Recently in Enterprise 2.0 Category

Today's guest blogger is Ajay Madan.  Ajay heads the Quality Assurance division of FaceTime. He has several years of experience working on products related to Network Security and Compliance. He is actively involved in working with the product and support engineering teams in devising and implementing processes and methodologies that ensure a high degree of quality for FaceTime's products. He has been closely tracking the developments in the social media space, the business impact due to the same and shares some of his thoughts in this article.

Take it away Ajay.

In recent months, there has been an increasing media attention on social networking sites; and how this impacts business, compliance, security and so on. Some staggering statistics (which I reference later in this article) have been thrown in to demonstrate the crazy adoption rates of the social media.

Social media, it appears,  is here to stay and companies are now understanding that it's not about blocking access now, but realizing that controlling and enabling access is the way forward.. It would sound naive to assume leadership teams in companies haven't yet begun this process, some still block access, others are engaging with vendors that help manage and control the use of social media, and some are just giving it some more time. So in this post, I don't focus too much on the statistics or impact of social media but look at the next steps for companies who understand the need to manage social media.

There are several aspects for CIOs/Head of IT departments to consider while evaluating policies for social media as well as for evaluating solutions to manage social media usage in the network.

Compliance Considerations

FINRA in their recent webinar indicated that companies will not be given a compliance grace period because Social Media technology is new and evolving. FINRA has asked companies to not allow usage of Social Media if they cannot supervise it or the social media site does not support archival. Bottom line - Companies must retain, archive and retrieve to be compliant.

If you are in a regulated industry, such as the financial services sector, you need to consider tools that either allow you to block access to unsanctioned social media and/or invest in a solution that allows you to monitor, archive and review content posted through social media.

Security Considerations

Perhaps another key question in the IT manager's mind pertains to security, There can be several concerns in this area -

• Its possible that users may leak sensitive information about the company through a post on Twitter or Facebook Wall
• Users in a regulated industry sending information - perhaps patient information via Facebook or Twitter
• Users with, lets say, corporate Facebook accounts using foul language in their posts.
• The potential for hidden malware, Trojans and the like in applications, perhaps such as the myriad of games and applets on Facebook.

A solution for Web 2.0 should provide or extend security controls to social media to address such concerns.

Policy Considerations

Some industries require a rich policy framework or workflow that allows the following -

• Ability to be able to moderate posts on social media before they are allowed to be posted to the actual site
• Ability to capture or moderate content that matches certain lexicons or pre-configured policy elements.
• Workflow for compliance officers to review the posted content
• Workflow to archive content for long term storage by inter-operating with enterprise archival systems and easy retrieval.

Bandwidth Considerations

There are certainly organizations and industries that do not have compliance requirements for social media, but who do need controls on bandwidth consumption. The common problem today is that companies have no way to measure the amount of time employees spend on social networking websites and in the past this has been recognized as a huge problem as it potentially impacts productivity. Hence this could be a core requirement for many companies.

Consider looking at solutions that allow you to set bandwidth limits for usage of social media.

Existing Infrastructure Considerations

Many IT departments are wary of having multiple vendors for different communication modalities and for the ease of management prefer to select those that provide functionality across all the considerations I referenced - as well as being able to provide these functionalities across other communications modalities, like IM and Unified Communications.

Consider an Evolving Market

Social media is new technology and will continue to evolve. Companies should look at solutions providers who have expertise in real time communications traffic, at those who adapt quickly to new technologies and who consider social media as part of a communications strategy, not in isolation.

Finally, I want to plug the solution that I work on. I've been with this product since it's inception and have seen it grow to become the first Secure Web Gateway that combines features, functions and controls for social media alongside other communications modalities.  Our Unified Security Gateway is uniquely positioned to address all the considerations I outlined above and helps companies manage not just social media across a broad spectrum of requirements - but web traffic on the whole, and more than 4,000 web and internet applications, from IM to remote control tools, to P2P tools. 

Now, I'll leave you with some pretty phenomenal statistics if you know any of those folks who are looking the other way when it comes to adopting social media.

But do check back on March 2nd when we launch the results of our fifth annual survey - and let me know what YOU'RE doing with social media.

Ajay

Facebook

http://www.facebook.com/press/info.php?statistics

LinkedIn

http://techcrunch.com/2009/02/14/as-the-economy-sours-linkedins-popularity-grows/

Twitter

http://mashable.com/2009/01/09/twitter-growth-2008/

I read a short article in InvestmentNews today about a new social web site, LinkedFA, which is promoting itself as the "first and only Finra-compliant social networking site for financial professionals." I immediately thought to myself, how can a social networking site tout itself as Finra-compliant when Finra hasn't released its compliance guidelines yet? Finra postponed its introductory webinar until March.

Then I asked myself the larger question; why would financial professionals want a 'walled-garden' social media site in the first place? Doesn't that kind of defeat the objective? If you're a financial advisor, don't you want to be where your prospects are? A site dedicated to financial professionals is fine for connecting with people within your industry but it doesn't help you reach new customers.

Consider that there are currently more than 250 million Facebook users, 30 million Twitter users, and 25 million executives on LinkedIn. That's where the conversations are taking place. That's where you can reach customers and prospects.

Isn't it better to participate in this larger, open conversation taking place on the Web and develop best practices, with the help of technology, to make sure that those conversations are appropriately logged and accounted for? That's the best way to assure compliance, whether it's for Finra, the SEC, or some other regulatory agency.

Our financial services customers rely on FaceTime's IMAuditor and Unified Security Gateway to not only secure their networks, but to manage and log content for regulatory compliance.

That way they get the best of all worlds:

1) centralized control of online conversations stored on their own servers so they can be audited for compliance;

2) the ability to support any public social media site in a secure manner and 

3) the ability to allow their traders and other employees to use the application that is best suited to the job, whether that's Yahoo, Reuters, YellowJacket, Facebook or Twitter  - we don't mind, because, well, we support them all.

My team have put together a 30 minute briefing on "What you can stand to gain and lose with Social Media" - why not join them on January 27^th at either 10 eastern or 10 pacific?

Last month we announced that Check Point Software Technologies had purchased our application database for use in their products. According to Check Point, this technology will "... provide businesses unparalleled granular control over application usage and enable security administrators to prevent threats associated with the use of certain Internet applications. Check Point will offer this new level of security controls as a Software Blade that will be available for all gateways." (read their release here: )

This deal reaffirms our leadership in the Web 2.0 security space. More importantly, it highlights the growing need for network solutions that provide visibility and control at the application level not just at the port & protocol level. Check Point sees this need and will use our database to provide application level control. Application level control will become the price of entry in the Firewall market.

But beyond visibility and control, what enterprises are asking for is "enablement".

• How do I allow access to Facebook or LinkedIn and stay in compliance with FINRA or FERC or HIPAA or PCI or [insert your favorite regulation here]?

• How do I allow access to YouTube videos but not the inappropriate stuff?

• How do I allow access to blogs and wikis and webmail but ensure that confidential information if not getting posted?

Our customers realize they can't block access to the New Internet - they must enable it.

Which is why our mission statement reads "Secure & ENABLE the New Internet"

Today's guest blogger is Eric Young.  Eric is FaceTime's Sr, Director of Field Services, and works with FaceTime customers to implement leading edge security and compliance solutions for Unified Communications and Web 2.0.  Eric's worldwide role gives him an insight into the global requirements of organizations implementing real time communications technologies to enable their businesses and works closely with our product team to ensure that FaceTime solutions remain at the forefront of the industry.

Yesterday's solution doesn't address today's issues.

I was onsite with a customer recently completing our fifth competitive replacement within the Fortune 400 in the past 6 months.  As the customer was detailing all of the requirements the previous solution did not satisfy, it made me wonder, how are other customers of these competitors feeling they are operating in a compliant fashion? 

If you, as a compliance officer or legal counsel, cannot make sense of a group chat conversation, cannot actually view the content of a blocked message, or can't see what folks are trying to post to a social networking site; how can you possibly defend your organization from SEC fines or from a lawsuit in a court of law? 

Security technologies evolve quickly, especially in the area of real-time communications - but the adoption of tools like Unified Communications, Instant Messaging and social media has grown exponentially - in many cases even without the knowledge of either IT or compliance.

Regulation and compliance changes too, with the times.  Most recently I've seen FINRA starting to address the issue of social media and issuing guidelines to member organizations and individuals on how usage should be treated. 

We all understand there is a big difference between "logging" and "being compliant" but knowing there are still some banks and other highly regulated companies using these legacy solutions that were designed for technology of a few years back, it begs the questions:  What are the minimum requirements for security and compliance for Unified Communications, Instant Messaging and Social Media?

And, what are you doing about dealing with emerging technology?

I had an interesting meeting with a customer last week regarding the use of social networking. This is a large broker dealer with several thousand financial advisors across the country.

The IT department is getting pressure from the business users to allow the use of Facebook, LinkedIn and Twitter all of which they currently block. When I asked them why the business units wanted access to these sites, they gave me three reasons:

1. The financial advisors are telling them that referrals they get through Facebook and LinkedIn tend to convert to clients at a much higher rate than any other channel. This resonated with me - at FaceTime we constantly remind our salespeople to leverage their social networks for prospecting. It is well know that human beings are tribal by nature and are more likely to respond to someone who is "connected" to them in someway - even when you have millions of connections!
2. Their marketing group is focused on the 35-45 year old demographic since this is where people hit the peak of their earning power and start thinking about financial planning. Getting clients in their late thirties means you can hang on to them 20-30 years. Turns out that the over-35 demographic is the fastest growing user group at Facebook and the largest segment for both LinkedIn and Twitter.
3. Finally, the company is finding that their ability to recruit at college campuses and MBA schools is enhanced by their Facebook and Twitter presence. As we all know, college kids live with these technologies and businesses that block access are seen as old school.

I am hearing similar reasons from other customers across all industry groups. Enterprises are recognizing the power of social networking to recruit new customers, stay in touch with existing customers and enhance communication with their employee base.

Of course there are several challenges that need to be overcome. In a survey FaceTime conducted in June of this year, organizations identified their top three concerns as content leakage, regulatory and corporate compliance and reputation damage.

"I am not worried about the guy who wants to steal information" the IT manager at a large services firm said to me. "I am worried about mistakes. People don't realize that competitors can also see your status update on LinkedIn and if you're talking about working on a particular project, you've just told the world." The inadvertent leakage of content is a common concern among the security managers I speak with.

On the compliance front, regulatory authorities are increasingly focusing on the use of these networks within regulated industries such as financial services, energy and healthcare. For example, FINRA, the Financial Industry Regulatory Authority, recently formed a Social Networking Task Force to look into the compliance challenges posed by social networking sites.

Finra CEO Rick Ketchum said, at the SIFMA Annual Meeting "Social networking sites such as Facebook or LinkedIn provide new ways to connect, inform and interact with customers... They also raise new regulatory challenges. For example, as currently designed they may not allow you to archive and maintain the communications on your own books and records."

Reputation damage is another concern for large enterprises. How do you track what employees and customers are saying about your company? The CIO of an electric utility company noted that they used Twitter to communicate information about outages and other emergencies to their customer base. "I worry that a disgruntled employee or customer could hijack our Twitter account and start spreading misinformation".

Another customer, a large bank that ran into some problems integrating an acquisition, talked about how customers were blasting the bank on Facebook and Twitter. "Because we block the use of these sites within our company, we were caught off-guard and didn't understand how we should respond to these comments." The IT manager noted. "Our marketing group is now formulating a strategy on how to leverage these platforms. We need to be more savvy about these channels."

Notwithstanding the challenges, it is clear that enterprises recognize the value of these sites and are motivated to overcome them. (Shamefaced sales pitch follows) FaceTime recently announced USG 3.0 which is designed to address these challenges and allow enterprises to leverage the benefits of social networking.

I would be interested in hearing your views on the use of social networking in your business. Do you agree with the above reasons? Are there other reasons?

Most people would agree, and Robert Scoble probably said it best, enterprise software isn't sexy. In fact, I'd understand if the words "extensible enterprise productivity suite" put you to sleep.

But what if I said a game-changing Web 2.0 entrepreneur and his star engineer are leaving Facebook to launch an extensible enterprise productivity suite. Are you a little more interested?

You should be. Since Dustin Moskovitz and Justin Rosenstein announced they were leaving Facebook earlier this month, a buzz has been swirling around the Valley, and everywhere else, about what's next. Why leave Facebook? THE hot property. To outsiders it might seem like the logical path would be to simply expand Facebook with this new enterprise offering, but both have said moving Facebook off course would distract from the company's mission (making the world more open through social software) and would not be good for the company. They claim the new project requires being built around a singular focus, "with the goals of efficiency and group collaboration embedded deeply into its DNA from day 1."

They also see the new venture as complimentary to Facebook. Using some of the same authentication technology and user experience modeling they hope the new products will become as familiar to people's work life as Facebook.com is to their social lives.

Interesting. Do they mean to imply that Facebook is only meant for social/personal use? At FaceTime the only trend we see more than companies investing in enterprise collaboration and productivity suites, is that these applications are rarely just used for one purpose - business or personal - but for both. Another common trend...no one application rules the roost, enterprise-grade collaborative suites are deployed alongside consumer and other enterprise-class applications all of the time. And our customers continue to tell us this. Facebook has already been adopted by individuals and organizations for collaboration, networking and information sharing. I suspect it will remain in place as a tool for business, even as its extensible enterprise brother joins the family - one very large, loud family of big company competitors including Microsoft, IBM, and Cisco, to name a few.  

This probably comes as no surprise, but seeing as FaceTime offers solutions that help manage and secure unified communications and collaborative suites, we like enterprise software. I'll admit it's not Angelina Jolie sexy, but it's certainly not boring. I think it will be interesting to see what two guys with a consumer-based social networking background do for enterprise software and the collaboration market. If you're questioning whether they hitched their wagons to the wrong star, you might consider what Hutch Carpenter had to say:

Rosenstein and Moskovitz are deeply ingrained at Facebook. They've been there for a while, and have seen it blossom as the go-to social network. They've were there for the heady valuation of $15 billion. The pre-IPO company still has work in front of it, but surely it's pretty interesting.

So what do they do? They quit to go start a BORING enterprise software company.

What could this possibly tell us?

If you read the full post you'll learn Carpenter's with me on this one - enterprise software, not so boring. So what will the Rosenstein/Moskovitz decision tell us? I don't know yet, but we're listening.

From my point of view, Yammer is yet another example of employees going right past IT when they see an application they like, or one they feel they need to work more efficiently. Some call it the consumerization of IT. Whatever you want to call it, the wave of applications that employees bring to the workplace shows no signs of slowing.