Recently in Trends Category

Today's guest blogger is Ajay Madan.  Ajay heads the Quality Assurance division of FaceTime. He has several years of experience working on products related to Network Security and Compliance. He is actively involved in working with the product and support engineering teams in devising and implementing processes and methodologies that ensure a high degree of quality for FaceTime's products. He has been closely tracking the developments in the social media space, the business impact due to the same and shares some of his thoughts in this article.

Take it away Ajay.

In recent months, there has been an increasing media attention on social networking sites; and how this impacts business, compliance, security and so on. Some staggering statistics (which I reference later in this article) have been thrown in to demonstrate the crazy adoption rates of the social media.

Social media, it appears,  is here to stay and companies are now understanding that it's not about blocking access now, but realizing that controlling and enabling access is the way forward.. It would sound naive to assume leadership teams in companies haven't yet begun this process, some still block access, others are engaging with vendors that help manage and control the use of social media, and some are just giving it some more time. So in this post, I don't focus too much on the statistics or impact of social media but look at the next steps for companies who understand the need to manage social media.

There are several aspects for CIOs/Head of IT departments to consider while evaluating policies for social media as well as for evaluating solutions to manage social media usage in the network.

Compliance Considerations

FINRA in their recent webinar indicated that companies will not be given a compliance grace period because Social Media technology is new and evolving. FINRA has asked companies to not allow usage of Social Media if they cannot supervise it or the social media site does not support archival. Bottom line - Companies must retain, archive and retrieve to be compliant.

If you are in a regulated industry, such as the financial services sector, you need to consider tools that either allow you to block access to unsanctioned social media and/or invest in a solution that allows you to monitor, archive and review content posted through social media.

Security Considerations

Perhaps another key question in the IT manager's mind pertains to security, There can be several concerns in this area -

• Its possible that users may leak sensitive information about the company through a post on Twitter or Facebook Wall
• Users in a regulated industry sending information - perhaps patient information via Facebook or Twitter
• Users with, lets say, corporate Facebook accounts using foul language in their posts.
• The potential for hidden malware, Trojans and the like in applications, perhaps such as the myriad of games and applets on Facebook.

A solution for Web 2.0 should provide or extend security controls to social media to address such concerns.

Policy Considerations

Some industries require a rich policy framework or workflow that allows the following -

• Ability to be able to moderate posts on social media before they are allowed to be posted to the actual site
• Ability to capture or moderate content that matches certain lexicons or pre-configured policy elements.
• Workflow for compliance officers to review the posted content
• Workflow to archive content for long term storage by inter-operating with enterprise archival systems and easy retrieval.

Bandwidth Considerations

There are certainly organizations and industries that do not have compliance requirements for social media, but who do need controls on bandwidth consumption. The common problem today is that companies have no way to measure the amount of time employees spend on social networking websites and in the past this has been recognized as a huge problem as it potentially impacts productivity. Hence this could be a core requirement for many companies.

Consider looking at solutions that allow you to set bandwidth limits for usage of social media.

Existing Infrastructure Considerations

Many IT departments are wary of having multiple vendors for different communication modalities and for the ease of management prefer to select those that provide functionality across all the considerations I referenced - as well as being able to provide these functionalities across other communications modalities, like IM and Unified Communications.

Consider an Evolving Market

Social media is new technology and will continue to evolve. Companies should look at solutions providers who have expertise in real time communications traffic, at those who adapt quickly to new technologies and who consider social media as part of a communications strategy, not in isolation.

Finally, I want to plug the solution that I work on. I've been with this product since it's inception and have seen it grow to become the first Secure Web Gateway that combines features, functions and controls for social media alongside other communications modalities.  Our Unified Security Gateway is uniquely positioned to address all the considerations I outlined above and helps companies manage not just social media across a broad spectrum of requirements - but web traffic on the whole, and more than 4,000 web and internet applications, from IM to remote control tools, to P2P tools. 

Now, I'll leave you with some pretty phenomenal statistics if you know any of those folks who are looking the other way when it comes to adopting social media.

But do check back on March 2nd when we launch the results of our fifth annual survey - and let me know what YOU'RE doing with social media.

Ajay

Facebook

http://www.facebook.com/press/info.php?statistics

LinkedIn

http://techcrunch.com/2009/02/14/as-the-economy-sours-linkedins-popularity-grows/

Twitter

http://mashable.com/2009/01/09/twitter-growth-2008/

I had an interesting meeting with a customer last week regarding the use of social networking. This is a large broker dealer with several thousand financial advisors across the country.

The IT department is getting pressure from the business users to allow the use of Facebook, LinkedIn and Twitter all of which they currently block. When I asked them why the business units wanted access to these sites, they gave me three reasons:

1. The financial advisors are telling them that referrals they get through Facebook and LinkedIn tend to convert to clients at a much higher rate than any other channel. This resonated with me - at FaceTime we constantly remind our salespeople to leverage their social networks for prospecting. It is well know that human beings are tribal by nature and are more likely to respond to someone who is "connected" to them in someway - even when you have millions of connections!
2. Their marketing group is focused on the 35-45 year old demographic since this is where people hit the peak of their earning power and start thinking about financial planning. Getting clients in their late thirties means you can hang on to them 20-30 years. Turns out that the over-35 demographic is the fastest growing user group at Facebook and the largest segment for both LinkedIn and Twitter.
3. Finally, the company is finding that their ability to recruit at college campuses and MBA schools is enhanced by their Facebook and Twitter presence. As we all know, college kids live with these technologies and businesses that block access are seen as old school.

I am hearing similar reasons from other customers across all industry groups. Enterprises are recognizing the power of social networking to recruit new customers, stay in touch with existing customers and enhance communication with their employee base.

Of course there are several challenges that need to be overcome. In a survey FaceTime conducted in June of this year, organizations identified their top three concerns as content leakage, regulatory and corporate compliance and reputation damage.

"I am not worried about the guy who wants to steal information" the IT manager at a large services firm said to me. "I am worried about mistakes. People don't realize that competitors can also see your status update on LinkedIn and if you're talking about working on a particular project, you've just told the world." The inadvertent leakage of content is a common concern among the security managers I speak with.

On the compliance front, regulatory authorities are increasingly focusing on the use of these networks within regulated industries such as financial services, energy and healthcare. For example, FINRA, the Financial Industry Regulatory Authority, recently formed a Social Networking Task Force to look into the compliance challenges posed by social networking sites.

Finra CEO Rick Ketchum said, at the SIFMA Annual Meeting "Social networking sites such as Facebook or LinkedIn provide new ways to connect, inform and interact with customers... They also raise new regulatory challenges. For example, as currently designed they may not allow you to archive and maintain the communications on your own books and records."

Reputation damage is another concern for large enterprises. How do you track what employees and customers are saying about your company? The CIO of an electric utility company noted that they used Twitter to communicate information about outages and other emergencies to their customer base. "I worry that a disgruntled employee or customer could hijack our Twitter account and start spreading misinformation".

Another customer, a large bank that ran into some problems integrating an acquisition, talked about how customers were blasting the bank on Facebook and Twitter. "Because we block the use of these sites within our company, we were caught off-guard and didn't understand how we should respond to these comments." The IT manager noted. "Our marketing group is now formulating a strategy on how to leverage these platforms. We need to be more savvy about these channels."

Notwithstanding the challenges, it is clear that enterprises recognize the value of these sites and are motivated to overcome them. (Shamefaced sales pitch follows) FaceTime recently announced USG 3.0 which is designed to address these challenges and allow enterprises to leverage the benefits of social networking.

I would be interested in hearing your views on the use of social networking in your business. Do you agree with the above reasons? Are there other reasons?

A study released last week by the University of Melbourne's Department of Management and Marketing maintains that workers who engage in 'Workplace Internet Leisure Browsing' (WILB) are more productive than those who don't.

Well, that's good news for the 51 percent of workers who access social networking sites at least once a day while at work - not to mention the 50 percent that check their Facebook pages and the 69 percent that watch videos on YouTube several times a day, according to FaceTime's Collaborative Internet Survey published last fall.

The University's Dr. Brent Cocker says:

"Firms spend millions on software to block their employees from watching videos on YouTube, using social networking sites like Facebook or shopping online under the pretense that it costs millions in lost productivity, however that's not always the case."

 We couldn't agree more. The whole blocking strategy just doesn't seem to work in the real world.

At the same time, the results of the Melbourne study directly contrast some news that broke in the UK this last week - where students at Bournemouth University have been complaining that they can't get work done because other students are hogging University computers to use Facebook and Twitter.

Visibility into what employees (and students in this case in Bournemouth) are accessing, is crucial not just to an effective IT security approach, but also it seems to ensuring productivity. If you don't know that 69 percent of your workforce is watching YouTube, how will you know that's the cause of your bandwidth spikes? What if you could give them a bandwidth allotment for such activities, and when their quota is reached, its bye bye water skiing squirrel videos?

It sounds like the folks at Bournemouth Uni's IT team could do with not just controlling the bandwidth taken up by some students, but also the time that they're allowed to be on Facebook!

Watch this space for upcoming announcements about gaining greater visibility into what's really happening within corporate and organizational networks.

I'm spending the quiet time during the holidays working with my colleagues on FaceTime's end-of-year analysis of how real-time communications, social media, other Web 2.0 applications - and the malware using these channels - have affected organisations over the last 12 months. We'll release the full results next week, but I wanted to share some early insights.

This year, for the first time, we collected real-world data taken from our Unified Security Gateway appliances deployed across more than 60 participating global organisations. These companies have opted into a program that sends data back to us, so we can analyze Internet application traffic.

So what did we learn?

I read a report from Reuters about British Think Tank, Demos, saying that bosses shouldn't stop their staff from visiting social networking sites because it could actually benefit their business.  Music to my ears I thought.  I'm obviously pretty pleased with the conclusions that they came to, not least because it absolutely marries up with the results of FaceTime's fourth annual survey  of Internet Trends  (more on this in a moment), but it marries up with how I work.

The Demos report concluded that

"The value of networking within an economic downturn is perhaps more important than ever and I believe it could mean the difference between a business collapsing or capitalizing on the tricky conditions."

Paraphrasing the report, it means that employees should be allowed to use MySpace, or Facebook, because there is very little difference between social networking and professional networking.

The FaceTime survey also looked at the changing way in which IT professionals and employees use the Internet. This year, 81% of survey respondents said they use social networks at work for personal reasons. But what's interesting is a nearly equal number - 79% - said they use these sites for business reasons. And 51% are accessing them several times a day. 

  I'm definitely one of those 51% of the 79%. You'll find me regularly on LinkedIn and Facebook, both for social and legitimate business reasons.  I actually think that my local supermarket owes me some coupons or at least a pat on the back.... I recently posted a tip on Facebook about beating the credit crunch with a special deal they had on some wine, and I know for certain that my buddies bought at least 5 cases.  So Tesco, if you're listening....you know where I live.

However, there's one point in the report that I don't agree with.

"Bans on Facebook or YouTube are in any case almost impossible to enforce; firms may as well try to put a time limit on the numbers of minutes allowed each day for gossiping." 

You see this is one of the great things that FaceTime - and our flagship product, the Unified Security Gateway (or USG) does. 

Ban the access if you want, USG lets you do that.  Or, enabling you to truly realize the value of networking, it gives you granular control over who can do what. Whether its downloading one of the more than 20,000 thousand applications on Facebook, or setting who can use AIM or Yahoo! Messenger or GoogleTalk or myriad other real time chat and communications tools. 

So while we can't stop the gossip around the real water cooler, we can stop them getting to the virtual one!

For the fourth consecutive year, FaceTime has commissioned a survey of IT managers and end users to track the use of Internet-based applications - things like IM, Skype, P2P, social networking and other Web 2.0 apps. We also surveyed employee attitudes toward use of those applications and their impact on IT and the organization in terms of security, data leakage and compliance.

As in prior years, the research was conducted among a large sample of corporate IT managers and end users across all size organizations in North America, UK and Europe. The research study includes compiled data from more than 500 IT managers and end users. The results are quite revealing.

• Use of consumer oriented Internet applications has reached 97% of organizations, up from 85% in 2007 and, on average, companies report 9.3 applications in use by its employees on the enterprise network
• 73% of IT managers report at least one security incident as a result of Internet application usage; Viruses, Trojans and worms (59%) are most common, followed by spyware (57%) for a close second
• 37% of companies report an instance of non-compliance; 27% report accidental data leakage
• IT managers report an average of 34 incidents per month, and the largest companies project $125K monthly to remediate Internet usage related security, compliance and data leakage issues
• 51% of end users access social media sites at least once per day and  79% of employees use social media (Facebook, LinkedIn, You Tube) at work for business reasons
• Sixty-eight percent of IT managers have archiving and retrieval methods for corporate email. About half that many--31 percent--store IM communications. One in four has copies of audio conferences (25%), while slightly fewer (20%) archive corporate Web conferences
• If requested by corporate attorneys to reproduce IM communications--in the event of a lawsuit, for example--51 percent of IT managers could not do it. Thirty-eight percent because they have no such capabilities and 13 percent could do it but not in any practical time frame
• Unified Communications suites exist at about 29 percent of IT respondent organizations. Ten percent have deployed pilots to a limited number of users, while 19 percent have deployed UC for the majority of their endusers

We'll be delving into various aspects of this exhaustive survey in the coming weeks, to break down just what this data is telling us about what's happening on corporate networks and what it means to both IT managers and end users.

Rafe Needleman wrote on C|Net recently about 11 troubled Web companies and he put Twitter at the top of his list. Twitter - my outstanding favorite of online social media tools - I had to catch my breath.

Commenting on these tough economic times Needleman shares what investors are saying...we're going to lose some good companies, audience love is no guarantee for success, and profitability and a solid business model are still required. Of course. But death for Twitter? True, there are other online applications I use that also made the list - Skype (my preferred IM client), Netvibes (my preferred RSS reader), and Pandora (my preferred destination for listening to music online) - but I think I could get by without them. Or at least I'd make the effort.

The micro-blogging site of 140 character text-only posts has become my defacto source for instant information. And for others as well. As Paul 'Twitter is the New Blog' Boutin at Wired Magazine says you'll find some heavy hitters there - Scoble, Calacanis, and many, many others - claiming it's because Twitter operates even faster than the blogosphere. And Twitter posts can be searched instantly, without waiting for Google to index them.

I'm not sure I'd say Twitter will completely replace the blog, but it's clear that individuals and businesses alike have found a place on Twitter. Companies are successfully using it to provide timely information to customers and prospects, subject matter experts are able to share their wealth of information, and individuals share stream-of-consciousness tidbits about their personal lives...admittedly the latter holds less value, but it can be entertaining!

So if I'm feeling this way about Twitter, I have to assume other people might be feeling the same about their favorite social media and Web applications, and they're likely using them at work, demanding IT managers pay attention to what's in use and secure the environment.

FaceTime recently completed our annual survey among IT managers and end users for their opinions on what Internet applications are in use at work and why. I look forward to seeing what applications and trends top the list this year - it never fails to reveal some interesting things. We're releasing the report on Monday, so be sure to check back then.

In the meantime, you might review Needleman's full list - how many do you think are in use at your company? Are there any you personally couldn't live without? Or, like me with Twitter, might cry a little inside if they were to disappear?