Social Networking? or Social NOTworking?

By
Sarah Carter
 on July 1, 2009 8:06 AM | | Comments (0)

It's not so long ago that I'd wonder what I did without my instant messaging client just to get through my working day. Not, you understand because I needed my latest fix of emoticon laden gossip with far flung friends, rather so that I could use Windows Live, Microsoft OCS, Lotus Sametime, Skype (yes I'm a serial IM'er) to get answers I needed from people who were online, rather than abandoning my question in a voicemail black hole.

 

My must have applications of choice now?  Twitter, Facebook and LinkedIn for starters.   And it appears I'm not the only one to join the social revolution.  FaceTime's June survey on social networking had over 87% of 1199 respondents using social networks, with 39% using a social network every day 

 

Now most of the folks I social network with are work related.  And my communications are during the working day.  And they respond in kind.  (So.. there's a Sherlock Holmes style deduction going on here) It's elementary, my dear Watson, that they must therefore be using social networks in the workplace.

 

And our survey agrees with that.  With a whopping 85% of respondents believing that their users are utilizing social networks from the corporate network.  We'd been somewhat surprised earlier this week, when Chris Boyd, our Director of Research uncovered a keylogger on the kids popular social networking site Neopets.  (Neopets (originally NeoPets) is a virtual pet website, based around the virtual pets that inhabit the virtual world of Neopia.)  

 

Chris found hackers targeting 12 year olds - and probably their more affluent parents.

 

Interestingly, sites such as Neopets are accessed in corporate environments too - FaceTime collects live traffic data from commercially deployed Unified Security Gateway appliances at more than 80 mid to large enterprises worldwide that have opted into this program, representing the daily Web-based activities of more than 100,000 corporate workers.

 

During the past week, these corporate workers have accessed 99 different virtual worlds from their work computers, and at least half of those are targeted at children. Perhaps, as Chris suggests, the kids are asking their parents to check on their Neopets at work or see if the latest friend request on Myspace has been approved?

 

I guess it's at this point in time that the corporate security folks start shaking their heads, and blocking access to social networks, updating those URL filters, tightening up the rules on the firewall.  You know the drill. 

 

Hold up.  Whoa.  Stop. 

31% of our survey respondents reported that Social Networking is critical to business - but must be secure and compliant, citing business benefits from better employee communications to improved marketing communications, more efficient recruiting and faster decision times through collaboration as the key benefits that social networking delivers.

 

But that's not all.  40% of our survey respondents derived their information about their employee social networking usage from URL filter logs.  The Web 2.0 applications and real time communications tools that make up the social networks and the internet that we use today are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling and onion routing.  So the reality is probably that there is a lot more of this traffic that folks are just plain NOT SEEING, let alone managing.

 

I'll leave you with the thought that our web 2.0 world is no longer about blocking (even if your traditional URL filter could..) it's as we at FaceTime say (and our survey respondents agree with resoundingly)  - our new social order needs enabling, just make sure that it's done securely and compliantly.

 

Why China's Web Filtering Plan Won't Work

By
Larissa Gaston
 on June 22, 2009 12:13 PM | | Comments (0)

As you've no doubt already heard, China recently announced plans mandating that all new computers sold in that country - including imported PCs - be delivered with pre-installed and pre-configured Web filtering technology beginning July 1, 2009.

 

Branded Green Dam-Youth Escort, China's foreign ministry spokesman defends the software claiming it's "aimed at blocking and filtering some unhealthy content, including pornography and violence" in an effort to protect children.

 

Putting aside the obvious discussions of censorship versus freedom of information, there's a fatal flaw in China's plan. Maybe we shouldn't tell them this, but Web filtering software alone doesn't block people from visiting Web sites and/or accessing Web applications.

 

Surprised? While the Internet used to be primarily about transmitting and accessing fairly static information via HTTP, FTP and e-mail it's now dominated by Web 2.0 applications such as instant messaging, P2P, VoIP and social networking sites. Savvy Internet users already use tools like anonymizers to mask their browsing habits, and real-time communications and Web 2.0 applications are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling, onion routing, etc. - after all, their goal is to grow their communities and ensure users have the full experience.

 

From what I've read, neither China nor the media has considered or addressed this. I'm certainly not in favor of China to block access -- yes, FaceTime helps organizations control employee Web browsing and use of Web 2.0 applications, where visiting certain sites or using certain applications may be inappropriate in the workplace, put the company at risk or impact productivity -- but the Web sites you choose to visit and applications you use at home are for you to decide and parents to control.

 

The backlash over China's censorship plans is widespread, including nearly 20 trade groups representing technology companies calling on the Chinese government to reconsider the mandate contending that it "raises significant questions of security, privacy, system reliability, the free flow of information and user choice." There's also the California company that claims the mandated Internet filtering software contains stolen programming code. Other articles say the Chinese government has already backed down, retreating on its controversial new web filtering plan, saying the software can be uninstalled or switched off.

 

It's not clear yet how all of this will play out, but you have to ask, if China's mandate won't be effective, why do it at all?

Do you know where your TinyURL is going?

By
Larissa Gaston
 on April 28, 2009 10:37 AM | | Comments (0)

As Jeff Chandler points out on the Performancing Blog, TinyURLs and the like have been a godsend for those active on Twitter, where you only have 140 characters to get your point across.

 

But clicking on an unknown link can make Internet-savvy users very nervous. It's good to know that most Secure Web Gateways will automatically resolve the TinyURL, bit.ly or other short URL redirects and determine their real destination - and discover and thwart any potential malware threat.

 

True, you still don't know exactly where you're going to end up, but from a security standpoint you can click away with confidence. As long as you've got a good gateway Web security solution in place, that is.

Peace, love and free URL filtering

By
Larissa Gaston
 on April 16, 2009 11:09 PM | | Comments (0)

LarissaSarah_tiedye.JPGEvery self-respecting marketing person would dress up like a hippie for the sake of a marketing promotion, right? Well, Sarah Carter and I would, anyway.

 

You see, here at FaceTime, we're all about peace, love and free URL filtering. Okay, yes, it's a promotion we've been running for the past couple of months, but we really do feel the love when it comes to helping our customers manage their budgets by eliminating URL filtering renewal fees. Rumor has it there will be a group of protesters at the RSA Conference next week speaking out against those fees so be sure to stop by the FaceTime booth #2339 and check it out. And don't forget to wear your tie dye.

 

Seriously, all this commotion and protesting, but we really don't have anything against URL filtering. Everyone needs URL filtering, it's just that it's not enough when it comes to managing the New Internet. A much more granular level of application control is required when it comes to securing and managing Web 2.0 including social networking, multimedia, virtual worlds, VoIP ... and the list goes on.

 

So we've been having a lot of fun with our No URL Filtering Fees promotion in our Larissa and Sarah Show episodes. NetworkWorld even called our YouTube videos quirky. We'll take that as a compliment.

 

Peace out. 

 

Workplace Internet Leisure Browsing and Employee Productivity

By
Sarah Carter
 on April 7, 2009 10:21 AM | | Comments (0)

A study released last week by the University of Melbourne's Department of Management and Marketing maintains that workers who engage in 'Workplace Internet Leisure Browsing' (WILB) are more productive than those who don't.

 

Well, that's good news for the 51 percent of workers who access social networking sites at least once a day while at work - not to mention the 50 percent that check their Facebook pages and the 69 percent that watch videos on YouTube several times a day, according to FaceTime's Collaborative Internet Survey published last fall.

 

 

Thumbnail image for piechart_FrequencyOf-SocialNetworkUseAtWork.jpg

The University's Dr. Brent Cocker says:

 

"Firms spend millions on software to block their employees from watching videos on YouTube, using social networking sites like Facebook or shopping online under the pretense that it costs millions in lost productivity, however that's not always the case."

 We couldn't agree more. The whole blocking strategy just doesn't seem to work in the real world.

 

At the same time, the results of the Melbourne study directly contrast some news that broke in the UK this last week - where students at Bournemouth University have been complaining that they can't get work done because other students are hogging University computers to use Facebook and Twitter.

 

Visibility into what employees (and students in this case in Bournemouth) are accessing, is crucial not just to an effective IT security approach, but also it seems to ensuring productivity. If you don't know that 69 percent of your workforce is watching YouTube, how will you know that's the cause of your bandwidth spikes? What if you could give them a bandwidth allotment for such activities, and when their quota is reached, its bye bye water skiing squirrel videos?

 

It sounds like the folks at Bournemouth Uni's IT team could do with not just controlling the bandwidth taken up by some students, but also the time that they're allowed to be on Facebook!

 

Watch this space for upcoming announcements about gaining greater visibility into what's really happening within corporate and organizational networks.

Maybe Perception is NOT Reality after all

By
Frank Cabri
 on February 3, 2009 3:22 PM | | Comments (0)

Your employees really are on Facebook at work, trust me. And they're on more than 400 other social networking sites as well. Ok, if you're one of the companies that blocks the Facebook.com domain you may be saving your company a bit in terms of employee productivity, but from a security standpoint it's only the tip of the iceberg.

 

During fourth quarter 2008, FaceTime collected live traffic data from more than 80 mid to large commercially deployed networks worldwide, representing the daily Web-based activities of more than 100,000 corporate workers. In parallel, a large sample of IT managers were surveyed on a variety of topics, including how many Web 2.0 applications they believed were in use on their networks. One-third estimated the number at less than eight.

 

In reality, FaceTime's actual network traffic data shows an average of 49 Web 2.0 applications installed in each of the 80 reporting locations. These applications include social networking (with Facebook topping the list), instant messaging, Web-based IM, streaming media, IPTV, P2P file sharing, Web conferencing, VoIP and anonymizers. 

 

 

IT Estimates (Survey)

FaceTime Actual Tracking Data

Instant Messaging

66%

100%

Web based IM

35%

97%

Streaming Audio/video

80%

94%

IPTV

10%

100%

P2P File Sharing

54%

96%

Web Conferencing

82%

83%

Social Networking

60%

100%

VoIP

40%

100%

Anonymizers

15%

74%

 

What's an anonymizer you say? For users whose employers block Facebook.com - or gambling or porn sites - it's a godsend. Where there's a will, there's a way - but there's also a solution for IT to regain control.

 

Yes, I believe that in reality most IT managers know that Web 2.0 is pervasive in their networks - but what I don't think they really have a handle on is what employees are doing with these applications on a day-to-day basis. And that's worth understanding.

 

We'll be looking more at what's really going on in corporate networks over the next few weeks. Stay tuned.

White House says yes to email, no to IM. Change doesn't have to be this hard.

By
Frank Cabri
 on January 20, 2009 1:50 PM | | Comments (0)

It looks as if the decision has been made, President Barack Obama will be allowed to keep his Blackberry. Politico's Ben Smith reports incoming white house staffers were told last Friday that, indeed, the President would remain connected - but for them the news was not so bright. There will be no IM in the White House, and that's a change that the white house staffers are not ready for.

 

This is an interesting policy, since Web 2.0 and real time communications have played such a significant role in the Obama campaign.

 

According to Smith:

 

"They just told us flat out we couldn't IM in the White House," groused one senior staffer Friday.

"It sucks. It's really going to slow us down," complained another, saying that lawyers had warned that, along with instant messaging, White House software will restrict users to a range of sites roughly "like your average grade school." 

 

At the heart this debate is The Presidential Records Act, which requires White House documents to be made publicly available five years after a president leaves office. The White House will obviously be archiving its emails to comply. But why stop there? After all, in many ways IM is really just instant email. For more than seven years now, corporations have embraced the benefits of IM and solved the compliance issues around storing and retrieving its content.

   

In defense of the White House IT staff, even though IM seems like instant email to its users, its very different from a management standpoint. Instead of one email network under IT's control, there are dozens of different IM networks in play where conversations occur in real time and involve any number of parties.  It's like solving a Rubics Cube as opposed to a flat picture puzzle - it can be done, but it's a bit more complicated.

 

For example, a multi-party IM conversation can include numerous participants joining at different times, creating a requirement to make clear the context surrounding each participant's understanding of the conversation. Who entered at what point, what did they hear and what did they say?

 

Or in terms that became familiar during the Watergate scandal, which was the catalyst for the adoption of the Presidential Records Retention Act, "Who knew what, and when?"

 

The technology exists to solve these problems, so my guess is that's not all that's behind the decision. IM conversations are by their nature casual, more like hallway conversations. So the fear is that if IM is archived, one day those walls will talk and the result may be embarrassing. Remember Mark Foley?

 

But Corporate America has dealt with this issue as well, and the White House could do the same. Employee education goes along way, along with proactive technology solutions like setting policies and real-time notifications to appear during their instant message conversations to let them know they are being monitored. If you tell the White House staffers they're being monitored, I'm guessing they will use IM appropriately - no more or no less than they would with email. How often do you go over the speed limit when a Highway Patrol car is in the next lane?

 

Change. If anyone can do it, this administration can.

Facebook at Work: The Top Ten Applications

By
Sarah Carter
 on January 2, 2009 11:36 AM | | Comments (0)

I'm spending the quiet time during the holidays working with my colleagues on FaceTime's end-of-year analysis of how real-time communications, social media, other Web 2.0 applications - and the malware using these channels - have affected organisations over the last 12 months. We'll release the full results next week, but I wanted to share some early insights.

 

This year, for the first time, we collected real-world data taken from our Unified Security Gateway appliances deployed across more than 60 participating global organisations. These companies have opted into a program that sends data back to us, so we can analyze Internet application traffic.

 

So what did we learn?

 

Facebook represented the largest single Web 2.0 destination that we tracked, hands down. Maybe not a big surprise, but what I find compelling is that only about one percent of attempts to access Facebook were blocked. It shows that our customers are forward thinking companies that view the use of social networks as positive to their business environment - 99 percent of Facebook visits were allowed by IT policy.

 

These particular employees accessed 890 different Facebook applications over the past few months. Here are the Top Ten applications that were used during working hours on our customers' networks.

 

1.      Facebook Chat (messaging)

2.      Private Photo Gallery (photo, dating)

3.      Wordscraper (gaming)

4.      Do Not Remember (drinking)

5.      Word Twist (gaming)

6.      Are YOU Interested? (dating)

7.      Bumper Sticker (just for fun)

8.      MindJolt Games (gaming)

9.      Slide FunSpace (messaging)

10.  (Lil) Green Patch (gaming)

 

(Sadly my favourite, WordBubble, didn't make the Top Ten)

 

This is by no means a statistically relevant sample of the world as a whole, but the data gives us a indication of what's really happening out there in the Web 2.0 world. And it supports the findings from our annual Collaborative Internet study: The lines between employees' work and personal lives are increasingly blurred, and employees feel they have a right to download - or access - whatever they choose on their work computers. (I know I wouldn't feel comfortable working for a company that didn't let me do this!)

 

Scarily I have two FashionWars invitations outstanding, as I write this - one of them from a seriously unfashionable, tech geek friend.  Si, you're scaring me. Please don't do this online, you know neither of us understands Jimmy Choos and the like...

Finding the Application Needle in the Traffic Haystack

By
Frank Cabri
 on December 12, 2008 12:40 PM | | Comments (0)

It seems as soon as a new technology is adopted into mainstream business, a whole host of support technologies soon follow to fill in the gaps and solve the new issues that are created. Consider the enormity of the anti-virus market that was created after the ILoveYou Virus hit in 2000, and the addition of URL filtering to enterprise IT's checklist of "must-haves" following the adoption of the Web browser.

 

The good news is that browser based traffic is now monitored and managed in most organizations. So, what's the next new technology? Always one step ahead, employees have turned to other real-time applications including social networking platforms, IM, peer-to-peer file sharing, Web 2.0 VoIP and conferencing applications. And the next new technology solution? Application filtering.

 

This week, FaceTime announced that we'll begin licensing our application inspection and classification technology, called ACE (Application Control Engine), to other network security vendors. This same technology is at the core of our Unified Security Gateway product, detecting and classifying more than 1,400 Web 2.0 and real-time communications applications and more than 50,000 social networking widgets - a number that grows daily.

 

This is the new frontier for Web security, as Sarah Perez points out in her analysis of how Web applications fly under IT's radar,

 

"... when users become their own I.T. department, they're unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn't make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company's data at risk, they could also be breaking various compliance laws as well."

 

Sarah's analysis is spot on. She goes on to point out that

 

"If FaceTime's ACE or other similar technologies become a mainstay in the enterprise I.T. toolkit, the explosion of Web 2.0 for business use, a trend typically called Enterprise 2.0, may be dealt quite a blow. The only Enterprise 2.0 apps that will succeed given that scenario will be the ones that worked with the I.T. admins from the very beginning to assure them of their safety. The apps reliant on a slew of the company's rule-breaking users for adoption, however, will be out of luck. Perhaps being sneaky may not have been a great business model after all."

 

From our conversations with IT managers and through our annual study of usage trends, end user attitudes and IT impact, it's clear that the number of unsanctioned applications on enterprise networks is exploding because the nature of the workforce is changing. In fact, one in three employees say they feel they have the right to download whatever applications they need to do their jobs, regardless of policy. And interestingly, one in three IT respondents believe that written policies are ineffective methods for controlling enduser downloading of applications.

 

Given not only the sheer number of Web 2.0 applications but their obvious increased rate of adoption in business, I believe we'll eventually see application filtering become standard, and most likely even more important, than URL filtering is today.

The Koobface Worm Returns...

By
Christopher Boyd
 on December 5, 2008 1:18 PM | | Comments (0)
It's been a busy few days in security, as the Koobface Worm has indeed returned to Facebook.

As the lines blur between personal and business use of Social Networking sites (our recent FaceTime survey showed that 81% of survey respondents said they use social networks at work for personal reasons, and that 51% are accessing them several times a day), it's clear that Social Networking sites are quickly becoming the place above all others where IT Managers need to concentrate their security thinking.

Sites are already out there such as Yammer.com that focus exclusively on business use. How long will it be before there's a major security incident in relation to a Social Networking and workplace related mashup? I have a feeling it's going to be sooner rather than later...
Archives

Find recent content on the main index or look in the archives to find all content.

Recent Comments

Recent Entries

Tag Cloud

Search

Blog Roll

Collaborative Thinking

Ed Brill

Eileen Brown's Weblog

Enterprise 2.0 Blog

FastForward

Irwin Lazar

No Jitter

Schneier

Single Point of Contact

Team Think

Technology Live

Techland

The Facebook Blog

The Impact of Information Technology (IT) on Businesses and their Leaders

The Osterman Research Blog

The User View

Security Fix

Zero Day

Comment/Trackback Policy

This site supports an open comment policy. Rude, wasteful, off-topic, privacy-intruding or libelous comments will be deleted. Comments will remain open unless abused.