Social collaboration 10 must have tips for security, productivity and compliance


Published on

Published in: Technology, Economy & Finance
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • So let me first talk about what we are seeing in the market place. I think you would all agree the internet has undergone a fairly dramatic change the last 5 to 10 years. It’s gone from being an information and commerce platform to a communication and collaboration platform. You can see that in the rise of new applications and new tools such as social networking, instant messaging peer to peer, streaming video, voice over IP, applications like Skype etc. All of these have changed the internet into a communication medium. And of course what is happening is peoplewho are using it at home also bring these tools them at work. Businesses in turn have responded to this trend by deploying enterprise platforms. They see the benefits that social networking and IP based communication, real time communications can give them and started to leverage those benefits by deploying platforms such as Microsoft OCS, IMB Sametime, or social networking analogues, such as Jive or Connections from IBM, or Share point from Microsoft.
  • So what you are seeing in the organization as you guys are seeing everyday the enterprise environment is highly fragmented and highly complex. Users within the enterprise are not only using the platforms that you’re deploying, such as OCS and Sametime, but they are also using the consumer platforms such as AOL, MSN, Yahoo and Skype, and they are using Facebook, Linkedin, and Twitter. So companies are struggling with how to manage and how to enable this highly fragmented environment.
  • Social media is not just a fad. Customers, prospects, and even employees are looking to social media to connect, engage, and build relationships with enterprise organizations. We are social animals - we want to connect and we will use all available resources to engage with each other. It’s important to remember that with social media you don’t want to talk AT people but rather talk with people. According to Gartner Research, the social media phenomenon can be broken down into five categories: Social networking Social profile management products, such as MySpace, Facebook, LinkedIn and Friendster as well as social networking analysis (SNA) technologies that employ algorithms to understand and utilize human relationships for the discovery of people and expertise. Social collaboration Technologies, such as wikis, blogs, instant messaging, collaborative office, and crowdsourcing Social publishing Technologies that assist communities in pooling individual content into a usable and community accessible content repository such as YouTube and flickr. Social feedback Gaining feedback and opinion from the community on specific items as witnessed on YouTube, flickr, Digg,, and Amazon. Social analytics Describes the process of measuring, analyzing and interpreting the results of interactions and associations among people, topics and ideas. Involves collecting data from multiple sources, identifying relationships, and evaluating the impact, quality or effectiveness of a relationship. At the end of the day… Gartner predicts that by 2016, social technologies will be integrated with most business applications. Companies should bring together their social CRM, internal communications and collaboration, and public social site initiatives into a coordinated strategy.
  • Some of the challenges that our customers talk us about are very familiar to you. Things like data leakage, you know it wasn’t that long ago that the main channel of communication that you had to worry about with respect to confidential information, was email. Today you got to worry about confidential information leaking out through Facebook, leaking out through Linkedin, leaking out through instant messaging going out over Skype which is highly encrypted and very difficult to monitor. There is a great example of all of this you had a couple of years ago, a company called Matrix Pharmaceuticals which does several drugs came out with a nasal spray called Zicam. It was found that this spray can damage the sense of smell in some of the customers. This news was first revealed over Twitter before the company was able to announce this in a controlled manner, it ran out over Twitter and the stock that day went from 19 dollars to 5 dollars and it has not really recovered since that. So there is an example that leaked out through these channels that caused severe damage to the company because it basically got out of their control. So data leakage, our customers tell us, is a huge issue. Of course incoming threats, you know it’s no longer spam and viruses coming over in email that you have to worry about. You’ve got to worry about spam and malware coming in through IM and through Facebook and Myspace and Linkedin. In fact, Information Week did a great article on how the conversion rate of spam over Facebook is far higher than the conversion rate of spam over email. So the bad guys, the hackers, are realizing that these new channels of communication are far more effective as vectors of attack than the old channels like email and increasingly they are targeting this. You need to worry about how you are addressing security on these new channels of communication. On top of that you’ve got compliance. So if you’re in financial serves or energy trading or health care or even retail you are subjected to variant compliance regulations. In fact any large company today is subject to eDiscovery and FRCP regulations that require them to make all their electronic communications easily discoverable. FINRA which is the financial services regulatory authority has explicit requirements of governing the use of social media by regulating users. So if you are financial services company with regulated users, or insurance company, or an energy company, you got to adhere with FINRA regulations. The FDA recently sanctioned a major pharmaceuticals company because their Facebook posting didn’t comply with regulations that pertain to advertising of drugs. So again if you are in healthcare or pharmaceuticals you got to worry about what the compliance regulations are around the use of these new forms of communication. And last but not least you need to ensure that critical IT resources such as Bandwidth are not getting used for unproductive or not getting swapped by unproductive use. A customer of ours, a local government agency found that as much as 84% of their Bandwidth was being used by employees for non-business related use on social networking sites, streaming videos, and using instant messaging. So 84% of their Bandwidth was being used by nonproductive use and with are solutions they are able to get visibility to that and put controls around the use of that. So these are some of the challenges that you have talked to use about with respect to the use of these new forms of communication.
  • Osterman Research conducted a study and found that corporate users spend an average of 18 minutes on a typical workday using social networking tools (or about 4% of their workday). Indeed our own survey showed a change from 2009 to 2010 in the business use of Twitter, going from 13% of users to 78% , a 6-fold increase. Adoption of social computing and social networking in the enterprise is being driven by individuals and departments within the company, such as the Marketing & PR teams who want to use social networking for corporate messaging and advertisements or analysts who wish to publish “market”-relevant data. These are the folks who need write access. Conversely, there are those corporate users that only need read-only access. This could be departments like HR/Compliance/IT Security, which use social media to research new hires or conduct investigations. And then there’s the issue of personal use. We’ve found that restricted personal use is generally OK so long as clear guidelines are made available company-wide.
  • So now that I’ve set the context for you and discussed the risks and regulations, it might calm your nerves, knowing that controls are available to address these security, management, and compliance concerns. Whether it’s preventing inadvertent or malicious leakage of information through social networks, protecting against hidden phishing or trojan attacks, or mapping the identities of your users across different social networking sites, there are solutions out there that enable you to comply with applicable security and compliance guidelines. For instance, it’s possible to control the activities of organizations, groups, or even individual users by setting policies, such as “only Marketing can post content” or “HR can have only read-only access to LinkedIn”. If the moderation of content is important to you (perhaps if you’re FINRA-regulated), then it’s now possible to have a second pair of eyes reviewing content before it’s posted, with little impact on the end user. And if that content is inappropriate, you can block it. If you want to enable the use of Facebook, LinkedIn, or Twitter, but block the use of thousands of applications within them, then that’s also doable, as is the logging and archiving of all activity and content, so that you have a full picture of the real-time communications of and between your users. At Actiance, we’ve been in the business of real-time communications security, management, and compliance since 2001, so we understand and know how to seamlessly integrate these real-time controls with your existing IT infrastructure.
  • 50% of URLs are uncategorized Current solutions don’t detect many web2.0 apps – b/c they’re encrypted and/or use evasive techniques – port hopping, tunneling, etc.
  • In fact, when it comes to Facebook, LinkedIn, and Twitter, there are nearly a hundred different features where controls can be applied. So if you don’t want your CEO using LinkedIn messaging, you can block that. You can stop the compliance team from using Facebook Careers or the HR team from following groups on LinkedIn. You can even make all of LinkedIn read-only, if that floats your boat.
  • We also enable you to set your policies through easy pointing and clicking. You can choose to either Store, Alert, Block, or Moderate, or any combination of these four controls, for Facebook, LinkedIn, and Twitter. Furthermore, if you don’t have the time or the resources to moderate every single message that passes through the corporate network, you can set up lexicons such that certain keywords or phrases will trigger the system to withhold messages. For instance, if it’s a social security number or credit card number format, you can set a policy so that the system will catch and hold those messages that have that format.
  • We also capture all the activities and posts of users on Facebook, LinkedIn, and Twitter – in context. So you can see that when Ted tried to share the phrase “I guarantee it”, he was actually talking about the upcoming football game, not an investment suggestion. Moreover, data can be presented for eDiscovery and exported to the archiving platform of your choice.
  • Social collaboration 10 must have tips for security, productivity and compliance

    1. 1. Social Collaboration:  10 must have tips for security, productivity and compliance Sarah Carter, VP Marketing Actiance, Inc. <ul><li>Confidential and Proprietary © 2011, Actiance, Inc. </li></ul><ul><li>All rights reserved. Actiance and the Actiance logo are trademarks of Actiance, Inc. </li></ul>
    2. 2. Ten Tips to Safe Social Collaboration <ul><li>Understand the landscape </li></ul><ul><li>Consider and address the risks </li></ul><ul><li>Understand the legal and regulatory situation </li></ul><ul><li>Establish a presence </li></ul><ul><li>Engage and be engaging </li></ul><ul><li>Consider Enterprise Social </li></ul><ul><li>Educate </li></ul><ul><li>Control, Manage, Secure </li></ul><ul><li>Review and Revise </li></ul><ul><li>Measure </li></ul>
    3. 3. The Internet Has Changed <ul><li>Public IM </li></ul><ul><li>P2P </li></ul><ul><li>Anonymizers </li></ul><ul><li>VoIP </li></ul><ul><li>Social Networks </li></ul><ul><li>Games </li></ul><ul><li>Virtual Worlds </li></ul><ul><li>IPTV </li></ul>Source: Actiance Annual Greynets Surveys 2008 – 2011 & Projected <ul><li>Financial IM </li></ul><ul><li>Unified Communications </li></ul><ul><li>Web Conferencing </li></ul><ul><li>VoIP </li></ul><ul><li>Remote Admin Tools </li></ul>
    4. 4. The Enterprise and Web 2.0 Are Converging Source: Actiance Annual Collaborative Internet Surveys 2008 – 2011 & Projected 2008 2009 2010 2011 2010 2009 2008
    5. 5. Social Is Booming <ul><li>Social Networking </li></ul><ul><li>Social Collaboration </li></ul><ul><li>Social Publishing </li></ul><ul><li>Social Feedback </li></ul><ul><li>Social Analytics </li></ul>Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
    6. 6. Understand the Social Risks Data Leakage Personal Information Intellectual Property Credit Card, SSN Patient Records Incoming Threats Malware, Spyware Viruses, Trojans Inappropriate Content Compliance & eDiscovery SEC, FINRA, NFA HIPAA, FISMA, SOX PCI, FOI, DOD, FSA FRCP- eDiscovery FERC, NERC User Behavior Employee Productivity Bandwidth Explosion Every employee is the face of the business
    7. 7. Best Practices – The 4E’s Objective Recommendation Establish Create a LinkedIn profile and populate with relevant information Engage Make it easy for your network to contact, interact, and communicate with you Educate Publish event notifications, news updates, upcoming conferences, job openings, etc. Expand Offer links to other professionals or like-minded individuals (e.g., tax specialists, estate planning attorneys, etc.)
    8. 8. Establishing a Presence Social Media? <ul><li>Generate buzz and increase visibility </li></ul><ul><li>Strengthen customer relations </li></ul><ul><li>Build an additional revenue source </li></ul><ul><li>Extend your brand </li></ul><ul><li>Sales & Marketing </li></ul><ul><ul><li>Promotions </li></ul></ul><ul><ul><li>Advertising </li></ul></ul><ul><ul><li>Branding </li></ul></ul><ul><li>HR </li></ul><ul><ul><li>Background checks </li></ul></ul><ul><ul><li>Recruiting </li></ul></ul><ul><li>Scientists & Researchers </li></ul><ul><ul><li>Information exchange </li></ul></ul><ul><ul><li>Collaboration </li></ul></ul><ul><li>IT </li></ul><ul><ul><li>Investigation of security breaches </li></ul></ul>
    9. 9. Social Networking: Balancing Benefit & Risk <ul><li>Risks & Challenges </li></ul><ul><li>Employee productivity </li></ul><ul><li>Control who can access what, when, and for how long </li></ul><ul><li>Content security </li></ul><ul><li>Introduction of malware </li></ul><ul><li>Brand and reputation protection </li></ul><ul><li>Allow “approved corporate posters” to self-moderate </li></ul><ul><li>Moderate posts from unapproved corporate posters </li></ul><ul><li>IP/Information Leak Prevention/NDA compliance </li></ul><ul><li>Sensitive, confidential term dictionary matching </li></ul><ul><li>Stop contract staff accidentally leaking your secrets </li></ul><ul><li>Quarantine posts for moderation by a reviewer </li></ul><ul><li>Quick deployment, no desktop touch </li></ul><ul><li>Compliance with regulation (e.g., FSA, PCI) </li></ul><ul><li>Archive content </li></ul><ul><li>Stop credit card number patterns </li></ul><ul><li>Control specific content </li></ul>
    10. 10. Establish a Presence (1a) <ul><li>Create a LinkedIn Profile </li></ul><ul><ul><li>Basic info, employment history, education, summary </li></ul></ul><ul><li>Build out full content – its your resume </li></ul><ul><ul><li>Approachable descriptions </li></ul></ul><ul><ul><li>Friendly, but professional </li></ul></ul><ul><ul><li>What’s in it for THEM? </li></ul></ul><ul><li>Provide external contact info </li></ul><ul><ul><li>Twitter, Blogs, Website </li></ul></ul><ul><ul><li>Personalize your URL </li></ul></ul>
    11. 11. Establish a Presence <ul><li>Use Groups </li></ul><ul><li>Answers </li></ul><ul><li>Use Applications </li></ul>
    12. 12. Engage with Customers, Colleagues, and Prospects (1) <ul><li>Network with others </li></ul><ul><li>Look for jobs or candidates </li></ul><ul><li>Prospect for new business/customers </li></ul><ul><li>Advertise </li></ul><ul><li>Promote your company </li></ul><ul><li>Post updates, comments, etc. </li></ul><ul><li>Answer questions </li></ul><ul><li>Follow companies </li></ul><ul><li>Keep tabs on your network </li></ul><ul><li>Provide links to other resources </li></ul>
    13. 13. Educate Your Network <ul><li>Publish events, upcoming conferences, speaking engagements, etc. </li></ul><ul><li>“ attend events” – reach out to other attendees </li></ul><ul><li>Publish links to other relevant content (e.g., websites, collateral) </li></ul><ul><li>Industry news feeds </li></ul>
    14. 14. Educate & Re Educate Your Network <ul><li>When you have new news </li></ul><ul><ul><li>Message your network </li></ul></ul><ul><ul><li>We have a TRIBAL response to Social Networks – people respond more in this medium that they do IN ANY OTHER digital medium </li></ul></ul><ul><ul><li>50 messages at a time </li></ul></ul><ul><ul><li>My experience? 40% response if you get your message RIGHT, personal and timely </li></ul></ul><ul><ul><li>Do NOT overuse it </li></ul></ul>
    15. 15. Control, Manage, Secure Issue Control Requirements Identity management Ensure that all the different logins of an individual link back to corporate identity Activity control Posting of content allowed for marketing but read-only for everyone else Granular application control Employees can access Facebook, but not Facebook Chat or Facebook Games Anti-malware Protect network against hidden phishing or Trojan attacks Data leak prevention Protect organization from employees disclosing sensitive information Moderation Messages posted only upon approval by designated officer Logging and archiving Log all content posted to social networks Export of data Export stored data to any email archive or WORM storage
    16. 16. End Users Adopting Web 2.0 Faster Than IT Can Control Actual customer traffic history (~155 organizations) Representing all Internet activity from over 150K end users (Actiance Internet Survey 2009) Source: Actiance Annual Internet Survey 2010
    17. 17. Social Networking Feature Control <ul><li>Control features or areas of content posting by user or group </li></ul>
    18. 18. Content Monitoring <ul><li>Policy summaries </li></ul><ul><li>Easy-to-set policies </li></ul><ul><ul><li>Archiving </li></ul></ul><ul><ul><li>Moderation </li></ul></ul><ul><li>Lexicons </li></ul><ul><li>Actions to take </li></ul>
    19. 19. eDiscovery of Social Networking Posts <ul><li>Social networking activity and posts are captured </li></ul><ul><li>All the captured events are presented for eDiscovery and available for export to archiving platforms </li></ul>
    20. 20. Measuring Your Efforts <ul><li>Number of Connections </li></ul><ul><ul><li>The more connected your are, the more connected you can be </li></ul></ul><ul><ul><li>Make connections meaningful – a network of “connect with me even if you don’t know me has NO VALUE – you can buy a list from a list broker. </li></ul></ul><ul><li>Number of responses from outreach </li></ul><ul><ul><li>Using advanced search, responses from inmails, messages etc </li></ul></ul><ul><li>Comments on Discussions, in Groups, Answers </li></ul><ul><li>Number of Comments or Replies </li></ul><ul><li>Number of page views </li></ul><ul><li>Followers to your blog, twitter followers, retweets </li></ul>Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
    21. 21. About Actiance: Enabling the New Internet <ul><li>Market leader for security and compliance solutions </li></ul><ul><li>Focused on Web 2.0, Social media, Unified communications </li></ul><ul><li>Global operations </li></ul><ul><li>1,600 customers across a range of industries </li></ul><ul><li>Broadest partner ecosystem </li></ul>
    22. 22. More Info? <ul><li> </li></ul><ul><li>Visit the Actiance Collateral Library at </li></ul><ul><li>Specific Questions? </li></ul><ul><li> </li></ul><ul><li>Twitter: @SarahActiance </li></ul><ul><li>Email: </li></ul><ul><li>650 631 6452 (desk) </li></ul><ul><li>415 806 9504 (cell) </li></ul><ul><li>+44 (0) 7970 729068 (UK mobile) </li></ul>
    23. 23. Ten Tips to Safe Social Collaboration <ul><li>Understand the landscape </li></ul><ul><li>Consider and address the risks </li></ul><ul><li>Understand the legal and regulatory situation </li></ul><ul><li>Establish a presence </li></ul><ul><li>Engage and be engaging </li></ul><ul><li>Consider Enterprise Social </li></ul><ul><li>Educate </li></ul><ul><li>Control, Manage, Secure </li></ul><ul><li>Review and Revise </li></ul><ul><li>Measure </li></ul>
    24. 24. Sarah Carter, VP Marketing Actiance, Inc Pg.