Social networking is all the rage, with sites such as Facebook, Twitter, YouTube, Google, Yahoo and LinkedIn growing at an astounding rate. And it’s not just a teen or consumer fad anymore. The social web has emerged as a valuable business tool for the modern enterprise, touting rich applications with real-time interaction and user-generated content.
There is no denying that the social web is the new web. Nearly every enterprise is using it in one way or another. However, along with its enormous popularity comes enterprise-size risks, so in the race to maximise its potential, organisations must take due care to protect their business.
The following are 3 ‘must-have’s to securing the social web:
1. Acceptable Use Policy Control
31% of applications within Facebook contain adult content; 25% are games (Websense 2010 Threat Report)
Just tracking URLs is not longer sufficient for acceptable use policy controls. Taking Facebook as an example, the content on any given page may simply be social networking, but conversely, may include gambling, pornography or content that represents a security risk. So, to provide acceptable use policy controls in today’s social web environment, you need technology that scans the content on the page (not just the URL), in real time, as the user accesses it. This ‘real-time content classification’ must be done at the gateway for both HTTP and HTTPS protocols and is the only means of getting the visibility and control necessary to enforce acceptable use policies.
2. Malware Protection
80% of websites with malicious code were legitimate sites that have been compromised (Websense 2010 Threat Report)
The social web is built on a platform that is dynamic and script-based, and so too is the modern malware that lives within it. Like real-time content classification used for acceptable use policy control, enterprises must be able to perform real-time security scanning for malware on the social web. This includes scanning all code on the page in real time, at the internet gateway for both HTTP and HTTPS protocols – going beyond signature and reputation-based scanning to decompile Flash, JavaScript and the rest of the code on the page on the fly, to inspect for both legacy and modern attacks. Only with real-time security scanning can you get protection from modern malware in the social web.
3. Data Loss Prevention
Data loss via the Web is 4 times more likely than over email (Open Security Foundation Data Loss Database)
39% of malicious Web attacks include data-stealing code. And one of the prime benefits of social networking is that users can share content. Of course, with all the malware out there and user’s ability to share content comes big risk – risk from data theft and loss. While your first instinct may be to block all posts to Facebook, this can erode the utility of the application. What’s more, how you identify data loss is critical to stopping it. Using basic keywords and regular expression-based detection, for example, may sound simple but can often lead to false positives and negatives – lacking the necessary workflow and reporting to effectively manage incidents. Instead, a more effective apporach is to incorporate accurate data detection and contextually aware controls for DLP (either as part of a secure web gateway or full data loss prevention solution) that safely enable good business processes. This approach allows you to, for example, prevent sensitive and regulated customer information from being uploaded to any social networking, personal email or personal storage site, but lets that same data be posted to SalesForce.com, your CRM solution. With accurate data identification and contextually aware controls, you can safely enable use of social networking and cloud-based applications simultaneously.
The social web represents opportunity and innovation – making it impossible for organisations to ignore in today’s competitive economy. To find out more about how you can use it safely and productively, download the Websense White Paper or contact your Nike Account Manager on 0871 200 3730 / email sales@nike.co.uk