Security Basics mailing list archives
RE: Allowing access to social networking... securely?
From: "Robin Smith (FaceTime)" <rsmith () facetime com>
Date: Wed, 20 May 2009 16:13:29 -0700
Disclaimer: not a product advert, despite what the first sentence may lead you to believe! We have a product that among other things has categorised the apps in several popular SN sites. Part of the research behind producing this was to talk to our customers about how they use SN; I've since spoken to quite a few more customers/prospective customers. For those that allow access to SN sites, we got a very similar response when asking how much productivity do they think they lose to SN or Facebook in particular. Two working days, per person per month or thereabouts is often the response - and alot of the time they've actually measured it. When you consider that I alone spoke to companies ranging from 200 to 100,000 users (totalling about 275,000 users), well the maths isn't complicated...One of our customers saw one particular offender that was tracked actively clicking about on Facebook for 7 hours out of their normal working day. That said, for those that allow full access to SN (i.e. they don't even block the games / video / messaging / file sharing apps during working hours, which alot of our customers do), their reasoning is that although it infers exposure to lost productivity and the possibility of Data Loss, it reinforces their positive working environment policy and actually helps with staff retention and attracting new staff, e.g. onto University graduate schemes. So the push to block sites like Facebook isn't necessarily from HR, although that obviously varies by individual company and the vertical industry in which they operate. Another side of it is that we see companies who want to give their marketing department access to certain things to allow them to run promotions or advertisements, their developpers might be producing an application and they might have HR running recruitment programmes, so different people may actually need access to parts (not necessarily all) of the SN sites for legitimate business use. My point here is that yes, SN sites can eat up staff time and yes, they can introduce potential security risks, but we're seeing more and more corporates embrace SN, because they believe they can't afford not to. Ultimately, as Krymson correctly states, it's not an IT problem; it is for the company to define their policy, but IT need to provide the enforcement mechanism (assuming it is possible to implement!). -- Robin Smith - FaceTime EMEA Technical Manager T: +44 (0) 118 907 6385 M: +44 (0) 7769 702 792 USA: +1 (650) 631 6453 W: www.facetime.com ________________________________ From: listbounce () securityfocus com on behalf of krymson () gmail com Sent: Wed 20/05/2009 19:30 To: security-basics () securityfocus com Subject: Re: Allowing access to social networking... securely? I don't think any discussion on Social Networking or employee productivity is complete without mentioning the HR component. Too often web filters are crutches (excuses/scapegoats...) for what is otherwise poor management, poor employees, and poor HR practice. I don't think productivity should be mentioned or used by IT or security as part of the reason for or against filtering/SN. This is all very easy if HR puts their foot down one way or another, but it is difficult for IT to know what to do with questionable personal or social sites when they may not directly have malware, etc... ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Re: Allowing access to social networking... securely?, (continued)
- Re: Allowing access to social networking... securely? Kurt Buff (May 20)
- Re: Allowing access to social networking... securely? krymson (May 18)
- Re: Allowing access to social networking... securely? Stephen Mullins (May 19)
- Glassfish Apache and Tomcat All attONCE ? Mattias Hemmingsson (May 19)
- Re: Glassfish Apache and Tomcat All attONCE ? Carsten Heesch (May 19)
- Re: Re: Allowing access to social networking... securely? chmod1777 (May 19)
- Re: Allowing access to social networking... securely? Michael Schaefer (May 20)
- RE: Allowing access to social networking... securely? Ian Bradshaw (May 20)
- Re: Allowing access to social networking... securely? Michael Schaefer (May 20)
- Re: Allowing access to social networking... securely? krymson (May 20)
- Re: Allowing access to social networking... securely? krymson (May 20)
- RE: Allowing access to social networking... securely? Robin Smith (FaceTime) (May 21)
- Re: Re: Allowing access to social networking... securely? chmod1777 (May 21)
- Re: Re: Re: Allowing access to social networking... securely? lmaia (May 21)
- RE: Re: Re: Allowing access to social networking... securely? Ian Bradshaw (May 22)
- Re: Allowing access to social networking... securely? krymson (May 22)
- Re: Allowing access to social networking... securely? krymson (May 22)
- Re: Allowing access to social networking... securely? Patrick J Kobly (May 22)
- Re: Re: Allowing access to social networking... securely? no (May 22)
- Re: Allowing access to social networking... securely? Patrick J Kobly (May 25)
- Re: Re: Allowing access to social networking... securely? Stephen Mullins (May 26)