School’s not quite out, but the results are in.

You know that there’s been a seismic shift in the US Government’s communications strategy when guidelines are published by the government for agencies about how they can adopt social networks to deliver a better customer experience.

We can all applaud the good – when the magnitude 5.8 earthquake shook the East Coast in August, the Department of Homeland security was quick to tweet advice on getting in touch with loved ones via social networks, eschewing phone lines which were getting clogged.

But before we get carried away, we need to put this success in perspective.

Just last week, news was released that Air Force One’s flight plans were inadvertently leaked when a Japanese air traffic controller decided to post them on his blog to show off to his friends.

Who needs Wikileaks when you have to contend with the foibles of your own staff?

The threat of malware infection continues to loom large, as our own Jae found out to his chagrin.

There is no time to be complacent.  This is why we’ve knuckled down and begun the process of testing our platform for federal government usage.  We’ve kicked of with subjecting Vantage and Unified Security Gateway (USG) to the rigorous tests conducted by Science Applications International Corporation (SAIC) Labs.

It is with a mixture of post-exam relief, pleasure and pride that we can reveal that (drumroll please…) we have met the initial requirements for Common Criteria IA SL2 and The Federal Information Processing Standard (FIPS) 140-2.

The process is by no means over, but we’re certainly well on the way, but it’s another confirmation that Federal Agencies can rest assured that our solutions are robust, enterprise-ready and will do what they say on the ‘can’.

Regardless of media – it could be Jabber, Microsoft Lync or Facebook – we can monitor, track and archive content to protect against unsanctioned disclosures and security threats.

What is YOUR federal agency doing with regard to new communications modalities?

Social Media and Cloud Security, are they on the new Federal CIO’s radar?

Last week, it was announced that Steven VanRoekel would be replacing Vivek Kundra as the CIO at the Office of Management and Budget (OMB).  It’s a high-profile position that essentially puts VanRoekel in charge of the federal government’s IT budget – currently about $80 billion a year.  A tidy sum of money.

So, as VanRoekel assumes his new role, all eyes will be focused on how he handles the projects he’s inheriting from Kundra as well as new initiatives.  Of the former, issues such as data center consolidation and the “cloud” are top-of-mind.  Recently, much of the buzz, both in the government and in the private sector, has revolved around Web 2.0 and social media.  However, they’re just two components of an overall security strategy.

VanRoekel must also take into consideration other types of application that factor into a comprehensive cybersecurity strategy.  These days, hackers are pretty sophisticated and are quite adept at exploiting encrypted traffic to pass along viruses or other types of malware.  For instance, unified communications (UC) platforms, such as Jabber, Microsoft OCS and Lync, and IBM Sametime, all enable federation, which is the ability to communicate with others who are not members of your UC community.  The danger here is federating with outside networks that may present unknown risks, like viruses, hackers, enemies mining for confidential information, etc.

The same analogy holds for the “cloud” initiative.  Cloud computing is all the rage, but there’s no shortage of companies and government agencies that are incredibly leery of turning over key computing processes and applications to the cloud.  Security is almost always the first issue mentioned when talking to skeptics of the cloud.  Multi-tenancy (i.e., sharing physical appliances that have been logically partitioned), data storage off-premises, and the relatively short history of this computing paradigm send shivers down the spines of the most experienced IT practitioners.

With the Internet being a global resource, the potential scope of security breaches is immense.  Sophisticated hackers might reside in the US, China, Russia, Iraq, North Korea; you just never know.  It is under this backdrop that VanRoekel will have to drawn upon his experience in the private and public sectors to devise a strategy addressing all of these security concerns.  A daunting challenge for sure, but absolutely attainable, given today’s technology.

Wouldn’t you agree?

Defaulting to the closed door. Day Zero protection in a Facebook – Skype world.

Social media is often typecast as a dynamic technology segment where, in the blink of an eye, you can miss the latest viral video on YouTube or the latest casualty of an erstwhile social media darling (RIP, MySpace).  Thus, it’s no small feat to keep up with the continuous feature, product, and service enhancements emanating from the labs of Facebook, Twitter, and their brethren.

This week’s announcement of the Facebook-Skype integration sent shockwaves at typical lightning speed.  And for  those organizations who have embraced not just Facebook but also Skype and other forms of real-time communications now seek to understand what this integration means to their security and communications infrastructure, we have some words of comfort.

Many times, compliance,  legal, and IT security departments need some time to digest the implications of these new features on their business.  So being able to block new features by default is a necessary requirement for enterprise organizations.   Hark back to the early days of the firewall, when it was incredibly important to ensure that the default setting, when you implemented a new system, was to block and then open access.

That’s where we are with social media now.  With more than 530 changes to the major social networks (Facebook, LinkedIn, Twitter)  in 2011 alone, security issues rear their heads with every new feature, especially when we look at the world of P2P communications.  Long heralded as the darling of intrusion detection, Skype’s encrypted nature and ability to tunnel through any open port on a firewall makes it a unique and beloved communications tool.  But at the same time, it’s also a risk for some organizations that cannot – and – will not allow encrypted traffic on their network (unless they know the key).  And when I look at the requirement from the new Facebook Video Calling application to install an .exe file in order to use the plugin, I head back to my roots in the UK IT Security space and think that’s not necessarily something we as security professionals want our end users doing.

Here at Actiance, we were able to provide DAY ZERO protection to our customers – blocking access to the new Facebook Video and Calling capabilities.  As a default, we block new features to ensure that our customers can then decide their policies.  And, with a decade of experience dealing with real-time changes to networks and communications platforms, it comes as second nature to our team to provide these capabilities.

That said, did I install Facebook Video Calling?  Of course.   Am I using it?  Of course.  Do I like it?  I have to say, “Wow, yes.”  Being that Skype and Facebook have been, since I moved to the USA just over a year ago, my primary forms of personal communications with the folks back home, having these two communications modalities in a single login is sweet.  Oh yes, I like it.  I like it lots.

Keep It Simple, Stupid

We’ve all heard this saying before and it’s easy to get lost in the bewildering array of communications channels available to us. There’s the usual email, instant messaging networks (Yahoo!, Google Talk), peer-to-peer networks (Skype), enterprise IM applications (IBM Sametime, Microsoft Lync/OCS), and social networks (Facebook, Twitter). And these are just the big boys. There are literally thousands of IM, P2P, and social networks, in addition to those listed above.

To give you an idea of the bevy of tools out there, the US Department of Agriculture (USDA) uses over 21 different email systems, but they’ve recently decided to award Microsoft a contract to provide cloud-based email, Web conferencing, IM, and collaboration solutions. Similarly, the US General Services Administration (GSA) awarded an email contract to Google. What this goes to show is that messaging in large organizations (in this case, it’s the government) is starting to move to the cloud as companies look for ways to streamline their messaging systems, improve efficiency, and cut costs.

What with all these communications options available to end users, it’s all too common for folks to use Facebook, Yahoo!, or Skype while they’re at work on company-issued computers. Oftentimes, individuals use a combination of Web 2.0 (think Facebook or Skype) and enterprise (think Microsoft Communicator or Cisco Jabber) applications. The problem with doing so is that it opens up new vectors for malware to invade the corporate network. In other words, there are far more avenues for evil to infiltrate the corporate network these days than ever before.

Thankfully, platforms like Actiance Vantage make it easier to manage the proliferation of communications tools within the enterprise. From blocking virus attacks to managing file transfers to logging and archiving of all IM activities, Vantages provides end-to-end security and compliance coverage for an organization’s unified communications.

We can all learn a lesson from the government contracts cited above. Long ridiculed for being the poster child of bureaucracy and antiquated computer systems, it must be saying something to have two large agencies moving their communications applications to the cloud. Looks like the US government has taken heed of that old KISS principle after all.

Get Smart with FaceTime

Kailash Ambwani is FaceTime’s CEO and President: 

Normal
0

false
false
false

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”;
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}

Today
is an interesting and memorable day for FaceTime.  Earlier, Apple introduced their next
generation iPhone and announced that it will use “FaceTime”  as the trademark for its new video calling
application. 

 

I’m
intrigued with the way that the use of the term “facetime” has evolved since we
named our company about a decade ago.  Ten
years ago, our solutions were for Instant Messaging and other “virtual facetime”
applications of that ilk.  Now,
“facetime” will refer to an application that enables callers to see one another,
while using a mobile device and that makes me reflect on how far we’ve come.

 

Today’s
announcement echoes our long held belief that the Internet has changed – from
one-way information delivery to two-way communication and collaboration. The
New Internet is increasingly about communications,
collaboration and communities – whether it’s social networking, instant messaging
or now video calling, users are increasingly bringing these tools into the
workplace (if you didn’t yet check out the results of our fifth annual survey –
then you’ll find some evidence of that here)

 

Our
agreement with Apple to transfer the FaceTime trademark to them comes as we are rebranding our company to better reflect our
capabilities.  From our virtual facetime beginnings 10 years ago, our
solutions have continued to evolve and renaming our company will better reflect
how we help enterprises leverage new communication in a secure and compliant
manner.

 

So,
it’s an exciting day.  When I look around
at these new communications tools – like a video calling application on a phone
-I’m reminded of the old TV shows (I want no comments or jokes about my age…) with
secret agents running around with video watches tracking down the bad guys.  It’s amazing what we can now do.  I guess shoe phones and the cone of silence
aren’t too far away. 

Good thing our
company will be there to keep the networks and the data secure and compliant.

Secure and Enable the New Internet

Last month we announced that Check
Point Software Technologies had purchased our application database for use in
their products. According to Check Point, this technology will “… provide
businesses unparalleled granular control over application usage and enable
security administrators to prevent threats associated with the use of certain
Internet applications. Check Point will offer this new level of security
controls as a Software Blade that will be available for all gateways.” (read their
release here: )

This deal reaffirms our leadership
in the Web 2.0 security space. More importantly, it highlights the growing need
for network solutions that provide visibility and control at the application
level not just at the port & protocol level. Check Point sees this need and
will use our database to provide application level control. Application level
control will become the price of entry in the Firewall
market.

But beyond visibility and control,
what enterprises are asking for is “enablement”.

• How do I allow access to Facebook or
  LinkedIn and stay in compliance with FINRA or FERC or HIPAA or PCI or [insert
  your favorite regulation here]?

• How do I allow access to YouTube
  videos but not the inappropriate stuff?

• How do I allow access to blogs and
  wikis and webmail but ensure that confidential information if not getting
  posted?

Our customers realize they can’t
block access to the New Internet
– they must enable it.

Which is why our mission statement
reads “Secure & ENABLE the New Internet”

How are you and your organization enabling the new Internet?  What tools and applications do you need to secure to effectively enable your team?

Finding the Application Needle in the Traffic Haystack

It seems as soon as a new technology is adopted into mainstream business, a whole host of support technologies soon follow to fill in the gaps and solve the new issues that are created. Consider the enormity of the anti-virus market that was created after the ILoveYou Virus hit in 2000, and the addition of URL filtering to enterprise IT’s checklist of “must-haves” following the adoption of the Web browser.

 

The good news is that browser based traffic is now monitored and managed in most organizations. So, what’s the next new technology? Always one step ahead, employees have turned to other real-time applications including social networking platforms, IM, peer-to-peer file sharing, Web 2.0 VoIP and conferencing applications. And the next new technology solution? Application filtering.

 

This week, FaceTime announced that we’ll begin licensing our application inspection and classification technology, called ACE (Application Control Engine), to other network security vendors. This same technology is at the core of our Unified Security Gateway product, detecting and classifying more than 1,400 Web 2.0 and real-time communications applications and more than 50,000 social networking widgets – a number that grows daily.

 

This is the new frontier for Web security, as Sarah Perez points out in her analysis of how Web applications fly under IT’s radar,

 

“… when users become their own I.T. department, they’re unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn’t make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company’s data at risk, they could also be breaking various compliance laws as well.”

 

Sarah’s analysis is spot on. She goes on to point out that

 

“If FaceTime’s ACE or other similar technologies become a mainstay in the enterprise I.T. toolkit, the explosion of Web 2.0 for business use, a trend typically called Enterprise 2.0, may be dealt quite a blow. The only Enterprise 2.0 apps that will succeed given that scenario will be the ones that worked with the I.T. admins from the very beginning to assure them of their safety. The apps reliant on a slew of the company’s rule-breaking users for adoption, however, will be out of luck. Perhaps being sneaky may not have been a great business model after all.”

 

From our conversations with IT managers and through our annual study of usage trends, end user attitudes and IT impact, it’s clear that the number of unsanctioned applications on enterprise networks is exploding because the nature of the workforce is changing. In fact, one in three employees say they feel they have the right to download whatever applications they need to do their jobs, regardless of policy. And interestingly, one in three IT respondents believe that written policies are ineffective methods for controlling enduser downloading of applications.

 

Given not only the sheer number of Web 2.0 applications but their obvious increased rate of adoption in business, I believe we’ll eventually see application filtering become standard, and most likely even more important, than URL filtering is today.