actiance enabling social_networks
DESCRIPTION
Learn how Actiance can help you Secure, Manage and Control your social network use.TRANSCRIPT
Enable Social Networks
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
So who’s using Social Media? And Why?
Sales & Marketing Promotions Advertising Branding
HR Background checks Recruiting
Scientists & Researchers Information exchange Collaboration
IT Investigation of security breaches
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Social Networking: Balancing Benefit & Risk
Risks & Challenges
Employee productivity– Control who can access what, when, and for how long
Content security– Introduction of malware
Brand and reputation protection– Allow “approved corporate posters” to self-moderate– Moderate posts from unapproved corporate posters
IP/Information Leak Prevention/NDA compliance– Sensitive, confidential term dictionary matching– Stop contract staff accidentally leaking your secrets– Quarantine posts for moderation by a reviewer– Quick deployment, no desktop touch
Compliance with regulation (e.g., FINRA, PCI)– Archive content– Stop credit card number patterns– Control specific content
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Web 2.0 & Social Networks Regulation & Compliance
SEC and FINRAObliged to store records and make accessible. Public correspondence requires approval, review and retention. Extended to social media.http://www.finra.org/Industry/Issues/Advertising/p006118
Gramm-Leach-Bliley Act (GLBA) Protect information, monitor for sensitive content, and ensure not sent over public channels (e.g., Twitter)
PCI Ensuring cardholder data is not sent over unsecured channels AND PROVING IT.
Red Flag Rules Prevent identity theft. Protect IM and Web 2.0 from malware and phishing when users are more likely to drop their guard.
FRCP (eDiscovery) Email and IM are ESI. Posts to social media sites must be preserved if reasonably determined to be discoverable. http://blog.twitter.com/
Regulation Social Network and Web 2.0 Impact
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Sarbanes-Oxley (SOX) Businesses must preserve information relevant to the company reporting.
Canadian Securities Administrators National Instrument 31-303 (CSA NI)
Retain records for two years, in a manner that allows “rapid recovery to a regulator,” Can extend to IM and social media.
Investment Dealers Association of Canada (IDA29.7)
Demands the retention of records with respect to business activities, regardless of its medium of creation.
MiFID and FSAMarkets in Financial Instruments Directive (EU)
Specifically requires the retention of electronic communications conversations when trades are referenced.
Model Requirements for the management of Electronic Records (MoReq)
European requirements for the retention of electronic records.
Regulation Social Networks and Web 2.0 Impact
Web 2.0 & Social Networks Regulation & Compliance
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
FINRA Regulatory Notice 10-06:Guidelines for Social Networks
SEC Rules 17a-3 and 17a-4 and NASD Rule 3110 Retain records of communications related to business
Public Appearances Electronic forum & chat rooms, content posted to social media may constitute a public appearance
Prior Approvals Wall postings require prior approvals
Participation Real-time participation on social networks equals participation
FINRA Regulatory Notice 07-59 For instance communications between research and investment banking departments should be restricted
Restrict PersonnelOnly those subject to firms supervision should have access, provide training prior to engagement, prohibit or restrict those who pose a compliance risk. Restrict access with technology.
Regulation Social Network and Web 2.0 Impact
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Financial Services Authority (FSA): Guidelines for Social Networks
Senior Management Arrangements, Systems and Controls (SYSC)
SYSC 9.1.1
An enterprise must arrange for orderly records to be kept of its business and internal organization.
SYSC 9.1.2 Records must be kept for at least five years.
SYSC 9.1.5 An enterprise should have appropriate systems and controls in place with respect to the adequacy of, access to, and the security of its records.
Policy Statement 08/1 Must record conversations on public and enterprise IM networks.
SYSC 3.1 A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business.
SYSC 10.2 Firms must take reasonable steps to ensure that ethical walls remain effective and are adequately monitored.
Financial Promotions Industry Update No. 5
All communications or financial promotions must be based on the principles of fair dealing. Adequate records of financial promotions must be kept.
Regulation Social Network and Web 2.0 Impact
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Enabling Social Networking: Solution Requirements
Identity management Ensure that all the different logins of an individual link back to corporate identity
Activity control Posting of content allowed for marketing but read-only for everyone else
Granular application control Employees can access Facebook, but not Facebook Chat or Facebook Games
Anti-malware Protect network against hidden phishing or Trojan attacks
Data leak prevention Protect organization from employees disclosing sensitive information
Moderation Messages posted only upon approval by designated officer
Logging and archiving Log all content posted to social networks
Export of data Export stored data to any email archive or WORM storage
Issue Control Requirements
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Simple SPAN/monitor port deployment to allow/block– Social Networking Widget Usage– Web 2.0 applications (~4,500)– Instant messaging (~200)– P2P (~200)– URL filtering– Anti-Malware
Unified Security GatewaySecure & Enable Web 2.0
Users
Active DirectoryGroup-based policies
LAN/WAN Internet
Switch
All In
tern
et Tra
ffic
Social Networking Control: Basic functionality
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
URL Filtering & Anti-Malware
Allow
Block
Coach
Time quotas
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Social Networking Widget Categorization
– Control access to individual social media sites
– Allow/block application widgets on popular sites
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
SaaS Infrastructure
• Fully Redundant Architecture
• End-to-End Failover
• Fully Redundant and Mirrored Database
• Extensive Network and Application Monitoring and Alerting
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Social Networking Feature Control
• Control features or areas of content posting by user or group
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Content Monitoring
Policy summaries
Easy-to-set policies– Archiving
– Moderation
Lexicons
Actions to take
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
eDiscovery of Social Networking Posts
Social networking activity and posts are captured
All the captured events are presented for eDiscovery and available for export to archiving platforms
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Moderation
Posts to Twitter/Facebook/LinkedIn held for review by the following criteria:
– All
– Keyword/dictionary matches
– Regular expressions (e.g., credit card/SSN patterns)
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Simplified Moderator Workflow
STEP 1User posts message on Facebook,
LinkedIn, or Twitter
STEP 2Socialite intercepts post and provides a notification that content is being monitored and will be posted only upon approval by the moderator
STEP 4• Moderator signs-on to Socialite reviewer
console
• Moderator reviews messages and depending upon appropriateness Approves or Rejects a message
• Moderator also has an option to leave a review comment for each post
STEP 5Accepted posts are sent to the network on behalf of the user
STEP 6Accepted posts are viewed by the user
STEP 3Moderator receives e-mail notification about pending messages
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
Moderator work queue & transcript review
Moderator queue allows bulk approve or each post reviewed individually.
A U VConfidential and Proprietary © 2011, Actiance , Inc. All rights reserved.
End User Experience
Toolbar displayed for each site, showing user’s post “queues”
User can click on their queues and see a list of the messages