Inhibiting employee use of Web 2.0 applications is a double edged sword

(07/10/2009)

With strong evidence now emerging that allowing employee access to Web 2.0 sites is beneficial, many organisations are starting to reverse their decisions to ban the new internet. However, with no controls in place to manage sites accessed and content posted, companies are still in danger from data leaving undetected, employees posting negative and possibly libellous comments and escalating bandwidth usage.

Organisations that do not take full control over the use of Web 2.0 applications at work run the risk of data leakage, fines and a reduction in productivity, whether they ban their use or not. Businesses caught in the middle of the "Facebook Face-off" with employees should look to embrace the new internet, whilst using technology to control content posted at work to blogs, social networks and from personal web mail accounts.

"Inhibiting employee use of Web 2.0 applications is a double edged sword," says Nick Sears, VP EMEA of FaceTime Communications. "On one hand it's almost impossible for companies to ban their use with traditional security technologies, on the other preventing employee use of such widely used tools can curb moral, slow down decision making and generally impact on day to day productivity."

For employees prepared to go against company policy, FaceTime points out that in most cases no technical knowledge is required to get applications such as streaming audio and video, file sharing and collaboration tools running on the corporate network. Many of the thousands of Web 2.0 applications now available do the work for the user and bypass conventional firewalls and URL filters by hopping from port to port, using encryption and non-standard protocols, and tunnelling over HTTP.

"Whilst it's much harder to stop employees from doing the wrong thing out of work, if they are on the company network then most organisations have a duty to ensure that all electronic communications are controlled and recorded," continues Nick Sears. "With the technology available today there is no excuse in allowing staff to post comments or upload files, without being able to control the content."

The law is not clear yet over employees making their views clear on social networking sites outside of work. It does not wish to infringe on the freedom of speech, but it also recognises an organisation's need to protect its reputation. The outcome in New South Wales, Australia, of six prison officers that made a complaint to the Industrial Relations Commission after being threatened with the sack over several posts on Facebook, may show which way the future lies.

Earlier this month FaceTime launched version 3.0 of its Unified Security Gateway (USG), the first secure web gateway to combine content monitoring, management and security of Web 2.0 applications, with URL filtering, malware and web anti-virus protection. USG 3.0 provides granular control of not just Web sites and internet applications, but also the content posted to blogs, wikis, webmail and social networking sites such as Twitter, Facebook and YouTube.

A highly visual reporting engine gives an innovative birds-eye view of user behaviour across Web, IM, P2P and social networks. New integration of on-board antivirus scanning technology in combination with USG's URL filtering and malware engine reduces the risk of Internet-borne malware and viruses.

"User activity monitoring and reporting is key for us at Pernod Ricard," comments, Tina Hart, Technical Projects Analyst, Pernod Ricard, Inc. "The new customisable reporting framework in USG will be of huge benefit to us and will give us much wider flexibility in the management of the device and a greater visibility throughout the organisation of Internet browsing trends."

Related topics:  Data management and data security   Internet and Web security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources