be easily changed or withdrawn.

User Engagement:

Users are warned of possible dangers and invited to engage in a pilot study.

Learning:

Learning may be regarded as the aim, not provision of long term service.

Agreements:

An agreement has been made for the hosting of a Chatbot service.

References

1. Risk Assessment, IWMW 2006, UKOLN,
   <http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2006/risk-assessment/>