Enabling Social without Breaking Corporate Security?

MadCap Pulse is the only documentation-centric social collaboration platform that enables technical authors to create a complete social layer around their documentation in order to connect, collaborate and share knowledge with authors, employees and customers.
Post Reply
Propeller Head
Posts: 15
Joined: Mon Apr 30, 2012 1:18 pm
Location: Salt Lake City, Utah

Enabling Social without Breaking Corporate Security?

Post by jdw2465 »

We recently rolled out Pulse to launch our first, doc-focused customer community. However, our internal security police have identified some security issues. Namely, that when running Help content that is Pulse-enabled, where the Pulse server is hosted externally in a cloud, you have opened a potential security hole into your customer's work environment.

In addition, do your customer contracts explicitly prohibit the sharing of user behavior for the purpose of improving your content? There are customers who do not allow analytics, even if it means improving the quality of the software they have purchased from you.

So I'm curious to know if others might have encountered either or both of these issues and what you did to work around it. We see the intrinsic value of customer conversation, feedback, and user behavior analytics, but as a matter of survival, we need to take very seriously the potential risks, particularly those risks that can negatively impact our customers.

Thoughts? Insights?


Sr. Propeller Head
Posts: 121
Joined: Wed Mar 09, 2011 1:52 pm

Re: Enabling Social without Breaking Corporate Security?

Post by chunkee »

I am sorry that no one has replied to your post or many other of the posts. We too are using Pulse which is basically half baked. Initial and current documentation is much too thin and the feature/function set is much too constrained. I know there is an evangelist for this product, however, it seems as though this offering is not really a priority of MadCap due to the lack of responses on this board as well as ensuring that is and will be a helpful player in the TechComm arena.

John C
Sr. Propeller Head
Posts: 250
Joined: Mon Sep 11, 2006 10:58 am

Re: Enabling Social without Breaking Corporate Security?

Post by kevinmcl »

I was trying to discover what might be the use of Pulse, without investing (time and trouble) in a trial that would expire before I could demo to anyone in authority.

So far, the utility eludes me.

We are a data security company, dealing with corporate and government customers all over the world. So far, our documentation model is that we write everything for a product release in Flare, publish it to a clump of folders as an HTML5 system plus PDFs of everything. We have a "Home" splash page that accesses the whole set as html, or that lets customers grab PDFs of individual docs for printing or off-line reading. Kinda old school, but our customers like how they can find stuff anywhere in the docset when searching the html, and they like how they can have a PDF when they need to enter super-secure rooms with no external access.

So, we package the whole doc mess into an archive and ship it with the product. Customers can copy the docs to access on their local machine, or they could copy it to a simple web server for company-wide access. We writers never have contact with customers, so I am aware of only one customer (among thousands) that actually puts the docset up on their corporate web server. All the rest just copy the docs to local computers for direct local reference as they install, configure, manage our products.

Currently, we (the vendor) do not have our docs on our own publicly accessible website, though we are.... ahem.... "in talks" about getting that to happen.

So, if I understand correctly, Pulse would not be the slightest use to us or to any of the thousands of existing customers. The Pulse server would need to reside where the docs are served from, and in 99.99% of cases, we have no control or access (inside customer premises).

The only situation where Pulse might have some utility is if we started serving our docs from our own corporate, public-facing web-server, with an associated Pulse server? Is that about right?

So, if a customer engineer could be persuaded to browse to my employer's website to view the latest docs for a product, does Pulse gather anything at all from that customer engineer's browser? Or does Pulse rely purely on parsing html requests that arrive at the web server?

Keep in mind that these customers are national and international banks, credit-card companies, interbank clearing houses, government departments (of dozens of governments around the world), non-profits and NGOs protecting user/donor/employee data, huge manufacturing concerns, telecomms, the biggest internet enterprises, the biggest B2B enterprises, and so on. Often, they don't let their employees connect to the interweebs without using secured browsers, switching off cookies, frequently clearing cache (or disabling), and they must do so from behind arcanely-constructed firewalls... and those aren't the most paranoid ones.

So, "social" sign-ups would be verbotten, and anything that looked like it was "phoning home" would risk us losing multi-million-dollar contracts, and put a black eye on our carefully-guarded security-conscious reputation.

So-o-o-oooo, is there any use-case in which we could get some use or value out of Pulse?

Would I be risking my job by recommending that we not only (finally, after all these years) publish our product docs to our own corporate website for customers and potential customers to browse, but also that we use Pulse with it?
De gustibus non disputandum est
Post Reply