Context is king in the Web 2.0 world
The expansion of social media use in the workplace has generated something of a schizophrenic reaction in the business world, where perception of value has risen in almost direct proportion to the perceived risks. While more than half the global businesses responding to a recent Clearswift survey said they viewed social media as 'critical' to the future success of their organisation, 19% were nonetheless completely blocking access to it in the workplace. So what's going on?
In the face of recent high profile data spills and increased regulation, it's tempting for companies to want to lock everything down. But this isn't realistic. Dynamic business environments call for flexibility. Context is everything when it comes to deciding what information needs to be blocked or controlled – and when.
The best web security starts with policy. And flexible policies mean organisations don't have to sacrifice security for agility and innovation. An organisation's policy should reflect the way it does business; for example, an architecture firm may wish to limit music downloads but allow the easy exchange of CAD files. Policy should dictate technology, not the other way around.
Bend or break
Flexible policy moves beyond simple URL filtering, enabling productive use of web applications or social media without exposing the business to data spill, intellectual property theft or malware attacks. Real-time scanning means that sites ordinarily deemed 'safe' – such as news sites or Facebook – can still be monitored for threats carried via Flash or Javascript, among others. This allows businesses to continue using social media applications without having to worry about them becoming a back door for attacks.
Context-aware scanning and policies also mean that the usefulness of social media/collaboration sites doesn't have to be undermined by blocking or limiting their functionality. Context-aware controls mean users can be prevented from uploading or exchanging sensitive information while continuing to exchange day-to-day data. Similarly, flexible policy means business-critical data exchange can be blocked or limited according to the nature of the application being used – uploading to LinkedIn may be a no-no but data exchange on something like Salesforce.com can be allowed.
Getting granular
Flexible policies mean granularity can be extended right down to individual user level, where different users with different access requirements are granted the appropriate permission to get their jobs done. It's not all work and no play, either; for employers who are happy to cut their workers a little bit of slack, access to sites such as Facebook can be allowed over lunch time, for example. Or maybe you're happy to trust users to flit in and out when they want – but block the games features. Flexible policy means you have complete control over the data flowing in and out of your organisation.
IT teams can now work with end users to set up structures that recognise the importance of different types of data, ensuring that protocols are in place that prevent certain categories of information from being transmitted or copied. Sensitive information may only be shared between approved users with a pre-recognised need to receive the information. At the very highest level, this can prevent data from leaving the organisation; at the lowest risk level, warnings for staff can be triggered, requiring them to check that they are not inadvertently attaching or copying data, or accessing potentially harmful material.
The benefits beyond the technology
Modern information security is about a lot more than just inbound threat detection. It's about the value and benefits beyond it: Being able to implement flexible policies that work with, not against, employees; simplifying solutions and reducing admin burdens so IT staff can dedicate more time and effort to proactive vigilance; educating your workforce and creating a visible, flexible policy that everyone is not only aware of, but understands the need for.
Smart devices and social media tools have become extensions of the company network; it's time to adopt more flexible policies that are capable of dealing with this reality. Policy, not policing, creates the confidence to tackle the negative side effects of evolving communications, while taking full advantage of the benefits.
To find out how Clearswift can reduce the complexity of Web 2.0 security, click here.