FaceForward

Social Media Impacts Business. Understood. What Next?

2010-02-26T08:51:26Z

Today's guest blogger is Ajay Madan. Ajay heads the Quality Assurance division of FaceTime. He has several years of experience working on products related to Network Security and Compliance. He is actively involved in working with the product and support engineering teams in devising and implementing processes and methodologies that ensure a high degree of quality for FaceTime's products. He has been closely tracking the developments in the social media space, the business impact due to the same and shares some of his thoughts in this article.

Take it away Ajay.

In recent months, there has been an increasing media attention on social networking sites; and how this impacts business, compliance, security and so on. Some staggering statistics (which I reference later in this article) have been thrown in to demonstrate the crazy adoption rates of the social media.

Social media, it appears, is here to stay and companies are now understanding that it's not about blocking access now, but realizing that controlling and enabling access is the way forward.. It would sound naive to assume leadership teams in companies haven't yet begun this process, some still block access, others are engaging with vendors that help manage and control the use of social media, and some are just giving it some more time. So in this post, I don't focus too much on the statistics or impact of social media but look at the next steps for companies who understand the need to manage social media.

There are several aspects for CIOs/Head of IT departments to consider while evaluating policies for social media as well as for evaluating solutions to manage social media usage in the network.

Compliance Considerations

FINRA in their recent webinar indicated that companies will not be given a compliance grace period because Social Media technology is new and evolving. FINRA has asked companies to not allow usage of Social Media if they cannot supervise it or the social media site does not support archival. Bottom line - Companies must retain, archive and retrieve to be compliant.

If you are in a regulated industry, such as the financial services sector, you need to consider tools that either allow you to block access to unsanctioned social media and/or invest in a solution that allows you to monitor, archive and review content posted through social media.

Security Considerations

Perhaps another key question in the IT manager's mind pertains to security, There can be several concerns in this area -

Its possible that users may leak sensitive information about the company through a post on Twitter or Facebook Wall
Users in a regulated industry sending information - perhaps patient information via Facebook or Twitter
Users with, lets say, corporate Facebook accounts using foul language in their posts.
The potential for hidden malware, Trojans and the like in applications, perhaps such as the myriad of games and applets on Facebook.

A solution for Web 2.0 should provide or extend security controls to social media to address such concerns.

Policy Considerations

Some industries require a rich policy framework or workflow that allows the following -

Ability to be able to moderate posts on social media before they are allowed to be posted to the actual site
Ability to capture or moderate content that matches certain lexicons or pre-configured policy elements.
Workflow for compliance officers to review the posted content
Workflow to archive content for long term storage by inter-operating with enterprise archival systems and easy retrieval.

Bandwidth Considerations

There are certainly organizations and industries that do not have compliance requirements for social media, but who do need controls on bandwidth consumption. The common problem today is that companies have no way to measure the amount of time employees spend on social networking websites and in the past this has been recognized as a huge problem as it potentially impacts productivity. Hence this could be a core requirement for many companies.

Consider looking at solutions that allow you to set bandwidth limits for usage of social media.

Existing Infrastructure Considerations

Many IT departments are wary of having multiple vendors for different communication modalities and for the ease of management prefer to select those that provide functionality across all the considerations I referenced - as well as being able to provide these functionalities across other communications modalities, like IM and Unified Communications.

Consider an Evolving Market

Social media is new technology and will continue to evolve. Companies should look at solutions providers who have expertise in real time communications traffic, at those who adapt quickly to new technologies and who consider social media as part of a communications strategy, not in isolation.

Finally, I want to plug the solution that I work on. I've been with this product since it's inception and have seen it grow to become the first Secure Web Gateway that combines features, functions and controls for social media alongside other communications modalities. Our Unified Security Gateway is uniquely positioned to address all the considerations I outlined above and helps companies manage not just social media across a broad spectrum of requirements - but web traffic on the whole, and more than 4,000 web and internet applications, from IM to remote control tools, to P2P tools.

Now, I'll leave you with some pretty phenomenal statistics if you know any of those folks who are looking the other way when it comes to adopting social media.

But do check back on March 2nd when we launch the results of our fifth annual survey - and let me know what YOU'RE doing with social media.

Ajay

Facebook

http://www.facebook.com/press/info.php?statistics

http://techcrunch.com/2009/02/14/as-the-economy-sours-linkedins-popularity-grows/

Twitter

http://mashable.com/2009/01/09/twitter-growth-2008/

Is your Social Media Strategy defeating the objective?

2010-01-12T12:06:59Z

I read a short article in InvestmentNews today about a new social web site, LinkedFA, which is promoting itself as the "first and only Finra-compliant social networking site for financial professionals." I immediately thought to myself, how can a social networking site tout itself as Finra-compliant when Finra hasn't released its compliance guidelines yet? Finra postponed its introductory webinar until March.

Then I asked myself the larger question; why would financial professionals want a 'walled-garden' social media site in the first place? Doesn't that kind of defeat the objective? If you're a financial advisor, don't you want to be where your prospects are? A site dedicated to financial professionals is fine for connecting with people within your industry but it doesn't help you reach new customers.

Consider that there are currently more than 250 million Facebook users, 30 million Twitter users, and 25 million executives on LinkedIn. That's where the conversations are taking place. That's where you can reach customers and prospects.

Isn't it better to participate in this larger, open conversation taking place on the Web and develop best practices, with the help of technology, to make sure that those conversations are appropriately logged and accounted for? That's the best way to assure compliance, whether it's for Finra, the SEC, or some other regulatory agency.

Our financial services customers rely on FaceTime's IMAuditor and Unified Security Gateway to not only secure their networks, but to manage and log content for regulatory compliance.

That way they get the best of all worlds:

1) centralized control of online conversations stored on their own servers so they can be audited for compliance;

2) the ability to support any public social media site in a secure manner and

3) the ability to allow their traders and other employees to use the application that is best suited to the job, whether that's Yahoo, Reuters, YellowJacket, Facebook or Twitter - we don't mind, because, well, we support them all.

My team have put together a 30 minute briefing on "What you can stand to gain and lose with Social Media" - why not join them on January 27^th at either 10 eastern or 10 pacific?

Secure and Enable the New Internet

2009-12-07T13:25:27Z

Last month we announced that Check Point Software Technologies had purchased our application database for use in their products. According to Check Point, this technology will "... provide businesses unparalleled granular control over application usage and enable security administrators to prevent threats associated with the use of certain Internet applications. Check Point will offer this new level of security controls as a Software Blade that will be available for all gateways." (read their release here: )

This deal reaffirms our leadership in the Web 2.0 security space. More importantly, it highlights the growing need for network solutions that provide visibility and control at the application level not just at the port & protocol level. Check Point sees this need and will use our database to provide application level control. Application level control will become the price of entry in the Firewall market.

But beyond visibility and control, what enterprises are asking for is "enablement".

How do I allow access to Facebook or LinkedIn and stay in compliance with FINRA or FERC or HIPAA or PCI or [insert your favorite regulation here]?

How do I allow access to YouTube videos but not the inappropriate stuff?

How do I allow access to blogs and wikis and webmail but ensure that confidential information if not getting posted?

Our customers realize they can't block access to the New Internet - they must enable it.

Which is why our mission statement reads "Secure & ENABLE the New Internet"

How are you and your organization enabling the new Internet? What tools and applications do you need to secure to effectively enable your team?

Yesterday's solution doesn't address today's issues

2009-12-02T12:54:32Z

Today's guest blogger is Eric Young. Eric is FaceTime's Sr, Director of Field Services, and works with FaceTime customers to implement leading edge security and compliance solutions for Unified Communications and Web 2.0. Eric's worldwide role gives him an insight into the global requirements of organizations implementing real time communications technologies to enable their businesses and works closely with our product team to ensure that FaceTime solutions remain at the forefront of the industry.

Yesterday's solution doesn't address today's issues.

I was onsite with a customer recently completing our fifth competitive replacement within the Fortune 400 in the past 6 months. As the customer was detailing all of the requirements the previous solution did not satisfy, it made me wonder, how are other customers of these competitors feeling they are operating in a compliant fashion?

If you, as a compliance officer or legal counsel, cannot make sense of a group chat conversation, cannot actually view the content of a blocked message, or can't see what folks are trying to post to a social networking site; how can you possibly defend your organization from SEC fines or from a lawsuit in a court of law?

Security technologies evolve quickly, especially in the area of real-time communications - but the adoption of tools like Unified Communications, Instant Messaging and social media has grown exponentially - in many cases even without the knowledge of either IT or compliance.

Regulation and compliance changes too, with the times. Most recently I've seen FINRA starting to address the issue of social media and issuing guidelines to member organizations and individuals on how usage should be treated.

We all understand there is a big difference between "logging" and "being compliant" but knowing there are still some banks and other highly regulated companies using these legacy solutions that were designed for technology of a few years back, it begs the questions: What are the minimum requirements for security and compliance for Unified Communications, Instant Messaging and Social Media?

And, what are you doing about dealing with emerging technology?

Guest Blogger: Damon Martin, of SKT on Unified Comms & Web 2.0

2009-11-25T14:15:39Z

Damon Martin, takes a primary role in the development of technical and sales direction for SKT, a national Unified Communications consulting firm based in the central US. Damon executes consulting practices and sales methodologies developed to ensure organizations realize the promise of Unified Communications.

Here, Damon discusses what's changed in the workplace - and what's becoming more relevant.

For many of us that have been consulting on Unified Communications for years it is hard to see the transformations when they are happening. I remember talking to organizations about CTI when the idea that your computer could talk to your PBX was bleeding edge. There has been an enormous amount of discussion in the past year about Unified Communications and its business impact. An interesting transition for me has been that I don't find myself answering the question "What is Unified Communications?" anymore. Instead, I find myself talking to organizations about what Web 2.0 and social networking mean to their business. The reality is that those questions are a natural progression of the dialog. There is an inherent link between Facebook, Twitter, LinkedIn and other social networking tools and Unified Communications.

What is changing in the workplace?
There is awareness within today's workplaces that we have to find ways to become more productive. The effects of today's economic environment and acceptance of the "new normal" have allowed us to see the workforce output that is expected for information workers at our companies. That productivity is fueled by an increasing demand for a collaborative working culture. There are several trends that are emerging in the new workplace:

Unwillingness to return to previous employment levels
Demands for higher productivity from information workers
Elimination of organizational layers
Increasing expectations for staff to take on a variety of roles and responsibilities

There is an interesting phenomenon of the new workforce; workers are finding an environment where they are being forced to collaborate with others at a much higher degree than was required previously. This pressure has a logical conclusion that we are seeing play out in many organizations:

Workers need to collaborate quickly and effectively and today's phones and email are not fast enough with most communications resulting in a voicemail or replies hours later.
Workers have become accustomed to instant access to friends and family with text messages, Facebook, Twitter and instant messaging.

The result is that workers have a desire and need to use collaboration tools. If we look at Unified Communications as a tool and explore its ability to add business value by driving collaboration, we can start to understand how social networking is an indication of the willingness of our teams to embrace Unified Communications and Collaboration.

Why is Web 2.0 relevant?
The key to the adoption of Unified Communications in the workplace is embracing it as a collaboration tool. The question about whether people can use social networking tools to collaborate has been answered by the prolific growth of tools and social network sites. The burden now is on solutions providers and vendors to help executives at companies understand how to leverage a Unified Communications platform to provide a tool-set. Businesses need to continue growing productivity without returning to the staffing levels they that drove up costs. We hear the question "how can we get our staff to embrace Unified Communications". The key is to understand that they already have by tweeting feedback at a trade show or posting pictures of grandchildren on Facebook. The vendors are doing a good job of showing demos of how Unified Communications works to IT departments. In the interim, workers are finding ways to collaborate because they have to stay competitive and provide the output that is expected in today's workplace.

Conclusion
It is time for the technology departments to accept that Unified Communications is not something that can be migrated to over time or tested for small user groups. Businesses are not going to back away from demands for increasing productivity. Workers have realized that collaborative communication is the way to make productivity sustainable. We have to work to help organizations understand that Unified Communications and Collaboration (UCC) is where the consumer acceptance of social networking and the business software for Unified Communications come together.

Damon originally posted this blog entry at the SKT Blog earlier in November 09. You can follow Damon on Twitter.

Enterprises realizing the value of Social Networking

2009-11-03T20:48:59Z

I had an interesting meeting with a customer last week regarding the use of social networking. This is a large broker dealer with several thousand financial advisors across the country.

The IT department is getting pressure from the business users to allow the use of Facebook, LinkedIn and Twitter all of which they currently block. When I asked them why the business units wanted access to these sites, they gave me three reasons:

The financial advisors are telling them that referrals they get through Facebook and LinkedIn tend to convert to clients at a much higher rate than any other channel. This resonated with me - at FaceTime we constantly remind our salespeople to leverage their social networks for prospecting. It is well know that human beings are tribal by nature and are more likely to respond to someone who is "connected" to them in someway - even when you have millions of connections!
Their marketing group is focused on the 35-45 year old demographic since this is where people hit the peak of their earning power and start thinking about financial planning. Getting clients in their late thirties means you can hang on to them 20-30 years. Turns out that the over-35 demographic is the fastest growing user group at Facebook and the largest segment for both LinkedIn and Twitter.
Finally, the company is finding that their ability to recruit at college campuses and MBA schools is enhanced by their Facebook and Twitter presence. As we all know, college kids live with these technologies and businesses that block access are seen as old school.

I am hearing similar reasons from other customers across all industry groups. Enterprises are recognizing the power of social networking to recruit new customers, stay in touch with existing customers and enhance communication with their employee base.

Of course there are several challenges that need to be overcome. In a survey FaceTime conducted in June of this year, organizations identified their top three concerns as content leakage, regulatory and corporate compliance and reputation damage.

"I am not worried about the guy who wants to steal information" the IT manager at a large services firm said to me. "I am worried about mistakes. People don't realize that competitors can also see your status update on LinkedIn and if you're talking about working on a particular project, you've just told the world." The inadvertent leakage of content is a common concern among the security managers I speak with.

On the compliance front, regulatory authorities are increasingly focusing on the use of these networks within regulated industries such as financial services, energy and healthcare. For example, FINRA, the Financial Industry Regulatory Authority, recently formed a Social Networking Task Force to look into the compliance challenges posed by social networking sites.

Finra CEO Rick Ketchum said, at the SIFMA Annual Meeting "Social networking sites such as Facebook or LinkedIn provide new ways to connect, inform and interact with customers... They also raise new regulatory challenges. For example, as currently designed they may not allow you to archive and maintain the communications on your own books and records."

Reputation damage is another concern for large enterprises. How do you track what employees and customers are saying about your company? The CIO of an electric utility company noted that they used Twitter to communicate information about outages and other emergencies to their customer base. "I worry that a disgruntled employee or customer could hijack our Twitter account and start spreading misinformation".

Another customer, a large bank that ran into some problems integrating an acquisition, talked about how customers were blasting the bank on Facebook and Twitter. "Because we block the use of these sites within our company, we were caught off-guard and didn't understand how we should respond to these comments." The IT manager noted. "Our marketing group is now formulating a strategy on how to leverage these platforms. We need to be more savvy about these channels."

Notwithstanding the challenges, it is clear that enterprises recognize the value of these sites and are motivated to overcome them. (Shamefaced sales pitch follows) FaceTime recently announced USG 3.0 which is designed to address these challenges and allow enterprises to leverage the benefits of social networking.

I would be interested in hearing your views on the use of social networking in your business. Do you agree with the above reasons? Are there other reasons?

Social Networking? or Social NOTworking?

2009-07-01T15:06:31Z

It's not so long ago that I'd wonder what I did without my instant messaging client just to get through my working day. Not, you understand because I needed my latest fix of emoticon laden gossip with far flung friends, rather so that I could use Windows Live, Microsoft OCS, Lotus Sametime, Skype (yes I'm a serial IM'er) to get answers I needed from people who were online, rather than abandoning my question in a voicemail black hole.

My must have applications of choice now? Twitter, Facebook and LinkedIn for starters. And it appears I'm not the only one to join the social revolution. FaceTime's June survey on social networking had over 87% of 1199 respondents using social networks, with 39% using a social network every day.

Now most of the folks I social network with are work related. And my communications are during the working day. And they respond in kind. (So.. there's a Sherlock Holmes style deduction going on here) It's elementary, my dear Watson, that they must therefore be using social networks in the workplace.

And our survey agrees with that. With a whopping 85% of respondents believing that their users are utilizing social networks from the corporate network. We'd been somewhat surprised earlier this week, when Chris Boyd, our Director of Research uncovered a keylogger on the kids popular social networking site Neopets. (Neopets (originally NeoPets) is a virtual pet website, based around the virtual pets that inhabit the virtual world of Neopia.)

Chris found hackers targeting 12 year olds - and probably their more affluent parents.

Interestingly, sites such as Neopets are accessed in corporate environments too - FaceTime collects live traffic data from commercially deployed Unified Security Gateway appliances at more than 80 mid to large enterprises worldwide that have opted into this program, representing the daily Web-based activities of more than 100,000 corporate workers.

During the past week, these corporate workers have accessed 99 different virtual worlds from their work computers, and at least half of those are targeted at children. Perhaps, as Chris suggests, the kids are asking their parents to check on their Neopets at work or see if the latest friend request on Myspace has been approved?

I guess it's at this point in time that the corporate security folks start shaking their heads, and blocking access to social networks, updating those URL filters, tightening up the rules on the firewall. You know the drill.

Hold up. Whoa. Stop.

31% of our survey respondents reported that Social Networking is critical to business - but must be secure and compliant, citing business benefits from better employee communications to improved marketing communications, more efficient recruiting and faster decision times through collaboration as the key benefits that social networking delivers.

But that's not all. 40% of our survey respondents derived their information about their employee social networking usage from URL filter logs. The Web 2.0 applications and real time communications tools that make up the social networks and the internet that we use today are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling and onion routing. So the reality is probably that there is a lot more of this traffic that folks are just plain NOT SEEING, let alone managing.

I'll leave you with the thought that our web 2.0 world is no longer about blocking (even if your traditional URL filter could..) it's as we at FaceTime say (and our survey respondents agree with resoundingly) - our new social order needs enabling, just make sure that it's done securely and compliantly.

Why China's Web Filtering Plan Won't Work

2009-06-22T19:13:04Z

As you've no doubt already heard, China recently announced plans mandating that all new computers sold in that country - including imported PCs - be delivered with pre-installed and pre-configured Web filtering technology beginning July 1, 2009.

Branded Green Dam-Youth Escort, China's foreign ministry spokesman defends the software claiming it's "aimed at blocking and filtering some unhealthy content, including pornography and violence" in an effort to protect children.

Putting aside the obvious discussions of censorship versus freedom of information, there's a fatal flaw in China's plan. Maybe we shouldn't tell them this, but Web filtering software alone doesn't block people from visiting Web sites and/or accessing Web applications.

Surprised? While the Internet used to be primarily about transmitting and accessing fairly static information via HTTP, FTP and e-mail it's now dominated by Web 2.0 applications such as instant messaging, P2P, VoIP and social networking sites. Savvy Internet users already use tools like anonymizers to mask their browsing habits, and real-time communications and Web 2.0 applications are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling, onion routing, etc. - after all, their goal is to grow their communities and ensure users have the full experience.

From what I've read, neither China nor the media has considered or addressed this. I'm certainly not in favor of China to block access -- yes, FaceTime helps organizations control employee Web browsing and use of Web 2.0 applications, where visiting certain sites or using certain applications may be inappropriate in the workplace, put the company at risk or impact productivity -- but the Web sites you choose to visit and applications you use at home are for you to decide and parents to control.

The backlash over China's censorship plans is widespread, including nearly 20 trade groups representing technology companies calling on the Chinese government to reconsider the mandate contending that it "raises significant questions of security, privacy, system reliability, the free flow of information and user choice." There's also the California company that claims the mandated Internet filtering software contains stolen programming code. Other articles say the Chinese government has already backed down, retreating on its controversial new web filtering plan, saying the software can be uninstalled or switched off.

It's not clear yet how all of this will play out, but you have to ask, if

China

's mandate won't be effective, why do it at all?

Do you know where your TinyURL is going?

2009-04-28T17:37:08Z

As Jeff Chandler points out on the Performancing Blog, TinyURLs and the like have been a godsend for those active on Twitter, where you only have 140 characters to get your point across.

But clicking on an unknown link can make Internet-savvy users very nervous. It's good to know that most Secure Web Gateways will automatically resolve the TinyURL, bit.ly or other short URL redirects and determine their real destination - and discover and thwart any potential malware threat.

True, you still don't know exactly where you're going to end up, but from a security standpoint you can click away with confidence. As long as you've got a good gateway Web security solution in place, that is.

Peace, love and free URL filtering

2009-04-17T06:09:45Z

Every self-respecting marketing person would dress up like a hippie for the sake of a marketing promotion, right? Well, Sarah Carter and I would, anyway.

You see, here at FaceTime, we're all about peace, love and free URL filtering. Okay, yes, it's a promotion we've been running for the past couple of months, but we really do feel the love when it comes to helping our customers manage their budgets by eliminating URL filtering renewal fees. Rumor has it there will be a group of protesters at the RSA Conference next week speaking out against those fees so be sure to stop by the FaceTime booth #2339 and check it out. And don't forget to wear your tie dye.

Seriously, all this commotion and protesting, but we really don't have anything against URL filtering. Everyone needs URL filtering, it's just that it's not enough when it comes to managing the New Internet. A much more granular level of application control is required when it comes to securing and managing Web 2.0 including social networking, multimedia, virtual worlds, VoIP ... and the list goes on.

So we've been having a lot of fun with our No URL Filtering Fees promotion in our Larissa and Sarah Show episodes. NetworkWorld even called our YouTube videos quirky. We'll take that as a compliment.

Peace out.

Workplace Internet Leisure Browsing and Employee Productivity

2009-04-07T17:21:51Z

A study released last week by the University of Melbourne's Department of Management and Marketing maintains that workers who engage in 'Workplace Internet Leisure Browsing' (WILB) are more productive than those who don't.

Well, that's good news for the 51 percent of workers who access social networking sites at least once a day while at work - not to mention the 50 percent that check their Facebook pages and the 69 percent that watch videos on YouTube several times a day, according to FaceTime's Collaborative Internet Survey published last fall.

The University's Dr. Brent Cocker says:

"Firms spend millions on software to block their employees from watching videos on YouTube, using social networking sites like Facebook or shopping online under the pretense that it costs millions in lost productivity, however that's not always the case."

We couldn't agree more. The whole blocking strategy just doesn't seem to work in the real world.

At the same time, the results of the Melbourne study directly contrast some news that broke in the UK this last week - where students at Bournemouth University have been complaining that they can't get work done because other students are hogging University computers to use Facebook and Twitter.

Visibility into what employees (and students in this case in Bournemouth) are accessing, is crucial not just to an effective IT security approach, but also it seems to ensuring productivity. If you don't know that 69 percent of your workforce is watching YouTube, how will you know that's the cause of your bandwidth spikes? What if you could give them a bandwidth allotment for such activities, and when their quota is reached, its bye bye water skiing squirrel videos?

It sounds like the folks at Bournemouth Uni's IT team could do with not just controlling the bandwidth taken up by some students, but also the time that they're allowed to be on Facebook!

Watch this space for upcoming announcements about gaining greater visibility into what's really happening within corporate and organizational networks.

Maybe Perception is NOT Reality after all

2009-02-03T23:22:10Z

Your employees really are on Facebook at work, trust me. And they're on more than 400 other social networking sites as well. Ok, if you're one of the companies that blocks the Facebook.com domain you may be saving your company a bit in terms of employee productivity, but from a security standpoint it's only the tip of the iceberg.

During fourth quarter 2008, FaceTime collected live traffic data from more than 80 mid to large commercially deployed networks worldwide, representing the daily Web-based activities of more than 100,000 corporate workers. In parallel, a large sample of IT managers were surveyed on a variety of topics, including how many Web 2.0 applications they believed were in use on their networks. One-third estimated the number at less than eight.

In reality, FaceTime's actual network traffic data shows an average of 49 Web 2.0 applications installed in each of the 80 reporting locations. These applications include social networking (with Facebook topping the list), instant messaging, Web-based IM, streaming media, IPTV, P2P file sharing, Web conferencing, VoIP and anonymizers.

	IT Estimates (Survey)	FaceTime Actual Tracking Data
Instant Messaging	66%	100%
Web based IM	35%	97%
Streaming Audio/video	80%	94%
IPTV	10%	100%
P2P File Sharing	54%	96%
Web Conferencing	82%	83%
Social Networking	60%	100%
VoIP	40%	100%
Anonymizers	15%	74%

What's an anonymizer you say? For users whose employers block Facebook.com - or gambling or porn sites - it's a godsend. Where there's a will, there's a way - but there's also a solution for IT to regain control.

Yes, I believe that in reality most IT managers know that Web 2.0 is pervasive in their networks - but what I don't think they really have a handle on is what employees are doing with these applications on a day-to-day basis. And that's worth understanding.

We'll be looking more at what's really going on in corporate networks over the next few weeks. Stay tuned.

White House says yes to email, no to IM. Change doesn't have to be this hard.

2009-01-20T21:50:48Z

It looks as if the decision has been made, President Barack Obama will be allowed to keep his Blackberry. Politico's Ben Smith reports incoming white house staffers were told last Friday that, indeed, the President would remain connected - but for them the news was not so bright. There will be no IM in the White House, and that's a change that the white house staffers are not ready for.

This is an interesting policy, since Web 2.0 and real time communications have played such a significant role in the Obama campaign.

According to Smith:

"They just told us flat out we couldn't IM in the White House," groused one senior staffer Friday.

"It sucks. It's really going to slow us down," complained another, saying that lawyers had warned that, along with instant messaging, White House software will restrict users to a range of sites roughly "like your average grade school."

At the heart this debate is The Presidential Records Act, which requires White House documents to be made publicly available five years after a president leaves office. The White House will obviously be archiving its emails to comply. But why stop there? After all, in many ways IM is really just instant email. For more than seven years now, corporations have embraced the benefits of IM and solved the compliance issues around storing and retrieving its content.

In defense of the White House IT staff, even though IM seems like instant email to its users, its very different from a management standpoint. Instead of one email network under IT's control, there are dozens of different IM networks in play where conversations occur in real time and involve any number of parties. It's like solving a Rubics Cube as opposed to a flat picture puzzle - it can be done, but it's a bit more complicated.

For example, a multi-party IM conversation can include numerous participants joining at different times, creating a requirement to make clear the context surrounding each participant's understanding of the conversation. Who entered at what point, what did they hear and what did they say?

Or in terms that became familiar during the Watergate scandal, which was the catalyst for the adoption of the Presidential Records Retention Act, "Who knew what, and when?"

The technology exists to solve these problems, so my guess is that's not all that's behind the decision. IM conversations are by their nature casual, more like hallway conversations. So the fear is that if IM is archived, one day those walls will talk and the result may be embarrassing. Remember Mark Foley?

But Corporate America has dealt with this issue as well, and the White House could do the same. Employee education goes along way, along with proactive technology solutions like setting policies and real-time notifications to appear during their instant message conversations to let them know they are being monitored. If you tell the White House staffers they're being monitored, I'm guessing they will use IM appropriately - no more or no less than they would with email. How often do you go over the speed limit when a Highway Patrol car is in the next lane?

Change. If anyone can do it, this administration can.

Facebook at Work: The Top Ten Applications

2009-01-02T19:36:30Z

I'm spending the quiet time during the holidays working with my colleagues on FaceTime's end-of-year analysis of how real-time communications, social media, other Web 2.0 applications - and the malware using these channels - have affected organisations over the last 12 months. We'll release the full results next week, but I wanted to share some early insights.

This year, for the first time, we collected real-world data taken from our Unified Security Gateway appliances deployed across more than 60 participating global organisations. These companies have opted into a program that sends data back to us, so we can analyze Internet application traffic.

So what did we learn?

Facebook represented the largest single Web 2.0 destination that we tracked, hands down. Maybe not a big surprise, but what I find compelling is that only about one percent of attempts to access Facebook were blocked. It shows that our customers are forward thinking companies that view the use of social networks as positive to their business environment - 99 percent of Facebook visits were allowed by IT policy.

These particular employees accessed 890 different Facebook applications over the past few months. Here are the Top Ten applications that were used during working hours on our customers' networks.

1. Facebook Chat (messaging)

2. Private Photo Gallery (photo, dating)

3. Wordscraper (gaming)

4. Do Not Remember (drinking)

5. Word Twist (gaming)

6. Are YOU Interested? (dating)

7. Bumper Sticker (just for fun)

8. MindJolt Games (gaming)

9. Slide FunSpace (messaging)

10. (Lil) Green Patch (gaming)

(Sadly my favourite, WordBubble, didn't make the Top Ten)

This is by no means a statistically relevant sample of the world as a whole, but the data gives us a indication of what's really happening out there in the Web 2.0 world. And it supports the findings from our annual Collaborative Internet study: The lines between employees' work and personal lives are increasingly blurred, and employees feel they have a right to download - or access - whatever they choose on their work computers. (I know I wouldn't feel comfortable working for a company that didn't let me do this!)

Scarily I have two FashionWars invitations outstanding, as I write this - one of them from a seriously unfashionable, tech geek friend. Si, you're scaring me. Please don't do this online, you know neither of us understands Jimmy Choos and the like...

Finding the Application Needle in the Traffic Haystack

2008-12-12T20:40:39Z

It seems as soon as a new technology is adopted into mainstream business, a whole host of support technologies soon follow to fill in the gaps and solve the new issues that are created. Consider the enormity of the anti-virus market that was created after the ILoveYou Virus hit in 2000, and the addition of URL filtering to enterprise IT's checklist of "must-haves" following the adoption of the Web browser.

The good news is that browser based traffic is now monitored and managed in most organizations. So, what's the next new technology? Always one step ahead, employees have turned to other real-time applications including social networking platforms, IM, peer-to-peer file sharing, Web 2.0 VoIP and conferencing applications. And the next new technology solution? Application filtering.

This week, FaceTime announced that we'll begin licensing our application inspection and classification technology, called ACE (Application Control Engine), to other network security vendors. This same technology is at the core of our Unified Security Gateway product, detecting and classifying more than 1,400 Web 2.0 and real-time communications applications and more than 50,000 social networking widgets - a number that grows daily.

This is the new frontier for Web security, as Sarah Perez points out in her analysis of how Web applications fly under IT's radar,

"... when users become their own I.T. department, they're unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn't make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company's data at risk, they could also be breaking various compliance laws as well."

Sarah's analysis is spot on. She goes on to point out that

"If FaceTime's ACE or other similar technologies become a mainstay in the enterprise I.T. toolkit, the explosion of Web 2.0 for business use, a trend typically called Enterprise 2.0, may be dealt quite a blow. The only Enterprise 2.0 apps that will succeed given that scenario will be the ones that worked with the I.T. admins from the very beginning to assure them of their safety. The apps reliant on a slew of the company's rule-breaking users for adoption, however, will be out of luck. Perhaps being sneaky may not have been a great business model after all."

From our conversations with IT managers and through our annual study of usage trends, end user attitudes and IT impact, it's clear that the number of unsanctioned applications on enterprise networks is exploding because the nature of the workforce is changing. In fact, one in three employees say they feel they have the right to download whatever applications they need to do their jobs, regardless of policy. And interestingly, one in three IT respondents believe that written policies are ineffective methods for controlling enduser downloading of applications.

Given not only the sheer number of Web 2.0 applications but their obvious increased rate of adoption in business, I believe we'll eventually see application filtering become standard, and most likely even more important, than URL filtering is today.