Productivity tool or security headache? Like instant messaging and e-mail before it, social networking can be a great tool but can also cause concern in companies that haven’t learned to adapt – and real trouble to companies that haven’t learned how to manage it.

Enterprises are beginning to adopt social networking applications to offer a fast, easy-to-use way to keep in touch, organise activities and share ideas. Whether businesses like it or not, employees (especially younger ones) are signing up for these tools regardless of whether it’s company policy or not, and forcing the businesses to play catch up. Because of this, there are three major concerns that are keeping IT up at night.

First, consumer applications can cut into employee productivity for hours at a time. Second, social networking sites can become vectors for viruses, hacker attacks and phishing. Finally, social networking image, audio and video traffic steal bandwidth from business uses.

So, how are IT administrators supposed to control this problem? There aren’t many model companies to follow in terms of company-wide social networking deployments. A few pioneering companies have opened their doors to social networking on corporate networks such as Shell Oil, Procter & Gamble and General Electric maintain social networking accounts. An exclusive Citigroup Facebook network has almost 2,000 members.

When you look at the usage statistics, peer-to-peer (P2P) networks have millions of users sharing photos, software, music and video. Social networking reaches even further: MySpace claims more than 61 million active users; Facebook more than 65 million. The Pew Research Center estimates that half of online adults have used these services to connect with people they know.

There are also organisations actively working against social networking. As the nature of government information is often sensitive, social media tools are a big concern for many government organisations. For instance, in May 2007, the U.S. Army blocked URLs for MySpace and 12 other “entertainment” sites from their U.S. and overseas networks, referring bandwidth and security concerns.

Interactive communities such as YouTube, LinkedIn, Facebook and many others are a perfect target for hackers to plant malicious worms and viruses masked as legitimate user content, and present the potential for inadvertent leakage or misuse of mission-critical data. But these tools can be important for instant communication to spread government information internally and between the organisations, yet monitoring public opinion, there is a long way to pass over these concerns. For this reason, rather than rushing into new decisions to implement these social networking tools, there should be a cautious approach to ensure the right technology pieces are in place to enforce appropriate protection, access and use. There are many technology solutions available to organisations to let them support access to social media tools while enforcing strict control over network traffic to protect information assets and avoid data loss.

The decision to block or allow consumer applications is not black or white. Policies vary according to user, application, security requirements and network infrastructure. There are steps that organisations can take to let social networking into the network securely.

Application-based policies – Blocking applications may address this issue. However, modern consumer applications are designed to work on many different network infrastructures. This makes them hard to detect and regulate. The policies should also enable applications that offer business value – without compromising quality of service (QoS)
Corporate policies – Although few organisations will apply policies without exception across their entire network, most start by establishing general guidelines. Blanket policies that block or regulate all peer-to-peer traffic can then be adapted to support authorised exceptions, while continuing to regulate or block the rest.
User policies – Even when policies are consistent across a network or network leg, they may vary from one user category to the next. Users can be categorised many ways. For example, categories of users can be employees, contractors and/or partners. In general, policies for employees may resemble overall network permissions, contractors will likely have access to a subset of those applications, and partners may have access only to specific applications. The challenge is where and how to enforce user-based policies.
Balancing requirements
Whether your company has identified a business need for social networking applications or simply decided to get ahead of the trend, managing consumer applications on corporate networks is a matter of balancing four priorities: Security, Quality of Service, Visibility and Control.

No single set of policies can meet these requirements for every business. By deploying a combination of policy-centric and interoperable technology solutions, organizations can customise their security profile and reflect their uniqueness of individual networks, and they can grant access when, where and to whom they want adapting permissions and defenses as required to counteract internal and external threats.

Now is the time to put these controls in place because, like entropy, the pace of technological change is always increasing. No sooner have we become accustomed to the ideas of Web 2.0 than we are turning our attention to Web 3.0 and beyond. With these changes we are faced with opportunities and challenges, don’t let evolution pass you by.

Entire Article

Popularity: 74% [?]

 

The rise in online video and bandwidth-intensive applications is posing a significant threat to enterprise network bandwidth. Instituting a clear Internet usage policy within your organization will help ensure that network bandwidth resources are used efficiently, improving performance, productivity and the bottom line. Knowledge Center contributor Ermis Sfakiyanudis explains how you can set up reasonable acceptable-use policies, as well as invest in tools that help support those policies.

Regardless of the effect on employee productivity, streaming video stresses a corporate network a hundred times more than does e-mail or Web surfing alone. Streaming video can cause severe problems ranging from slow access to outsourced application services and enterprise e-mail to complete network failure. Bandwidth-intensive applications such as video conferencing and Webinars can have similarly detrimental effects on an organization’s network.

To prevent these network bandwidth problems, there are four specific practices IT can adopt to better prepare and protect their organization:

Practice No. 1: Clearly delineate appropriate workplace Internet usage standards

Enterprises must have policies in place that both outline and even prohibit certain ways staff can utilize the Internet at work. These policies should be readily available for all employees to reference, and they must agree to abide by the guidelines before being allowed on the network. These guidelines should be as clear as possible and include such regulations as:

1. Information technologies are to be used solely for business purposes

2. Employees should not assume that any computer equipment or technologies such as e-mail and data are confidential or private

3. Designated representatives maintain the right to access computer systems and review any information

4. Anyone found in violation of the policy may be subject to disciplinary action—up to and including termination of employment

 

Practice No. 2: Establish regular communication channels with staff

Education about how corporate network usage can affect an organization is key to any successful Internet policy. Enterprise Internet resources are communal, and employees need to understand that their actions online will affect their colleagues’ access to the network—and possibly their customers’ experience as well.

To ensure that Internet policies are understood, clear communication practices are vital. Managers and IT need to have regular meeting times in which all employees gather together and the appropriate usage of workplace PCs is outlined. Management should openly discuss what employees should and should not be doing online, as well as the appropriate use of other company technologies. These meetings can also be used as a time to reinforce the Internet policy in place and discuss any changes or revisions. This is a good time to go over in detail some of the more crucial aspects of the policy and ensure that any questions are addressed.

Another critical communication channel is between IT and department directors. IT should work directly with the directors of various departments and help them to understand the online activity of their department. The benefit of this communication model is that directors get to better understand how their team is working during the day and IT learns the specific needs of a given department. Ultimately, this helps both groups estimate and allocate bandwidth by department or location, based on need.
Practice No. 3: Determine which employees need the Internet for legitimate work purposes

Being able to allocate bandwidth by person and department is a critical capability for IT staff attempting to work within the limitations of an individual enterprise network. Having an understanding of which employees require more bandwidth to do their job and which may need less is beneficial for several reasons, one of which is in accounting for network resources.

For example, if the bandwidth consumed by the billing department is negatively impacting the marketing departments’ online access, there is a problem. The marketing department is much more likely to be legitimately streaming content and downloading video (both very bandwidth-intensive) than the billing department, which likely doesn’t use bandwidth-intensive systems for work purposes.

Examining Internet use by employee and department (as opposed to the company at large) allows managers to evaluate resources using context and role-based usage information. There will always be employees and departments with different bandwidth needs than other staff members and areas of the business. It is essential to both an organization’s productivity and network health to properly identify and plan for those needs.

 

Practice No. 4: Invest in tools for your network that manage and document Internet Web usage

Once you have outlined a clear acceptable-use policy and understand the bandwidth needs of each department, the next step is to manage usage by utilizing tools to allocate bandwidth tiers by person, department and even Web site. Those departments that have been found to require more bandwidth than others can be given priority access to the available bandwidth. Departments and employees that do not require priority bandwidth can be placed in lower bandwidth tiers so that their network activities do not impact organizational productivity.

Tools available today also enable the whitelisting and blacklisting of Web sites so that mission-critical services get priority bandwidth and Web sites that are not work-related get limited or no bandwidth. For example, Web sites such as salesforce.com or other Web-based applications are whitelisted, while Web sites such as youtube.com may get blacklisted and receive no bandwidth. Managing bandwidth by Web site ensures that available bandwidth is used for work-related Web sites above all others.

IT, human resources and department managers can leverage these capabilities to easily enforce corporate Internet use policies. Several tools even provide alerting and reporting capabilities so that infractions can be identified quickly and documentation of these instances is automated.
 

Entire Article

Popularity: 56% [?]