June 2008 Archives

MySpace in the Enterprise: Control or Chaos?

By
Frank Cabri
 on June 19, 2008 11:56 AM | | Comments (0)

When one of our lead researchers, Chris Boyd, started looking into MySpace hacks and scams over a year ago, some of us at FaceTime questioned whether that was the best place for him to spend his time. Was it relevant to the business IT market that we serve?

 

Absolutely. The ability to control how employees use social networking on work computers is one of the key topics of conversation we have with new customers. We've heard from customers that they can't block MySpace and Facebook because their HR departments use the sites to do background checks on potential employees. Many organizations are also setting up company-oriented communities on Facebook. We've spoken with companies who have lost new employee candidates because of their policies against use of Web 2.0 including social networking and instant messaging - these companies are perceived as legacy and uninteresting places to work.

 

MySpace and other social networking sites have entered the enterprise, and business leaders together with IT have to figure out how to turn it into an advantage for the company. It's a much larger issue than simply making a binary decision to block or allow it.  Do you block it all, or do you allow some users or some aspects of it?  What are the cultural and employee morale issues if you shut down access? 

 

I have a good friend who works at a satellite office for a Fortune 100 company. His Internet is locked down beyond belief. Yet, the posters on the wall from the corporate office highlight value statements about "innovation" and other rhetoric that seems to me at odds with their Internet policy. I'm told that the morale there is a mess. Is there a relationship?

 

FaceTime is not in the business of establishing the Internet access policy for our customers.  We are in the business of enabling them to enforce their desired policy for Web access including control of MySpace and other social networking sites. But, my contention is that it's not soley a matter of whether or not MySpace, Facebook etc. have a business purpose. The real point is that employees feel they have a right to use whatever applications or online sites on their work computers, and IT has to maintain the integrity of the network despite this trend.  Bringing these two perspectives together for the benefit of the business is where the challenge lies.

Facebook Chat and Unified Communications

By
Brian Babin
 on June 17, 2008 12:23 PM | | Comments (0)

A few weeks ago, I read an interesting blog post by Mike Gotta, a principle analyst for the Burton group. I've been mulling it over and wanted to share my thoughts - but let me give you a recap first.

 

Gotta writes about Facebook's use of Jabber/XMPP for Facebook Chat and how he thinks this will impact enterprise organizations that are planning to roll out corporate instant messaging/presence platforms that are based in SIP/SIMPLE. Short term, Gotta does not expect Twitter's nor Facebook's use of XMPP to impact business decisions, but he predicts that XMPP in the near future could lay the groundwork for Unified Communications in the enterprise.

 

Gotta makes a couple of observations about IBM and Microsoft's position in the UC market. Here is an excerpt from his post:

 

For IBM, I would expect someone from IBM's unified communication and collaboration team to realize that this is a great marketing opportunity. At some point, I expect IBM to aggressively pursue interoperability between Facebook's XMPP system and the Lotus Sametime Gateway. 

 

For Microsoft, this news presents them with a problem - they are in a position that is almost impossible to defend. There is absolutely no technical reason why the current Microsoft gateway does not support XMPP today. It is simply a political decision (in my opinion), by the folks at Microsoft as they compete with Google. Granted, GTalk does not have the market share of other public networks (Yahoo!, AOL), but even so, the strategy is clearly not customer-focused at all.  

Gotta makes a good point, but I'm not convinced the onus lies with the Microsoft gateway provider.  The Microsoft gateway doesn't support XMPP... ok, so what?  You can make the case that Facebook (in which Microsoft invested $240 million) and other sites will need to add a SIP gateway to support connections from OCS.  It's not a mandate, but one or a few sites may take the plunge and make themselves easily accessible to the millions and millions of (eventual) OCS users --- the others will have to follow suit.

Or Microsoft bites the bullet and adds XMPP support to their gateway but restricts it so that can't connect with their arch-rival Google.  That's possible.  But again, will a company looking at OCS say "Gee, sorry I liked the solution but chose Sametime instead because it can connect to Twitter"?  Maybe that day will come, but not any time soon in my opinion.

Securing Web 2.0: We All Like To Jump On the Next New Thing

By
Frank Cabri
 on June 9, 2008 6:18 PM | | Comments (0)

When something works others will adopt it. It's true whether you are talking about TV reality shows, green products or IT security.  This was evident at the Gartner IT Security Summit  that I attended last week, where there were several references in the keynotes and breakout sessions to the trend toward end user adoption of collaborative applications such as Facebook and other Web 2.0 apps.  

 

The current catch phrases are based on the premise that the Internet has changed. Some call it the "Consumerization of IT," some call it Enterprise 2.0 - and I believe I even heard it called "People-Based Computing." (PBC)

 

No matter what you call it, IT security administrators must make a judgment call about the usefulness of these new real-time Internet tools and whether or not to spend money on security and management solutions. Are employees really going to use these tools to do business? Or are they virtually hanging out with friend on MySpace during work hours? And what if MySpace becomes Facebook, or Second Life, and then Twitter or Pownce or a widget... or whatever else the latest Web 2.0 application is?

 

The lines between work and personal time are blurring more than ever, and IT is continually challenged with "the next new thing." The new Internet will create new strategic issues to sort out over the next few years. Will a SaaS model for security be considered?  How will virtualization impact security deployments?  These were the types of issues that were raised and debated over the three days.  All said, a solid conference that offered a combination of actionable recommendations and thought-provoking considerations.

 

By the way, Google started its keynote at the Gartner IT Security Summit with a message about collaborative applications, and I was pleased (and proud, I must admit) to see their reference to our very own Chris Boyd as a contributor to their security efforts.

Supply / Demand

By
Christopher Boyd
 on June 7, 2008 10:08 AM | | Comments (0)
Without research, there are no blog entries - and I hate putting out "fluff pieces" (ie a line or two of text with a link to something somebody else wrote) to make up the numbers. I prefer to create the content myself, because not only do we have control over the material and the subsequent activities that take place as a result, it immediately makes the content unique, readable and more interesting than many of the other blogs out there.

However.

Without blog entries, there is no research - or, at least (to the general public, who only see the research security companies do nowadays via an endless deluge of RSS feeds) - there is no research. With nothing published, interest wanes. A few days go by, and the number of people subscribed starts to dip slightly. You get a little twitchy, and wonder why it's so quiet.

Is it quiet? Or is it just that you've been looking in the wrong places the last couple of days?

You wonder if / when the next interesting thing to write about is going to come along. You invest more time in research, but of course that means less seconds in front of the PC hammering out the next blog entry. When the majority of your online existence is devoted to providing the public at large, curious passers-by, people in the industry , journalists and (every so often) law enforcement with a window into the world of making things a little more secure for everybody, that can create a few problems.

Research feeds the writing, and vice-versa (which too few people appreciate) because many more discoveries in the research come to light only after an initial article has been posted. Could be from a tip-off, a disgruntled victim - perhaps someone from law enforcement who can't really write about their own findings on a blog somewhere but are quite happy for you to beat the drum on their behalf.

Both writing and research eat into the time available for either activity. Writing across two different blogs takes an enormous amount of time, especially as they promote two different types of research. Actually, no - that's not right. They're more like different facets of the same research, with one tending to look at the files and the other looking at the creators of those same files. In tandem, they can be a particularly potent weapon against those looking to hijack your PCs, steal your credit cards and all those other wonderful things kids like to do these days when their parents aren't looking.

In that sense, the pressure to provide a never-ending stream of content for two different sites is also a huge benefit, because when the more "traditional" type of analysis dries up on Spywareguide - and of course, it does from time to time (like when all the bad guys are too busy eating their Christmas dinner to bother with virus writing) - you can still usually find a collection of low level talent script kiddies or wannabe hackers and have fun at their expense over here. Similarly, when there are no bad guys practically begging to be outed on Vital, you can still usually come up with some interesting infections for further analysis on Spywareguide with the aid of the research teams we have scattered across the globe.

As far as I'm aware, this gives us an edge over a lot of security companies out there who only tend to have one solitary blog, usually only geared towards pure research. When the tech stuff dries up, those blogs tend to go silent for a while, and blog silence for me is not a good thing. I want content, and I want that content daily. I become hooked on those sites, and I'm disappointed when they fall off the radar for a while. Yes, it's childish and yes, it's impatient - but that's how it works. Off the top of my head, the only company I can think of that has one blog but can easily (and quite happily!) write about non-security subjects is the Sunbelt Blog, and more power to them. I mean, look at this and tell me you expect to see something like that on a security site. You probably didn't but wow, there it is, and isn't it great?

Supply / Demand. It's what blogging is all about.

Now if we could just work out the oil Supply / Demand issues we'd be onto a winner....
« May 2008 | Main Index | Archives | July 2008 »

About this Archive

This page is an archive of entries from June 2008 listed from newest to oldest.

May 2008 is the previous archive.

July 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Twitter Updates

follow us on Twitter

Search

Blog Roll

Collaborative Thinking

Ed Brill

Eileen Brown's Weblog

Enterprise 2.0 Blog

FastForward

Irwin Lazar

No Jitter

Schneier

Single Point of Contact

SKT

Team Think

Technology Live

Techland

The Facebook Blog

The Impact of Information Technology (IT) on Businesses and their Leaders

The Osterman Research Blog

The User View

Security Fix

Zero Day

Comment/Trackback Policy

This site supports an open comment policy. Rude, wasteful, off-topic, privacy-intruding or libelous comments will be deleted. Comments will remain open unless abused.