Recently in Social Networking Category

Today's guest blogger is Ajay Madan.  Ajay heads the Quality Assurance division of FaceTime. He has several years of experience working on products related to Network Security and Compliance. He is actively involved in working with the product and support engineering teams in devising and implementing processes and methodologies that ensure a high degree of quality for FaceTime's products. He has been closely tracking the developments in the social media space, the business impact due to the same and shares some of his thoughts in this article.

Take it away Ajay.

In recent months, there has been an increasing media attention on social networking sites; and how this impacts business, compliance, security and so on. Some staggering statistics (which I reference later in this article) have been thrown in to demonstrate the crazy adoption rates of the social media.

Social media, it appears,  is here to stay and companies are now understanding that it's not about blocking access now, but realizing that controlling and enabling access is the way forward.. It would sound naive to assume leadership teams in companies haven't yet begun this process, some still block access, others are engaging with vendors that help manage and control the use of social media, and some are just giving it some more time. So in this post, I don't focus too much on the statistics or impact of social media but look at the next steps for companies who understand the need to manage social media.

There are several aspects for CIOs/Head of IT departments to consider while evaluating policies for social media as well as for evaluating solutions to manage social media usage in the network.

Compliance Considerations

FINRA in their recent webinar indicated that companies will not be given a compliance grace period because Social Media technology is new and evolving. FINRA has asked companies to not allow usage of Social Media if they cannot supervise it or the social media site does not support archival. Bottom line - Companies must retain, archive and retrieve to be compliant.

If you are in a regulated industry, such as the financial services sector, you need to consider tools that either allow you to block access to unsanctioned social media and/or invest in a solution that allows you to monitor, archive and review content posted through social media.

Security Considerations

Perhaps another key question in the IT manager's mind pertains to security, There can be several concerns in this area -

• Its possible that users may leak sensitive information about the company through a post on Twitter or Facebook Wall
• Users in a regulated industry sending information - perhaps patient information via Facebook or Twitter
• Users with, lets say, corporate Facebook accounts using foul language in their posts.
• The potential for hidden malware, Trojans and the like in applications, perhaps such as the myriad of games and applets on Facebook.

A solution for Web 2.0 should provide or extend security controls to social media to address such concerns.

Policy Considerations

Some industries require a rich policy framework or workflow that allows the following -

• Ability to be able to moderate posts on social media before they are allowed to be posted to the actual site
• Ability to capture or moderate content that matches certain lexicons or pre-configured policy elements.
• Workflow for compliance officers to review the posted content
• Workflow to archive content for long term storage by inter-operating with enterprise archival systems and easy retrieval.

Bandwidth Considerations

There are certainly organizations and industries that do not have compliance requirements for social media, but who do need controls on bandwidth consumption. The common problem today is that companies have no way to measure the amount of time employees spend on social networking websites and in the past this has been recognized as a huge problem as it potentially impacts productivity. Hence this could be a core requirement for many companies.

Consider looking at solutions that allow you to set bandwidth limits for usage of social media.

Existing Infrastructure Considerations

Many IT departments are wary of having multiple vendors for different communication modalities and for the ease of management prefer to select those that provide functionality across all the considerations I referenced - as well as being able to provide these functionalities across other communications modalities, like IM and Unified Communications.

Consider an Evolving Market

Social media is new technology and will continue to evolve. Companies should look at solutions providers who have expertise in real time communications traffic, at those who adapt quickly to new technologies and who consider social media as part of a communications strategy, not in isolation.

Finally, I want to plug the solution that I work on. I've been with this product since it's inception and have seen it grow to become the first Secure Web Gateway that combines features, functions and controls for social media alongside other communications modalities.  Our Unified Security Gateway is uniquely positioned to address all the considerations I outlined above and helps companies manage not just social media across a broad spectrum of requirements - but web traffic on the whole, and more than 4,000 web and internet applications, from IM to remote control tools, to P2P tools. 

Now, I'll leave you with some pretty phenomenal statistics if you know any of those folks who are looking the other way when it comes to adopting social media.

But do check back on March 2nd when we launch the results of our fifth annual survey - and let me know what YOU'RE doing with social media.

Ajay

Facebook

http://www.facebook.com/press/info.php?statistics

LinkedIn

http://techcrunch.com/2009/02/14/as-the-economy-sours-linkedins-popularity-grows/

Twitter

http://mashable.com/2009/01/09/twitter-growth-2008/

I read a short article in InvestmentNews today about a new social web site, LinkedFA, which is promoting itself as the "first and only Finra-compliant social networking site for financial professionals." I immediately thought to myself, how can a social networking site tout itself as Finra-compliant when Finra hasn't released its compliance guidelines yet? Finra postponed its introductory webinar until March.

Then I asked myself the larger question; why would financial professionals want a 'walled-garden' social media site in the first place? Doesn't that kind of defeat the objective? If you're a financial advisor, don't you want to be where your prospects are? A site dedicated to financial professionals is fine for connecting with people within your industry but it doesn't help you reach new customers.

Consider that there are currently more than 250 million Facebook users, 30 million Twitter users, and 25 million executives on LinkedIn. That's where the conversations are taking place. That's where you can reach customers and prospects.

Isn't it better to participate in this larger, open conversation taking place on the Web and develop best practices, with the help of technology, to make sure that those conversations are appropriately logged and accounted for? That's the best way to assure compliance, whether it's for Finra, the SEC, or some other regulatory agency.

Our financial services customers rely on FaceTime's IMAuditor and Unified Security Gateway to not only secure their networks, but to manage and log content for regulatory compliance.

That way they get the best of all worlds:

1) centralized control of online conversations stored on their own servers so they can be audited for compliance;

2) the ability to support any public social media site in a secure manner and 

3) the ability to allow their traders and other employees to use the application that is best suited to the job, whether that's Yahoo, Reuters, YellowJacket, Facebook or Twitter  - we don't mind, because, well, we support them all.

My team have put together a 30 minute briefing on "What you can stand to gain and lose with Social Media" - why not join them on January 27^th at either 10 eastern or 10 pacific?

Today's guest blogger is Eric Young.  Eric is FaceTime's Sr, Director of Field Services, and works with FaceTime customers to implement leading edge security and compliance solutions for Unified Communications and Web 2.0.  Eric's worldwide role gives him an insight into the global requirements of organizations implementing real time communications technologies to enable their businesses and works closely with our product team to ensure that FaceTime solutions remain at the forefront of the industry.

Yesterday's solution doesn't address today's issues.

I was onsite with a customer recently completing our fifth competitive replacement within the Fortune 400 in the past 6 months.  As the customer was detailing all of the requirements the previous solution did not satisfy, it made me wonder, how are other customers of these competitors feeling they are operating in a compliant fashion? 

If you, as a compliance officer or legal counsel, cannot make sense of a group chat conversation, cannot actually view the content of a blocked message, or can't see what folks are trying to post to a social networking site; how can you possibly defend your organization from SEC fines or from a lawsuit in a court of law? 

Security technologies evolve quickly, especially in the area of real-time communications - but the adoption of tools like Unified Communications, Instant Messaging and social media has grown exponentially - in many cases even without the knowledge of either IT or compliance.

Regulation and compliance changes too, with the times.  Most recently I've seen FINRA starting to address the issue of social media and issuing guidelines to member organizations and individuals on how usage should be treated. 

We all understand there is a big difference between "logging" and "being compliant" but knowing there are still some banks and other highly regulated companies using these legacy solutions that were designed for technology of a few years back, it begs the questions:  What are the minimum requirements for security and compliance for Unified Communications, Instant Messaging and Social Media?

And, what are you doing about dealing with emerging technology?

I had an interesting meeting with a customer last week regarding the use of social networking. This is a large broker dealer with several thousand financial advisors across the country.

The IT department is getting pressure from the business users to allow the use of Facebook, LinkedIn and Twitter all of which they currently block. When I asked them why the business units wanted access to these sites, they gave me three reasons:

1. The financial advisors are telling them that referrals they get through Facebook and LinkedIn tend to convert to clients at a much higher rate than any other channel. This resonated with me - at FaceTime we constantly remind our salespeople to leverage their social networks for prospecting. It is well know that human beings are tribal by nature and are more likely to respond to someone who is "connected" to them in someway - even when you have millions of connections!
2. Their marketing group is focused on the 35-45 year old demographic since this is where people hit the peak of their earning power and start thinking about financial planning. Getting clients in their late thirties means you can hang on to them 20-30 years. Turns out that the over-35 demographic is the fastest growing user group at Facebook and the largest segment for both LinkedIn and Twitter.
3. Finally, the company is finding that their ability to recruit at college campuses and MBA schools is enhanced by their Facebook and Twitter presence. As we all know, college kids live with these technologies and businesses that block access are seen as old school.

I am hearing similar reasons from other customers across all industry groups. Enterprises are recognizing the power of social networking to recruit new customers, stay in touch with existing customers and enhance communication with their employee base.

Of course there are several challenges that need to be overcome. In a survey FaceTime conducted in June of this year, organizations identified their top three concerns as content leakage, regulatory and corporate compliance and reputation damage.

"I am not worried about the guy who wants to steal information" the IT manager at a large services firm said to me. "I am worried about mistakes. People don't realize that competitors can also see your status update on LinkedIn and if you're talking about working on a particular project, you've just told the world." The inadvertent leakage of content is a common concern among the security managers I speak with.

On the compliance front, regulatory authorities are increasingly focusing on the use of these networks within regulated industries such as financial services, energy and healthcare. For example, FINRA, the Financial Industry Regulatory Authority, recently formed a Social Networking Task Force to look into the compliance challenges posed by social networking sites.

Finra CEO Rick Ketchum said, at the SIFMA Annual Meeting "Social networking sites such as Facebook or LinkedIn provide new ways to connect, inform and interact with customers... They also raise new regulatory challenges. For example, as currently designed they may not allow you to archive and maintain the communications on your own books and records."

Reputation damage is another concern for large enterprises. How do you track what employees and customers are saying about your company? The CIO of an electric utility company noted that they used Twitter to communicate information about outages and other emergencies to their customer base. "I worry that a disgruntled employee or customer could hijack our Twitter account and start spreading misinformation".

Another customer, a large bank that ran into some problems integrating an acquisition, talked about how customers were blasting the bank on Facebook and Twitter. "Because we block the use of these sites within our company, we were caught off-guard and didn't understand how we should respond to these comments." The IT manager noted. "Our marketing group is now formulating a strategy on how to leverage these platforms. We need to be more savvy about these channels."

Notwithstanding the challenges, it is clear that enterprises recognize the value of these sites and are motivated to overcome them. (Shamefaced sales pitch follows) FaceTime recently announced USG 3.0 which is designed to address these challenges and allow enterprises to leverage the benefits of social networking.

I would be interested in hearing your views on the use of social networking in your business. Do you agree with the above reasons? Are there other reasons?

Every self-respecting marketing person would dress up like a hippie for the sake of a marketing promotion, right? Well, Sarah Carter and I would, anyway.

You see, here at FaceTime, we're all about peace, love and free URL filtering. Okay, yes, it's a promotion we've been running for the past couple of months, but we really do feel the love when it comes to helping our customers manage their budgets by eliminating URL filtering renewal fees. Rumor has it there will be a group of protesters at the RSA Conference next week speaking out against those fees so be sure to stop by the FaceTime booth #2339 and check it out. And don't forget to wear your tie dye.

Seriously, all this commotion and protesting, but we really don't have anything against URL filtering. Everyone needs URL filtering, it's just that it's not enough when it comes to managing the New Internet. A much more granular level of application control is required when it comes to securing and managing Web 2.0 including social networking, multimedia, virtual worlds, VoIP ... and the list goes on.

So we've been having a lot of fun with our No URL Filtering Fees promotion in our Larissa and Sarah Show episodes. NetworkWorld even called our YouTube videos quirky. We'll take that as a compliment.

Peace out. 

A study released last week by the University of Melbourne's Department of Management and Marketing maintains that workers who engage in 'Workplace Internet Leisure Browsing' (WILB) are more productive than those who don't.

Well, that's good news for the 51 percent of workers who access social networking sites at least once a day while at work - not to mention the 50 percent that check their Facebook pages and the 69 percent that watch videos on YouTube several times a day, according to FaceTime's Collaborative Internet Survey published last fall.

The University's Dr. Brent Cocker says:

"Firms spend millions on software to block their employees from watching videos on YouTube, using social networking sites like Facebook or shopping online under the pretense that it costs millions in lost productivity, however that's not always the case."

 We couldn't agree more. The whole blocking strategy just doesn't seem to work in the real world.

At the same time, the results of the Melbourne study directly contrast some news that broke in the UK this last week - where students at Bournemouth University have been complaining that they can't get work done because other students are hogging University computers to use Facebook and Twitter.

Visibility into what employees (and students in this case in Bournemouth) are accessing, is crucial not just to an effective IT security approach, but also it seems to ensuring productivity. If you don't know that 69 percent of your workforce is watching YouTube, how will you know that's the cause of your bandwidth spikes? What if you could give them a bandwidth allotment for such activities, and when their quota is reached, its bye bye water skiing squirrel videos?

It sounds like the folks at Bournemouth Uni's IT team could do with not just controlling the bandwidth taken up by some students, but also the time that they're allowed to be on Facebook!

Watch this space for upcoming announcements about gaining greater visibility into what's really happening within corporate and organizational networks.

Your employees really are on Facebook at work, trust me. And they're on more than 400 other social networking sites as well. Ok, if you're one of the companies that blocks the Facebook.com domain you may be saving your company a bit in terms of employee productivity, but from a security standpoint it's only the tip of the iceberg.

During fourth quarter 2008, FaceTime collected live traffic data from more than 80 mid to large commercially deployed networks worldwide, representing the daily Web-based activities of more than 100,000 corporate workers. In parallel, a large sample of IT managers were surveyed on a variety of topics, including how many Web 2.0 applications they believed were in use on their networks. One-third estimated the number at less than eight.

In reality, FaceTime's actual network traffic data shows an average of 49 Web 2.0 applications installed in each of the 80 reporting locations. These applications include social networking (with Facebook topping the list), instant messaging, Web-based IM, streaming media, IPTV, P2P file sharing, Web conferencing, VoIP and anonymizers. 

What's an anonymizer you say? For users whose employers block Facebook.com - or gambling or porn sites - it's a godsend. Where there's a will, there's a way - but there's also a solution for IT to regain control.

Yes, I believe that in reality most IT managers know that Web 2.0 is pervasive in their networks - but what I don't think they really have a handle on is what employees are doing with these applications on a day-to-day basis. And that's worth understanding.

We'll be looking more at what's really going on in corporate networks over the next few weeks. Stay tuned.