Actiance enabling  social_networks
Upcoming SlideShare
Loading in...5
×
 

Actiance enabling social_networks

on

  • 1,387 views

Learn how Actiance can help you Secure, Manage and Control your social network use.

Learn how Actiance can help you Secure, Manage and Control your social network use.

Statistics

Views

Total Views
1,387
Views on SlideShare
1,381
Embed Views
6

Actions

Likes
0
Downloads
23
Comments
0

2 Embeds 6

http://www.linkedin.com 5
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Osterman Research conducted a study and found that corporate users spend an average of 18 minutes on a typical workday using social networking tools (or about 4% of their workday). Indeed our own survey showed a change from 2009 to 2010 in the business use of Twitter, going from 13% of users to 78% , a 6-fold increase.Adoption of social computing and social networking in the enterprise is being driven by individuals and departments within the company, such as the Marketing & PR teams who want to use social networking for corporate messaging and advertisements or analysts who wish to publish “market”-relevant data. These are the folks who need write access.Conversely, there are those corporate users that only need read-only access. This could be departments like HR/Compliance/IT Security, which use social media to research new hires or conduct investigations. And then there’s the issue of personal use. We’ve found that restricted personal use is generally OK so long as clear guidelines are made available company-wide.
  • So now that I’ve set the context for you and discussed the risks and regulations, it might calm your nerves, knowing that controls are available to address these security, management, and compliance concerns.Whether it’s preventing inadvertent or malicious leakage of information through social networks, protecting against hidden phishing or trojan attacks, or mapping the identities of your users across different social networking sites, there are solutions out there that enable you to comply with applicable security and compliance guidelines. For instance, it’s possible to control the activities of organizations, groups, or even individual users by setting policies, such as “only Marketing can post content” or “HR can have only read-only access to LinkedIn”. If the moderation of content is important to you (perhaps if you’re FINRA-regulated), then it’s now possible to have a second pair of eyes reviewing content before it’s posted, with little impact on the end user. And if that content is inappropriate, you can block it. If you want to enable the use of Facebook, LinkedIn, or Twitter, but block the use of thousands of applications within them, then that’s also doable, as is the logging and archiving of all activity and content, so that you have a full picture of the real-time communications of and between your users. At Actiance, we’ve been in the business of real-time communications security, management, and compliance since 2001, so we understand and know how to seamlessly integrate these real-time controls with your existing IT infrastructure.
  • With respect to the URL filtering and anti-malware features, you can allow or block access to certain categories, such as restaurants, shopping, sports, etc. Coaching is also permitted. This is like telling someone, “You sure you wanna go there?” Facetime also supports time quotas, whereby you can set a policy such that you can limit how much time your employees spend on specific sites. For instance, you can apply a policy that says that Marketing can only spend 30 minutes a day on Facebook.
  • And applying those controls is simple: from controlling access to more than 1000 social networking sites to incredibly granular control of 40,000 applets on Facebook. We allow you to set controls by category or right down to the individual application. For example, you want to block access to the 150 chat applications on Facebook but allow access to the 2,142 Facebook business applications. No problem. Or perhaps you want to allow access to just 100 of the business apps and not to the other 2,000 or so. That’s possible, too.
  • In fact, when it comes to Facebook, LinkedIn, and Twitter, there are nearly a hundred different features where controls can be applied. So if you don’t want your CEO using LinkedIn messaging, you can block that. You can stop the compliance team from using Facebook Careers or the HR team from following groups on LinkedIn. You can even make all of LinkedIn read-only, if that floats your boat.
  • We also enable you to set your policies through easy pointing and clicking. You can choose to either Store, Alert, Block, or Moderate, or any combination of these four controls, for Facebook, LinkedIn, and Twitter. Furthermore, if you don’t have the time or the resources to moderate every single message that passes through the corporate network, you can set up lexicons such that certain keywords or phrases will trigger the system to withhold messages. For instance, if it’s a social security number or credit card number format, you can set a policy so that the system will catch and hold those messages that have that format.
  • We also capture all the activities and posts of users on Facebook, LinkedIn, and Twitter – in context. So you can see that when Ted tried to share the phrase “I guarantee it”, he was actually talking about the upcoming football game, not an investment suggestion. Moreover, data can be presented for eDiscovery and exported to the archiving platform of your choice.
  • Moderators can easily navigate through their queue of pending messages through our easy-to-use interface. Moderators have the option to approve or reject in bulk or individually from the Moderator Events page. But, to really appreciate the true value-add of Facetime’s Socialite, you can click on individual ID numbers to see full transcripts in context. We’re able to capture everything on, say, a Facebook page at the moment someone tried to post a comment. This gives the moderator a much more informed basis on which to approve or reject messages. You certainly don’t want to erroneously reject an otherwise-benign message. For example, a message of “I guarantee it” may have been in reference to the upcoming Lakers-Celtics basketball game, not to some stock recommendation. So, being able to review messages in context is incredibly important.

Actiance enabling  social_networks Actiance enabling social_networks Presentation Transcript

  • Enable Social Networks
  • So who’s using Social Media? And Why?  Sales & Marketing  Promotions  Advertising  Branding  HR  Background checks  Recruiting  Scientists & Researchers  Information exchange  Collaboration  IT  Investigation of security breachesA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Social Networking: Balancing Benefit & Risk Risks & Challenges  Employee productivity – Control who can access what, when, and for how long  Content security – Introduction of malware  Brand and reputation protection – Allow “approved corporate posters” to self-moderate – Moderate posts from unapproved corporate posters  IP/Information Leak Prevention/NDA compliance – Sensitive, confidential term dictionary matching – Stop contract staff accidentally leaking your secrets – Quarantine posts for moderation by a reviewer – Quick deployment, no desktop touch  Compliance with regulation (e.g., FINRA, PCI) – Archive content – Stop credit card number patterns – Control specific contentA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Web 2.0 & Social Networks Regulation & Compliance Regulation Social Network and Web 2.0 Impact Obliged to store records and make accessible. Public correspondence requires SEC and FINRA approval, review and retention. Extended to social media. http://www.finra.org/Industry/Issues/Advertising/p006118 Protect information, monitor for sensitive content, and ensure not sent over Gramm-Leach-Bliley Act (GLBA) public channels (e.g., Twitter) Ensuring cardholder data is not sent over unsecured channels AND PROVING PCI IT. Prevent identity theft. Protect IM and Web 2.0 from malware and phishing Red Flag Rules when users are more likely to drop their guard. Email and IM are ESI. Posts to social media sites must be preserved if FRCP (eDiscovery) reasonably determined to be discoverable. http://blog.twitter.com/A U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Web 2.0 & Social Networks Regulation & Compliance Regulation Social Networks and Web 2.0 Impact Sarbanes-Oxley (SOX) Businesses must preserve information relevant to the company reporting. Canadian Securities Retain records for two years, in a manner that allows “rapid recovery to a Administrators National regulator,” Can extend to IM and social media. Instrument 31-303 (CSA NI) Investment Dealers Association Demands the retention of records with respect to business activities, of Canada (IDA29.7) regardless of its medium of creation. MiFID and FSA Specifically requires the retention of electronic communications conversations Markets in Financial Instruments when trades are referenced. Directive (EU) Model Requirements for the management of Electronic European requirements for the retention of electronic records. Records (MoReq)A U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • FINRA Regulatory Notice 10-06: Guidelines for Social Networks Regulation Social Network and Web 2.0 Impact SEC Rules 17a-3 and 17a-4 and NASD Rule 3110 Retain records of communications related to business Electronic forum & chat rooms, content posted to social media may constitute Public Appearances a public appearance Prior Approvals Wall postings require prior approvals Participation Real-time participation on social networks equals participation For instance communications between research and investment banking FINRA Regulatory Notice 07-59 departments should be restricted Only those subject to firms supervision should have access, provide training Restrict Personnel prior to engagement, prohibit or restrict those who pose a compliance risk. Restrict access with technology.A U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Financial Services Authority (FSA): Guidelines for Social Networks Regulation Social Network and Web 2.0 Impact Senior Management Arrangements, Systems and Controls (SYSC) An enterprise must arrange for orderly records to be kept of its business and internal organization. SYSC 9.1.1 SYSC 9.1.2 Records must be kept for at least five years. An enterprise should have appropriate systems and controls in place with SYSC 9.1.5 respect to the adequacy of, access to, and the security of its records. Policy Statement 08/1 Must record conversations on public and enterprise IM networks. A firm must take reasonable care to establish and maintain such systems and SYSC 3.1 controls as are appropriate to its business. Firms must take reasonable steps to ensure that ethical walls remain effective SYSC 10.2 and are adequately monitored. All communications or financial promotions must be based on the principles of Financial Promotions Industry fair dealing. Adequate records of financial promotions must be kept. Update No. 5A U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Enabling Social Networking: Solution Requirements Issue Control Requirements Identity management Ensure that all the different logins of an individual link back to corporate identity Activity control Posting of content allowed for marketing but read-only for everyone else Granular application control Employees can access Facebook, but not Facebook Chat or Facebook Games Anti-malware Protect network against hidden phishing or Trojan attacks Data leak prevention Protect organization from employees disclosing sensitive information Moderation Messages posted only upon approval by designated officer Logging and archiving Log all content posted to social networks Export of data Export stored data to any email archive or WORM storageA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Social Networking Control: Basic functionality  Simple SPAN/monitor port deployment to allow/block – Social Networking Widget Usage – Web 2.0 applications (~4,500) LAN/WAN Internet – Instant messaging (~200) – P2P (~200) – URL filtering – Anti-Malware Switch All Internet Traffic Users Active Directory Group-based policies Unified Security Gateway Secure & Enable Web 2.0A U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • URL Filtering & Anti-Malware Allow Block Coach Time quotasA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Social Networking Widget Categorization – Control access to individual social media sites – Allow/block application widgets on popular sitesA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • SaaS Infrastructure • Fully Redundant Architecture • End-to-End Failover • Fully Redundant and Mirrored Database • Extensive Network and Application Monitoring and AlertingA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Social Networking Feature Control • Control features or areas of content posting by user or groupA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Content Monitoring Policy summaries Easy-to-set policies – Archiving – Moderation Lexicons Actions to takeA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • eDiscovery of Social Networking Posts Social networking activity and posts are captured All the captured events are presented for eDiscovery and available for export to archiving platformsA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Moderation Posts to Twitter/Facebook/LinkedIn held for review by the following criteria: – All – Keyword/dictionary matches – Regular expressions (e.g., credit card/SSN patterns)A U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Simplified Moderator Workflow STEP 3 Moderator receives e-mail STEP 4 notification about pending messages •Moderator signs-on to Socialite reviewer console •Moderator reviews messages and depending upon appropriateness Approves or Rejects a message •Moderator also has an option to leave a review STEP 2 comment for each post Socialite intercepts post and provides a notification that content is being monitored and will be posted only upon approval by the moderator STEP 5 Accepted posts are sent to the network on behalf of the user STEP 1 User posts message on Facebook, LinkedIn, or Twitter STEP 6 Accepted posts are viewed by the userA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • Moderator work queue & transcript review Moderator queue allows bulk approve or each post reviewed individually.A U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
  • End User Experience Toolbar displayed for each site, showing user’s post “queues” User can click on their queues and see a list of the messagesA U V Confidential and Proprietary © 2011, Actiance , Inc. All rights reserved.