Transcript Social Media Success: How to enable social media in

Social Networking:
What You Don’t Know Can Hurt You
Jim Hilsenrod
Agenda
Intro
About Actiance
Social Media on the Rise
Benefits of Social Media
Understanding the Risks
Applicable Regulations
Anecdotes
Applying Appropriate Controls
Wrap-up
1
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
About Actiance
 Enable the New Internet
– 4,500+ Web 2.0 apps, Unified
Communications, Social Networks
 Global operations
– USA, EMEA, India, Asia/Pacific
 Market Leader
– 9 of the top 10 US banks
– Top 5 Canadian banks
– 3 of the top 5 energy companies
 Broadest Partner Ecosystem
– Technology alliances
2
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Social Is Booming
Social Networking
Social Collaboration
Social Publishing
Social Feedback
3
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Upside of Social Media
Generate buzz and increase visibility
Strengthen customer relations
Build an additional revenue source
Extend your brand
4
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Risks of Using Social Media and Web 2.0
Data Leakage
Incoming Threats
Personal
Information
Malware, Spyware
Intellectual Property
Viruses, Trojans
Credit Card,
SSN
Inappropriate
Content
Compliance & eDiscovery
SEC, FINRA
Client Records
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
HIPAA, FISMA
SOX, PCI, FSA
FRCP- eDiscovery
FERC, NERC
User Behavior
Employee
Productivity
Bandwidth
Explosion
Every employee is
the face of business
Web 2.0 & Social Networks Regulation & Compliance
Regulation
Social Network and Web 2.0 Impact
SEC and FINRA
Obliged to store records and make accessible. Public correspondence requires
approval, review and retention. Extended to social media.
http://www.finra.org/Industry/Issues/Advertising/p006118
Gramm-Leach-Bliley Act (GLBA)
Protect information, monitor for sensitive content, and ensure not sent over
public channels (e.g., Twitter)
PCI
Ensuring cardholder data is not sent over unsecured channels AND PROVING
IT
Red Flag Rules
Prevent identity theft. Protect IM and Web 2.0 from malware and phishing
when users are more likely to drop their guard.
FRCP (eDiscovery)
Email and IM are ESI. Posts to social media sites must be preserved if
reasonably determined to be discoverable. http://blog.twitter.com/
Sarbanes-Oxley (SOX)
Businesses must preserve information relevant to the company reporting.
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Real-Life Anecdotes
Citibank
Deloitte Financial
Northshore Bank
Online Banking
7
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
So who’s using Social Media? And Why?
 Sales & Marketing
 Promotions
 Advertising
 Branding
 HR
 Background checks
 Recruiting
 Scientists & Researchers
 Information exchange
 Collaboration
 IT
 Investigation of security breaches
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Social Networking: Balancing Benefit & Risk
Risks & Challenges
 Employee productivity
– Control who can access what, when, and for how long
 Content security
– Introduction of malware
 Brand and reputation protection
– Allow “approved corporate posters” to self-moderate
– Moderate posts from unapproved corporate posters

–
–
–
–
IP/Information Leak Prevention/NDA compliance
Sensitive, confidential term dictionary matching
Stop contract staff accidentally leaking your secrets
Quarantine posts for moderation by a reviewer
Quick deployment, no desktop touch

–
–
–
Compliance with regulation (e.g., FINRA, PCI)
Archive content
Stop credit card number patterns
Control specific content
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Appropriate Controls: The Basics
Who needs controls applied?
 Users within your organization - HR, Marketing, Sales, IT?
How do I apply these controls?
 Are there tools available?
Where do I get started?
10
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Appropriate Controls: The Specifics
Issue
Control Requirements
Identity management
Ensure that all the different logins of an individual link back to corporate identity
Activity control
Posting of content allowed for marketing but read-only for everyone else
Granular application control
Employees can access Facebook, but not Facebook Chat or Facebook Games
Anti-malware
Protect network against hidden phishing or Trojan attacks
Data leak prevention
Protect organization from employees disclosing sensitive information
Moderation
Messages posted only upon approval by designated officer
Logging and archiving
Log all content posted to social networks
Export of data
Export stored data to any email archive or WORM storage
11
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
USG: Enable the ‘New Internet’
Reporting
Unified Policy Management
Anti-Virus
Anti-Malware
URL Filtering
AD Integration, Company/Group/User, Time of Day, Bandwidth
Public IM
Web 2.0 & Application Control
Application Control & Security
Web 2.0 Enablement
Application Enablement
Application Control Engine
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Socialite
USG: Visibility & Control of More Than 4,500 Applications
Category
Number
Social Networking
914
Instant Messaging
255
IPTV
76
Remote Admin Tools
41
P2P
166
VoIP
96
Web Conferencing
55
Commercial Monitoring Software
215
Anonymizer
32
Webmail
32
4500 +
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Example
SaaS Infrastructure
• Fully Redundant Architecture
• End-to-End Failover
• Fully Redundant and Mirrored Database
• Extensive Network and Application Monitoring and
Alerting
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Questions
Jim Hilsenrod
[email protected]