Corporate social networking: Assessing risks and benefits

It seems the world is fast dividing into two camps, those who think social networking sites and Web 2.0 are insecure and should be banned from business, and the rest.

Reasons for banning corporate social networking range from the waste of productive work time and also the potential for leaking confidential information. Recent social network security breaches at popular social networking sites such as Facebook only underline the dangers.

 We are assessing the risks of social networking sites
Brian Barber
Head of Information SecurityStandard Life

But in the opposite camp, there is a growing band of companies that feel social networking technology, and the use of other tools such as wikis, could actually help boost productivity, rather than reduce it. Their only question is how to do it in a secure way that does not expose the company.

One company considering lifting the ban on corporate social networking is the insurance and pension company Standard Life. Speaking at a conference this week, the company's head of information security Brian Barber said the company was reviewing its current ban and "assessing the risks of social networking sites." He acknowledged there are potential benefits to be had from their use, but that it would need to be done carefully.

The change of heart at Standard Life is symptomatic of the wider mood. At another unrelated event in London, 20 companies got together to sign up for a new organisation, the Secure Enterprise 2.20 Forum, whose goal is to raise awareness, define best practices, and encourage the secure use of Web 2.0 technologies in the enterprise.

The Forum is the idea of WorkLight Inc, an Israeli-owned company formerly known as Serendipity Technologies, which produces software to deliver Web2.0 applications within the organisation. The company's head of marketing David Lavenda said his aim was purely to get the group started and 'turn it over to the user community."

The first meeting attracted security chiefs from some large companies in financial services, such as Standard Chartered Bank, Credit Suisse and Reuters.

"I was surprised at how open they were to the idea of letting staff use Web 2.0. One guy said we can only keep our finger in the dyke for so long. So they're really interested in exploiting new opportunities."

Simon Riggs, the head of IT security with Reuters, summed up the mood of the group in a written statement: "Web 2.0 solutions not only increase internal employee productivity and collaboration, but also enhance the interaction with clients using widgets and gadgets and other innovative solutions. This added-value cannot come blindly at the expense of security; you've got to consciously trade off the relative risks and benefits."

A second meeting takes place in the US in six weeks time, probably in New York, where 20 or more companies are already signed up to attend.

WorkLight's Lavenda said future funding and organisation of the group was yet to be decided, although one likely organisation to take charge of administration is the Open Group, which also runs the Jericho Forum and was present at the London meeting.  The Secure Enterprise Forum is open to users and manufacturers.

BT partners with Blue Coat for secure Web 2.0 

In a separate announcement, BT unveiled its own vision of how to make (secure) use of Web 2.0  social netoworking by revealing a global deal with Blue Coat Software that will allow it to deploy and enforce fine-grained policies across its network to reflect local tastes and sensitivities.

"We see this part of our corporate social responsibility programme to be as flexible as we can be with staff," said Ray Stanton, who heads BT's global security practice. "It used to be that you either allowed all access or blocked all access. But customs and practice vary around the world so we have to reflect that." For instance, staff in the Middle East might need to be protected from some Western sites they might find offensive.

BT has completed 75% of a global roll-out of Blue Coat's ProxySG appliances to manage web usage, accelerate content and help manage bandwidth consumption. Stanton said the Blue Coat products give BT the ability to set policies down to a fine level of granularity, and to monitor web usage at a fine level.

"We want to encourage our staff to be innovative so we need to give them the right tools, and to trust them to use them properly," said Stanton. "The Blue Coat product will save us a huge amount of management time in managing policies around the world."


Read more on Network security management