Recently in New Internet Category

The Gold medal for IM faux pas goes to...

By
Sarah Carter
 on August 25, 2008 12:47 PM | | Comments (0)

I'm admittedly not an "early adopter," and I'm typically not the latest to jump on a new technology trend (and yes I still have problems organising my DVD recorder), but heading up FaceTime's EMEA marketing group has meant I've needed to get with the program. Along the way, I've made my share of social networking faux pas, so I came with a plan to see how many more luddites there were trying to make their way in the social networking world... and how many had made the same mistakes as me.

 

So, with this in mind, we launched a (completely anonymous) survey and I sent out invitations via good ole email, and even via my Facebook and LinkedIn buddies ... oh boy.  I have to say it was interesting reading (and I almost wish it hadn't been anonymous now!).

 

We immediately received stories from users who showed an almost Olympian prowess at doing the wrong thing. Computer Weekly reported on some of the results of the survey.

 

Here's a recap: More than a third of the 77% of respondents that can access IM services at work admitted to sending an instant message to the wrong person, occasionally to the very person they were talking about and frequently to their superiors. Sending kisses, checking on the whereabouts of loved ones and derogatory comments about co-workers and superiors have all ended up in a manager's chat window. One respondent even confessed to sending a joke of an explicit sexual nature accidentally to the Financial Director.

 

A lack of forward thinking (I put myself at the head of the list!) when posting new and updates generally was evident in faux-pas anecdotes given during the course of the survey.

 

One respondent posted to Twitter "Woohoo! I've finished for the day" at 4pm rather than his finish time of 5:30 pm, only to receive a call from a colleague asking how he was enjoying the sunshine. Another stated that he was an eager job seeker to his current, and rather surprised, employer.

 

Just 5% of respondents had sent confidential information to the wrong person. However, one such error resulted in the company's telephony and internet access being used by someone else at the organisation's expense.

 

Nearly 16% of respondents said that they had clicked on an attachment or a link within an IM that had turned out to be malware. 42% of those said their anti-virus protection did not catch it.

 

Nearly three quarters of people surveyed could access social networking sites at work, but only two thirds said that their employer's policy allowed them, showing that adequate policy enforcement tools were not in place. The most popular sites by far that people used were LinkedIn and Facebook, with 33.1% of respondents saying they had the most friends on LinkedIn, compared with 32% that said real life friends topped their list. 

 

The bottom line is, people are engaging in communications via IM and social networking at work. Enabling IM and Web 2.0 communications can bring great benefits to companies, but IT departments need to consider the risks involved and make sure that security, policy control and compliance are introduced as standard best practice.

 

Perhaps the best advice for users is summed up by one of the survey respondents who said "I always check twice, to see if I've been naughty or nice."

 

The Natural Progression of IMAuditor

By
Kailash Ambwani
 on July 15, 2008 10:30 PM | | Comments (0)

This week we announced a major update to IMAuditor. The most significant new capabilities are around data leak prevention, and it got me thinking about how our business has shifted over the past few years. 

 

FaceTime first introduced its IMAuditor software in 2001, half a lifetime ago in Internet terms. At the time, it became the standard by which banks monitored and recorded conversations their employees (mainly traders) were having over IM to comply with SEC regulations. Over the past seven years, we've refined and advanced the product to stay ahead of the changing Internet and changing employee behavior. Today, employees routinely communicate over social networking sites like Facebook and LinkedIn, use Web-based file sharing sites like SlideShare and transfer information with P2P file sharing software such as LimeWire. That's the nature of the New Internet.

 

This also means that setting and enforcing policies for information is more complex than ever... hence, constant updates to IMAuditor. 

 

In parallel, it's been interesting to observe how my conversations with customers have changed over the past four years that I've been CEO of FaceTime. Foremost, our customer base itself has changed: from primarily financial services companies to large enterprises in general. And, the primary concern has shifted from regulatory compliance to security and integrity of enterprise data. Most interestingly, new triggers and pain points have emerged - from AIM to Facebook, from Napster to Skype.  As employees bring new Web 2.0 applications onto the enterprise network, protecting the organization against data leaks over these new channels is overtaking concern about incoming malware.

 

Something else is changing too: companies have started to realize that blocking these new Internet applications is not a solution. Especially in the case of IM, companies have seen the value of real-time communications and are rolling out unified communications suites like Microsoft OCS and IBM/Lotus/Sametime in an effort to realize these new productivity gains. And now, when savvy IT mangers discover that consumer-based applications like public IM or Facebook are in use on their networks, they realize that what they need is not a blocking mechanism but a good policy and some gentle reminders that help enforce it.

 

Don't get me wrong - I'm not saying you should not trust your employees. But I've believed for some time that the biggest security threat to the organization doesn't come from the outside, it comes from the company's own employees. Not because people are malicious, but because people are people.

 

Last month, we commissioned Osterman Research to survey IT managers about their concerns for information leakage, as well as their preparedness to prevent it in their organizations. The most interesting data point for me is that more IT managers are concerned about unintentional or accidental information leaks than they are about intentional leaks or data loss from malware. Surprised?

MySpace in the Enterprise: Control or Chaos?

By
Frank Cabri
 on June 19, 2008 11:56 AM | | Comments (0)

When one of our lead researchers, Chris Boyd, started looking into MySpace hacks and scams over a year ago, some of us at FaceTime questioned whether that was the best place for him to spend his time. Was it relevant to the business IT market that we serve?

 

Absolutely. The ability to control how employees use social networking on work computers is one of the key topics of conversation we have with new customers. We've heard from customers that they can't block MySpace and Facebook because their HR departments use the sites to do background checks on potential employees. Many organizations are also setting up company-oriented communities on Facebook. We've spoken with companies who have lost new employee candidates because of their policies against use of Web 2.0 including social networking and instant messaging - these companies are perceived as legacy and uninteresting places to work.

 

MySpace and other social networking sites have entered the enterprise, and business leaders together with IT have to figure out how to turn it into an advantage for the company. It's a much larger issue than simply making a binary decision to block or allow it.  Do you block it all, or do you allow some users or some aspects of it?  What are the cultural and employee morale issues if you shut down access? 

 

I have a good friend who works at a satellite office for a Fortune 100 company. His Internet is locked down beyond belief. Yet, the posters on the wall from the corporate office highlight value statements about "innovation" and other rhetoric that seems to me at odds with their Internet policy. I'm told that the morale there is a mess. Is there a relationship?

 

FaceTime is not in the business of establishing the Internet access policy for our customers.  We are in the business of enabling them to enforce their desired policy for Web access including control of MySpace and other social networking sites. But, my contention is that it's not soley a matter of whether or not MySpace, Facebook etc. have a business purpose. The real point is that employees feel they have a right to use whatever applications or online sites on their work computers, and IT has to maintain the integrity of the network despite this trend.  Bringing these two perspectives together for the benefit of the business is where the challenge lies.

Securing Web 2.0: We All Like To Jump On the Next New Thing

By
Frank Cabri
 on June 9, 2008 6:18 PM | | Comments (0)

When something works others will adopt it. It's true whether you are talking about TV reality shows, green products or IT security.  This was evident at the Gartner IT Security Summit  that I attended last week, where there were several references in the keynotes and breakout sessions to the trend toward end user adoption of collaborative applications such as Facebook and other Web 2.0 apps.  

 

The current catch phrases are based on the premise that the Internet has changed. Some call it the "Consumerization of IT," some call it Enterprise 2.0 - and I believe I even heard it called "People-Based Computing." (PBC)

 

No matter what you call it, IT security administrators must make a judgment call about the usefulness of these new real-time Internet tools and whether or not to spend money on security and management solutions. Are employees really going to use these tools to do business? Or are they virtually hanging out with friend on MySpace during work hours? And what if MySpace becomes Facebook, or Second Life, and then Twitter or Pownce or a widget... or whatever else the latest Web 2.0 application is?

 

The lines between work and personal time are blurring more than ever, and IT is continually challenged with "the next new thing." The new Internet will create new strategic issues to sort out over the next few years. Will a SaaS model for security be considered?  How will virtualization impact security deployments?  These were the types of issues that were raised and debated over the three days.  All said, a solid conference that offered a combination of actionable recommendations and thought-provoking considerations.

 

By the way, Google started its keynote at the Gartner IT Security Summit with a message about collaborative applications, and I was pleased (and proud, I must admit) to see their reference to our very own Chris Boyd as a contributor to their security efforts.

« Malware | Main Index | Archives | Privacy »

FaceForward Authors

Kailash Ambwani
President and CEO
Brian Babin
Director of Product Management
Christopher Boyd
Sr. Director of Malware Research
Frank Cabri
Vice President of Marketing and Product Management
Eric Young
Director of Field Engineering Services

August 2008: Monthly Archives

Categories

Monthly Archives

August 2008

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

About this Archive

This page is a archive of recent entries in the New Internet category.

Malware is the previous category.

Privacy is the next category.

Find recent content on the main index or look in the archives to find all content.

Search

Blog Roll

Collaborative Thinking

Ed Brill

Eileen Brown's Weblog

Enterprise 2.0 Blog

FastForward

Irwin Lazar

No Jitter

Schneier

Single Point of Contact

Team Think

Technology Live

Techland

The Facebook Blog

The Impact of Information Technology (IT) on Businesses and their Leaders

The Osterman Research Blog

The User View

Security Fix

Zero Day

Comment/Trackback Policy

This site supports an open comment policy. Rude, wasteful, off-topic, privacy-intruding or libelous comments will be deleted. Comments will remain open unless abused.