Today
is an interesting and memorable day for FaceTime.Earlier, Apple introduced their next
generation iPhone and announced that it will use "FaceTime" as the trademark for its new video calling
application.
I'm
intrigued with the way that the use of the term "facetime" has evolved since we
named our company about a decade ago.Ten
years ago, our solutions were for Instant Messaging and other "virtual facetime"
applications of that ilk.Now,
"facetime" will refer to an application that enables callers to see one another,
while using a mobile device and that makes me reflect on how far we've come.
Today's
announcement echoes our long held belief that the Internet has changed - from
one-way information delivery to two-way communication and collaboration. The
New Internet is increasingly about communications,
collaboration and communities - whether it's social networking, instant messaging
or now video calling, users are increasingly bringing these tools into the
workplace (if you didn't yet check out the results of our fifth annual survey -
then you'll find some evidence of that here)
Our
agreement with Apple to transfer the FaceTime trademark to them comes as we are rebranding our company to better reflect our
capabilities. From our virtual facetime beginnings 10 years ago, our
solutions have continued to evolve and renaming our company will better reflect
how we help enterprises leverage new communication in a secure and compliant
manner.
So,
it's an exciting day.When I look around
at these new communications tools - like a video calling application on a phone
-I'm reminded of the old TV shows (I want no comments or jokes about my age...) with
secret agents running around with video watches tracking down the bad guys.It's amazing what we can now do.I guess shoe phones and the cone of silence
aren't too far away.
Good thing our
company will be there to keep the networks and the data secure and compliant.
Today's guest blogger is Ajay Madan. Ajay heads the Quality Assurance division of FaceTime.
He has several years of experience working on products related to Network
Security and Compliance. He is actively involved in working with the product and
support engineering teams in devising and implementing processes and
methodologies that ensure a high degree of quality for FaceTime's products. He
has been closely tracking the developments in the social media space, the
business impact due to the same and shares some of his thoughts in this
article.
Take it away Ajay.
In recent months, there has been an increasing media attention
on social networking sites; and how this impacts business, compliance, security
and so on. Some staggering statistics (which I reference later in this article)
have been thrown in to demonstrate the crazy adoption rates of the social media.
Social media, it appears, is here to stay and companies are now understanding
that it's not about blocking access now, but realizing that controlling and
enabling access is the way forward.. It would sound naive to assume leadership
teams in companies haven't yet begun this process, some still block access,
others are engaging with vendors that help manage and control the use of social
media, and some are just giving it some more time. So in this post, I don't
focus too much on the statistics or impact of social media but look at the next
steps for companies who understand the need to manage social media.
There are several aspects for CIOs/Head of IT departments to
consider while evaluating policies for social media as well as for evaluating solutions
to manage social media usage in the network.
Compliance Considerations
FINRA in their recent webinar indicated that companies will
not be given a compliance grace period because Social Media technology is new
and evolving. FINRA has asked companies to not allow usage of Social Media if
they cannot supervise it or the social media site does not support archival.
Bottom line - Companies must retain, archive and retrieve to be compliant.
If you are in a regulated industry, such as the financial
services sector, you need to consider tools that either allow you to block
access to unsanctioned social media and/or invest in a solution that allows you
to monitor, archive and review content posted through social media.
Security Considerations
Perhaps another key question in the IT manager's mind
pertains to security, There can be several concerns in this area -
Its possible that users may leak sensitive information
about the company through a post on Twitter or Facebook Wall
Users in a regulated industry sending information -
perhaps patient information via Facebook or Twitter
Users with, lets say, corporate Facebook accounts using
foul language in their posts.
The potential for hidden malware, Trojans and the like in
applications, perhaps such as the myriad of games and applets on Facebook.
A solution for Web 2.0 should provide or extend security
controls to social media to address such concerns.
Policy Considerations
Some industries require a rich policy framework or workflow
that allows the following -
Ability to be able to moderate posts on social media before
they are allowed to be posted to the actual site
Ability to capture or moderate content that matches
certain lexicons or pre-configured policy elements.
Workflow for compliance officers to review the posted
content
Workflow to archive content for long term storage by
inter-operating with enterprise archival systems and easy retrieval.
Bandwidth Considerations
There are certainly organizations and industries that do not
have compliance requirements for social media, but who do need controls on
bandwidth consumption. The common problem today is that companies have no way
to measure the amount of time employees spend on social networking websites and
in the past this has been recognized as a huge problem as it potentially
impacts productivity. Hence this could be a core requirement for many
companies.
Consider looking at solutions that allow you to set
bandwidth limits for usage of social media.
Existing Infrastructure Considerations
Many IT departments are wary of having multiple vendors for
different communication modalities and for the ease of management prefer to select
those that provide functionality across all the considerations I referenced -
as well as being able to provide these functionalities across other
communications modalities, like IM and Unified Communications.
Consider an Evolving Market
Social media is new technology and will continue to evolve.
Companies should look at solutions providers who have expertise in real time
communications traffic, at those who adapt quickly to new technologies and who
consider social media as part of a communications strategy, not in isolation.
Finally, I want to plug the solution that I work on. I've
been with this product since it's inception and have seen it grow to become the
first Secure Web Gateway that combines features, functions and controls for
social media alongside other communications modalities. Our Unified Security Gateway is uniquely
positioned to address all the considerations I outlined above and helps
companies manage not just social media across a broad spectrum of requirements
- but web traffic on the whole, and more than 4,000 web and internet
applications, from IM to remote control tools, to P2P tools.
Now, I'll leave you with some pretty phenomenal statistics
if you know any of those folks who are looking the other way when it comes to
adopting social media.
But do check back on March 2nd when we launch the results of our fifth annual survey - and let me know what YOU'RE doing with social media.
I had an interesting meeting with a
customer last week regarding the use of social networking. This is a large
broker dealer with several thousand financial advisors across the country.
The IT department is getting
pressure from the business users to allow the use of Facebook, LinkedIn and
Twitter all of which they currently block. When I asked them why the business
units wanted access to these sites, they gave me three
reasons:
The financial advisors
are telling them that referrals they get through Facebook and LinkedIn tend to
convert to clients at a much higher rate than any other channel. This resonated
with me - at FaceTime we constantly remind our salespeople to leverage their
social networks for prospecting. It is well know that human beings are tribal by
nature and are more likely to respond to someone who is "connected" to them in
someway - even when you have millions of connections!
Their marketing group
is focused on the 35-45 year old demographic since this is where people hit the
peak of their earning power and start thinking about financial planning. Getting
clients in their late thirties means you can hang on to them 20-30 years. Turns
out that the over-35 demographic is the fastest growing user group at Facebook
and the largest segment for both LinkedIn and Twitter.
Finally, the company is
finding that their ability to recruit at college campuses and MBA schools is
enhanced by their Facebook and Twitter presence. As we all know, college kids
live with these technologies and businesses that block access are seen as old
school.
I am hearing similar reasons from
other customers across all industry groups. Enterprises are recognizing the
power of social networking to recruit new customers, stay in touch with existing
customers and enhance communication with their employee base.
"I am not worried about the guy who
wants to steal information"the IT manager at a large services firm said to me.
"I am worried about mistakes. People don't realize that competitors can also see
your status update on LinkedIn and if you're talking about working on a
particular project, you've just told the world." The inadvertent leakage of
content is a common concern among the security managers I speak
with.
On the compliance front, regulatory
authorities are increasingly focusing on the use of these networks within
regulated industries such as financial services, energy and healthcare. For
example, FINRA, the Financial Industry Regulatory Authority, recently
formed a Social Networking Task Force to look into the compliance challenges posed by social
networking sites.
Finra CEO Rick Ketchum said, at the SIFMA Annual Meeting "Social networking
sites such as Facebook or LinkedIn provide new ways to connect, inform and
interact with customers... They also raise new regulatory challenges. For example,
as currently designed they may not allow you to archive and maintain the
communications on your own books and records."
Reputation damage is another concern
for large enterprises. How do you track what employees and customers are saying
about your company? The CIO of an electric utility company noted that they used
Twitter to communicate information about outages and other emergencies to their
customer base. "I worry that a disgruntled employee or customer could hijack our
Twitter account and start spreading
misinformation".
Another customer, a large bank that
ran into some problems integrating an acquisition, talked about how customers
were blasting the bank on Facebook and Twitter."Because we block the use of
these sites within our company, we were caught off-guard and didn't understand
how we should respond to these comments."The IT manager noted. "Our marketing
group is now formulating a strategy on how to leverage these platforms. We need
to be more savvy about these channels."
Notwithstanding the challenges, it
is clear that enterprises recognize the value of these sites and are motivated
to overcome them. (Shamefaced sales pitch follows)FaceTime recently announced
USG 3.0which
is designed to address these challenges and allow enterprises to leverage the
benefits of social networking.
I would be interested in hearing
your views on the use of social networking in your business. Do you agree with
the above reasons? Are there other reasons?
It's not so long ago that I'd wonder what I did without my instant messaging client just to get through my working day. Not, you understand because I needed my latest fix of emoticon laden gossip with far flung friends, rather so that I could use Windows Live, Microsoft OCS, Lotus Sametime, Skype (yes I'm a serial IM'er) to get answers I needed from people who were online, rather than abandoning my question in a voicemail black hole.
My must have applications of choice now? Twitter, Facebook and LinkedIn for starters.And it appears I'm not the only one to join the social revolution. FaceTime's June survey on social networking had over 87% of 1199 respondents using social networks, with 39% using a social network every day.
Now most of the folks I social network with are work related. And my communications are during the working day. And they respond in kind. (So.. there's a Sherlock Holmes style deduction going on here) It's elementary, my dear Watson, that they must therefore be using social networks in the workplace.
And our survey agrees with that. With a whopping 85% of respondents believing that their users are utilizing social networks from the corporate network. We'd been somewhat surprised earlier this week, when Chris Boyd, our Director of Research uncovered a keylogger on the kids popular social networking site Neopets.(Neopets (originally NeoPets) is a virtual pet website, based around the virtual pets that inhabit the virtual world of Neopia.)
Chris found hackers targeting 12 year olds - and probably their more affluent parents.
Interestingly, sites such as Neopets are accessed in corporate environments too - FaceTime collects live traffic data from commercially deployed Unified Security Gateway appliances at more than 80 mid to large enterprises worldwide that have opted into this program, representing the daily Web-based activities of more than 100,000 corporate workers.
During the past week, these corporate workers have accessed 99 different virtual worlds from their work computers, and at least half of those are targeted at children. Perhaps, as Chris suggests, the kids are asking their parents to check on their Neopets at work or see if the latest friend request on Myspace has been approved?
I guess it's at this point in time that the corporate security folks start shaking their heads, and blocking access to social networks, updating those URL filters, tightening up the rules on the firewall. You know the drill.
Hold up.Whoa.Stop.
31% of our survey respondents reported that Social Networking is critical to business - but must be secure and compliant, citing business benefits from better employee communications to improved marketing communications, more efficient recruiting and faster decision times through collaboration as the key benefits that social networking delivers.
But that's not all.40% of our survey respondents derived their information about their employee social networking usage from URL filter logs. The Web 2.0 applications and real time communications tools that make up the social networks and the internet that we use today are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling and onion routing. So the reality is probably that there is a lot more of this traffic that folks are just plain NOT SEEING, let alone managing.
I'll leave you with the thought that our web 2.0 world is no longer about blocking (even if your traditional URL filter could..) it's as we at FaceTime say (and our survey respondents agree with resoundingly)- our new social order needs enabling, just make sure that it's done securely and compliantly.
As Jeff Chandler points out on the Performancing Blog, TinyURLs and the like have been a godsend for those active on Twitter, where you only have 140 characters to get your point across.
But clicking on an unknown link can make Internet-savvy users very nervous. It's good to know that most Secure Web Gateways will automatically resolve the TinyURL, bit.ly or other short URL redirects and determine their real destination - and discover and thwart any potential malware threat.
True, you still don't know exactly where you're going to end up, but from a security standpoint you can click away with confidence. As long as you've got a good gateway Web security solution in place, that is.
A study released last week by the University of Melbourne's Department of Management and Marketing maintains that workers who engage in 'Workplace Internet Leisure Browsing' (WILB) are more productive than those who don't.
Well, that's good news for the 51 percent of workers who access social networking sites at least once a day while at work - not to mention the 50 percent that check their Facebook pages and the 69 percent that watch videos on YouTube several times a day, according to FaceTime's Collaborative Internet Survey published last fall.
The University's Dr. Brent Cocker says:
"Firms spend millions on software to block their employees from watching videos on YouTube, using social networking sites like Facebook or shopping online under the pretense that it costs millions in lost productivity, however that's not always the case."
We couldn't agree more. The whole blocking strategy just doesn't seem to work in the real world.
At the same time, the results of the Melbourne study directly contrast some news that broke in the UK this last week - where students at Bournemouth University have been complaining that they can't get work done because other students are hogging University computers to use Facebook and Twitter.
Visibility into what employees (and students in this case in Bournemouth) are accessing, is crucial not just to an effective IT security approach, but also it seems to ensuring productivity. If you don't know that 69 percent of your workforce is watching YouTube, how will you know that's the cause of your bandwidth spikes? What if you could give them a bandwidth allotment for such activities, and when their quota is reached, its bye bye water skiing squirrel videos?
It sounds like the folks at Bournemouth Uni's IT team could do with not just controlling the bandwidth taken up by some students, but also the time that they're allowed to be on Facebook!
Watch this space for upcoming announcements about gaining greater visibility into what's really happening within corporate and organizational networks.
Your employees really are on Facebook at work, trust me. And they're on more than 400 other social networking sites as well. Ok, if you're one of the companies that blocks the Facebook.com domain you may be saving your company a bit in terms of employee productivity, but from a security standpoint it's only the tip of the iceberg.
During fourth quarter 2008, FaceTime collected live traffic data from more than 80 mid to large commercially deployed networks worldwide, representing the daily Web-based activities of more than 100,000 corporate workers. In parallel, a large sample of IT managers were surveyed on a variety of topics, including how many Web 2.0 applications they believed were in use on their networks. One-third estimated the number at less than eight.
In reality, FaceTime's actual network traffic data shows an average of 49 Web 2.0 applications installed in each of the 80 reporting locations. These applications include social networking (with Facebook topping the list), instant messaging, Web-based IM, streaming media, IPTV, P2P file sharing, Web conferencing, VoIP and anonymizers.
IT Estimates (Survey)
FaceTime Actual Tracking Data
Instant Messaging
66%
100%
Web based IM
35%
97%
Streaming Audio/video
80%
94%
IPTV
10%
100%
P2P File Sharing
54%
96%
Web Conferencing
82%
83%
Social Networking
60%
100%
VoIP
40%
100%
Anonymizers
15%
74%
What's an anonymizer you say? For users whose employers block Facebook.com - or gambling or porn sites - it's a godsend. Where there's a will, there's a way - but there's also a solution for IT to regain control.
Yes, I believe that in reality most IT managers know that Web 2.0 is pervasive in their networks - but what I don't think they really have a handle on is what employees are doing with these applications on a day-to-day basis. And that's worth understanding.
We'll be looking more at what's really going on in corporate networks over the next few weeks. Stay tuned.
It looks as if the decision has been made, President Barack Obama will be allowed to keep his Blackberry. Politico's Ben Smith reports incoming white house staffers were told last Friday that, indeed, the President would remain connected - but for them the news was not so bright. There will be no IM in the White House, and that's a change that the white house staffers are not ready for.
This is an interesting policy, since Web 2.0 and real time communications have played such a significant role in the Obama campaign.
According to Smith:
"They just told us flat out we couldn't IM in the White House," groused one senior staffer Friday.
"It sucks. It's really going to slow us down," complained another, saying that lawyers had warned that, along with instant messaging, White House software will restrict users to a range of sites roughly "like your average grade school."
At the heart this debate is The Presidential Records Act, which requires White House documents to be made publicly available five years after a president leaves office. The White House will obviously be archiving its emails to comply. But why stop there? After all, in many ways IM is really just instant email. For more than seven years now, corporations have embraced the benefits of IM and solved the compliance issues around storing and retrieving its content.
In defense of the White House IT staff, even though IM seems like instant email to its users, its very different from a management standpoint. Instead of one email network under IT's control, there are dozens of different IM networks in play where conversations occur in real time and involve any number of parties. It's like solving a Rubics Cube as opposed to a flat picture puzzle - it can be done, but it's a bit more complicated.
For example, a multi-party IM conversation can include numerous participants joining at different times, creating a requirement to make clear the context surrounding each participant's understanding of the conversation. Who entered at what point, what did they hear and what did they say?
Or in terms that became familiar during the Watergate scandal, which was the catalyst for the adoption of the Presidential Records Retention Act, "Who knew what, and when?"
The technology exists to solve these problems, so my guess is that's not all that's behind the decision. IM conversations are by their nature casual, more like hallway conversations. So the fear is that if IM is archived, one day those walls will talk and the result may be embarrassing. Remember Mark Foley?
But Corporate America has dealt with this issue as well, and the White House could do the same. Employee education goes along way, along with proactive technology solutions like setting policies and real-time notifications to appear during their instant message conversations to let them know they are being monitored. If you tell the White House staffers they're being monitored, I'm guessing they will use IM appropriately - no more or no less than they would with email. How often do you go over the speed limit when a Highway Patrol car is in the next lane?
Change. If anyone can do it, this administration can.
I'm spending the quiet time during the holidays working with my colleagues on FaceTime's end-of-year analysis of how real-time communications, social media, other Web 2.0 applications - and the malware using these channels - have affected organisations over the last 12 months. We'll release the full results next week, but I wanted to share some early insights.
This year, for the first time, we collected real-world data taken from our Unified Security Gateway appliances deployed across more than 60 participating global organisations. These companies have opted into a program that sends data back to us, so we can analyze Internet application traffic.
So what did we learn?
Facebook represented the largest single Web 2.0 destination that we tracked, hands down. Maybe not a big surprise, but what I find compelling is that only about one percent of attempts to access Facebook were blocked. It shows that our customers are forward thinking companies that view the use of social networks as positive to their business environment - 99 percent of Facebook visits were allowed by IT policy.
These particular employees accessed 890 different Facebook applications over the past few months. Here are the Top Ten applications that were used during working hours on our customers' networks.
1.Facebook Chat (messaging)
2.Private Photo Gallery (photo, dating)
3.Wordscraper (gaming)
4.Do Not Remember (drinking)
5.Word Twist (gaming)
6.Are YOU Interested? (dating)
7.Bumper Sticker (just for fun)
8.MindJolt Games (gaming)
9.Slide FunSpace (messaging)
10.(Lil) Green Patch (gaming)
(Sadly my favourite, WordBubble, didn't make the Top Ten)
This is by no means a statistically relevant sample of the world as a whole, but the data gives us a indication of what's really happening out there in the Web 2.0 world. And it supports the findings from our annual Collaborative Internet study: The lines between employees' work and personal lives are increasingly blurred, and employees feel they have a right to download - or access - whatever they choose on their work computers. (I know I wouldn't feel comfortable working for a company that didn't let me do this!)
Scarily I have two FashionWars invitations outstanding, as I write this - one of them from a seriously unfashionable, tech geek friend.Si, you're scaring me. Please don't do this online, you know neither of us understands Jimmy Choos and the like...
It seems as soon as a new technology is adopted into mainstream business, a whole host of support technologies soon follow to fill in the gaps and solve the new issues that are created. Consider the enormity of the anti-virus market that was created after the ILoveYou Virus hit in 2000, and the addition of URL filtering to enterprise IT's checklist of "must-haves" following the adoption of the Web browser.
The good news is that browser based traffic is now monitored and managed in most organizations. So, what's the next new technology? Always one step ahead, employees have turned to other real-time applications including social networking platforms, IM, peer-to-peer file sharing, Web 2.0 VoIP and conferencing applications. And the next new technology solution? Application filtering.
This week, FaceTime announced that we'll begin licensing our application inspection and classification technology, called ACE (Application Control Engine), to other network security vendors. This same technology is at the core of our Unified Security Gateway product, detecting and classifying more than 1,400 Web 2.0 and real-time communications applications and more than 50,000 social networking widgets - a number that grows daily.
"... when users become their own I.T. department, they're unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn't make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company's data at risk, they could also be breaking various compliance laws as well."
Sarah's analysis is spot on. She goes on to point out that
"If FaceTime's ACE or other similar technologies become a mainstay in the enterprise I.T. toolkit, the explosion of Web 2.0 for business use, a trend typically called Enterprise 2.0, may be dealt quite a blow. The only Enterprise 2.0 apps that will succeed given that scenario will be the ones that worked with the I.T. admins from the very beginning to assure them of their safety. The apps reliant on a slew of the company's rule-breaking users for adoption, however, will be out of luck. Perhaps being sneaky may not have been a great business model after all."
From our conversations with IT managers and through our annual study of usage trends, end user attitudes and IT impact, it's clear that the number of unsanctioned applications on enterprise networks is exploding because the nature of the workforce is changing. In fact, one in three employees say they feel they have the right to download whatever applications they need to do their jobs, regardless of policy. And interestingly, one in three IT respondents believe that written policies are ineffective methods for controlling enduser downloading of applications.
Given not only the sheer number of Web 2.0 applications but their obvious increased rate of adoption in business, I believe we'll eventually see application filtering become standard, and most likely even more important, than URL filtering is today.
This
site supports an open comment policy. Rude, wasteful, off-topic,
privacy-intruding or libelous comments will be deleted. Comments will remain
open unless abused.
