Businesses Struggle To Control Social Networking 131
Lucas123 writes "Businesses in highly regulated industries are trying to strike a balance between workers who use social networking sites such as Twitter, Facebook, and LinkedIn to communicate, and trying to satisfy federal requirements to monitor, capture, and audit all forms of electronic communications. As with instant messaging a decade ago, corporations are first blocking all access to the applications, and then considering what tools may be available to control them in the future. A cottage industry is being built around software that can not only control access to social networking websites but also ensure conversations over those websites can be stored for electronic discovery purposes."
WTF?!? (Score:3, Interesting)
From TFA:
Seriously. What idiot wants his financial transactions posted on FaceBook?
HTTP over SOCKS over SSH over SSL thankyouverymuch (Score:3, Interesting)
Websense can suck it.
Re:Why not block them entirely? (Score:3, Interesting)
Slashdot has saved the place I worked more time than I've wasted reading it. I've learned how to do stuff that I would never find reading Tech Manuals and taking classes.
Practical application of practical experience is way better than theoretical classes on optimal situations.
Department of Defense is struggling with this also (Score:5, Interesting)
The DoD has been struggling with this same issues as well, they recently issued guidance that opened up social media on their networks.
http://socialmedia.defense.gov/index.php/2010/02/26/dod-official-policy-on-newsocial-media/ [defense.gov]
Re:WTF?!? (Score:4, Interesting)
There's rules about what financial advisers can and can't advertise with. Basically, everything they put out to the customers usually has to be put through their broker dealer's compliance department. "Offering the same warning they did more than a decade ago" just means reminding them that if you're using Facebook or Twitter to communicate with your clients you better be putting it through compliance first.
Re:Why not block them entirely? (Score:3, Interesting)
My employees have two rules to follow: 1. Get the job done. 2. Don't embarrass the company.
Seems reasonable, but Number 2 may be harder than you think [inc.com].
Re:Why not block them entirely? (Score:5, Interesting)
Disclaimer: This management method looks like it would be a bitch to scale.
Good point; it may be worth considering that if your company is so big that treating people like human beings doesn't scale, it's time to break up into smaller, more manageable units.
I read somewhere that 3M Corp actually does that, breaking off independent business units for each product line. As soon as a particular unit gets to be above 300 people, they figure, they can safely be split in two. If one of the two parts can't survive on its own, they let it die, as it was probably a drain on the bottom line anyway.
Re:Why not block them entirely? (Score:3, Interesting)
But another one of the things I do "different" is that I hire people based on brains, not skills or experience. Not that the latter two aren't important, but that having brains will get you skills and experience, but skills and experience don't get you brains.
I also pay more than everybody else. The point: Compliance is easy. Trust is hard. Guess which one I've decided to concentrate my energies and money on?
Re:Why not block them entirely? (Score:3, Interesting)
Amen.
The only thing we need to do to get a proper perspective on this problem to change the headline slightly:
Businesses Struggle to Control Their Staff
Suddenly, it becomes crystal clear that this is an administrative issue more than it is a technical one. Yes, compliance with federal regulation is a daunting task. It's not even reasonable to attempt it without active buy-in participation of the employees. I don't want to go all Princess Leia on you, but there's a point to be made about tightening one's grasp too far.
Consent and a collective sense of responsibility are far more powerful tools when dealing with issues like confidentiality and corporate ethics.
Re:Why not block them entirely? (Score:3, Interesting)
Things I've learned about on Slashdot, while waiting for old style shit to get done ....
I learned of RIS (WDS) on /. and was getting ready to deploy it when I heard about DriverPacks on /. and then about using MSI based silent installers, and combined them all to now set up a workstation from scratch.
Before I read about such things on Slashdot, I used to run around and use Windows XP CD to install XP by hand, manually typing in Product keys and what not. Four to six hours of babysitting installs. Per computer.
Now, I can RE IMAGE a machine using RIS (WDS) with about 5 mins of tech time. It provides a consistent installation base for all users.
Map "My Documents" to Network Share and now you have a system where I don't care what is wrong with it, I just re-image it. Virus? Don't care. Hardware failure? I don't care. Crappified computer? I don't care.
I don't have to spend hours trying to fix something. Now it takes five to ten minutes of my time, and less than two hours total time to have a fully patched (slipstream patches to the RIS image) and ready system.
So, compared to the former ways of doing things, I now have the time to work on more interesting projects. We can get more done with less people, provide better service and support, and respond quicker to problems and resolve them more quickly.
THAT is just one example of a "how to" found within the comments of /. Oh, BTW, this solution cannot be found anywhere in any training for any certification that I've ever seen.
Solving a real problem with real innovative solutions that requires experience and a bit of creativity.
So yeah, /. has saved thousands of man hours.
Re:Why not block them entirely? (Score:3, Interesting)
See Dunbar's number [wikipedia.org]. This is a concept covered, as my Anonymous sibling is correct to believe, in The Tipping Point by Malcolm Gladwell.
Re:HTTP over SOCKS over SSH over SSL thankyouverym (Score:3, Interesting)
Meh, when done right, it just looks like a long ssl and/or vpn tunnel session.
You really cannot do much to filter/firewall this sort of bypass for the technical user. Unless you allow whitelist-only access to https/ssl sites and/or force corporate-only machine access with corporate-installed SSL CAs that decrypt SSL traffic and re-encrypted (putting the corporate proxy as a man-in-the-middle) you have no way to stop this.
The real trick is blocking all "leaking" dns and apps. Socks leaks badly, as does flash, java and many other plugins. Just firewalling all outbound traffic except your tunnel works, but will require a dedicated machine.
http to a remote proxy over openvpn (ssl) is a bit more efficient than socks over ssh and clearly better than socks over ssh over ssl.