Farewell Live Messenger, Hello Skype

When I started my career, I couldn’t have imagined how social my online work world would become.

Things like LinkedIn®, Microsoft® Lync®, IBM® Connections, and Skype™ are so integrated into my workday that connecting, IM’ing, and blogging with colleagues are all as natural and effective as sitting face-to-face over coffee.

Just like new ways to keep in touch with my colleagues and friends have emerged, some headed for the sunset like long-time friend Microsoft Live Messenger. But don’t say “Bon voyage!” just yet. You can use your Live ID to move your Live Messenger account and contacts to Skype today.

And if you’re a Skype user who works in a regulated industry like financial services, or if you work for a company that has other strict legal or corporate governance requirements, Actiance has great news! With Vantage™ for Skype, you can use Skype on your company’s network to stay in touch with the folks you need to get things done in a safe and compliant way.

It gives your company the tools it needs to meet strict requirements for regulatory, legal, and corporate compliance across a wide variety of networks, including Skype. And for a limited time, existing Actiance customers using Vantage or USG to support Microsoft Live Messenger can enjoy special pricing on Vantage for Skype.

So go ahead and start a Skype chat with a buddy in Santiago, share the latest product news with a colleague in Paris, or send a vacation photo to a friend in Vienna. With the trusted governance the Actiance platform provides, you can be sure you’re keeping the good stuff in while keeping the bad stuff out.

Enterprise Collaboration: Debunking Common Misperceptions

Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.

As social software becomes entrenched on the enterprise scene, now would be a good time to put to rest some common misperceptions and myths that have hung ominously over the space.  The Jive IPO and Microsoft’s acquisition of Yammer speak to the validation and adoption of social software as a viable means to enhance productivity and foster engagement.

So, with that as a backdrop, let’s take a look at some common misperceptions and see how we can’t allay these concerns:

Myth #1:  Social software isn’t subject to regulatory guidelines

Social media and social software may be new forms of communication, but that doesn’t mean they shouldn’t be logged and archived for regulatory compliance purposes.  In the eyes of the regulatory bodies (think SEC, FINRA, FERC, and similar), social software is just another form of electronic communication to be treated no differently than email.  That means that content posted to social software platforms needs to be supervised, logged, and archived to ensure compliance with applicable recordkeeping and monitoring provisions.  Since social software greatly facilitates collaboration, it’s very easy for individuals to bounce ideas (sometimes sensitive or unauthorized information) off each other and exchange files.  That’s why the regulators are interested.

Myth #2:  No one cares about social software eDiscovery

Anyone who’s lived in the US for any length of time will quickly and vigorously nod their head when asked, “Do you think the US is a litigious society?”  That’s like asking the Pope if he’s religious.  People do care about social software eDiscovery, and over the last few years, we’ve begun to see several cases emerge involving social.  Lester v Allied and Crispin v Audigier come to mind as particularly relevant cases involving social media eDiscovery.

In fact, Duke University conducted a comprehensive study and found that the number of eDiscovery cases jumped from 7 in 2003 to 111 in 2009.  The study cited that the #1 reason for courts issuing sanctions was a failure to produce electronic evidence (social software included).  And, like litigation in general, there seems to be no end in sight.

Myth #3:  Corporate governance has nothing to do with social software  

Au contraire.  Social software has everything to do with corporate governance, especially in an era where news travels lightning fast via social channels.  You needn’t look further than the Arab Spring to see the speed and power of social in action.

Good corporate governance entails having the appropriate policies and procedures in place for records retention, information governance, and conflict management.  It’s wide-ranging with the objective of instilling a sense of accountability throughout the company.  And this includes social software communications.  People use social software to brainstorm, debate, and even vent.  Say or write the wrong thing, and all of a sudden, it becomes a corporate governance issue.

Myth #4:  Plain ol’ capture is sufficient

Well, not exactly.  Following on from the discussion above, responding in a timely fashion to discovery requests sounds easy but comes with some challenges.  When you think about the volume of data floating around out there (emails, social software content, Facebook posts, Skype IMs, etc.), you’ll get a headache right quick.  Those headaches are compounded by the manner in which this content is logged and archived.

Many of today’s archiving systems just capture the content without regard to context.  We all know that people like to respond to blogs or other posts on social media.  When you’ve got a couple dozen people chiming in with their thoughts, feedback, even deleted comments, it’s easy to see the importance of capturing conversations in context.  There are just too many regulatory, legal, and corporate governance issues at stake to risk a substantial sanction or fine.

Off my soapbox now…

So there you have it – this author’s version of Mythbusters.  Like with most things social, it’s all quite fluid and dynamic.  What I just wrote today may be old hat tomorrow.  But, given that old-school concepts such as law and compliance still hold valid today, I gotta believe that the myths debunked above has some legs.

What kinds of myths are you seeing in your enterprise?

Spam going down

Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.

No, I’m not talking about one of America’s most beloved (or perhaps ridiculed) canned foods, but rather, the elimination of about half of the world’s electronic spam recently, thanks to a coordinated effort from several ISPs spread across the globe.  Their efforts wiped out and crippled the Grum and Lethic botnets, respectively, which together accounted for about half of the world’s spam.  Let that sink in for a moment.

Everybody that has ever touched a computer has likely received some kind of spam in their email inbox.  It’s annoying and never seems to go away.  Just goes to show that there will always be evil lurking in cyberspace.  I’m talking about folks who are solely focused on wreaking havoc, stealing passwords, launching denial of service attacks, or hacking into computer networks of some of the most secretive agencies in the world.  Whether they do it for fun, cuz they’re bored, or on someone’s payroll, I do not know.

The bottom line is that all individuals and companies have to be on their guard and not underestimate the importance of having the proper security measures, settings, and policies in place to combat the evildoers out there.  Nowadays, the wildfire proliferation of social media and other Web 2.0 sites has proved to be prime hunting ground for spammers (check out a blog entry we did earlier on this topic).

Passing along malware is no longer the domain of email; it’s now spread to sites like Facebook, Twitter, and Skype.  One thing that’s different about these sites (vis-à-vis email) is that they require a connection, friendship, or link to be established before you can receive content.  That wasn’t the case with email.  For instance, if Stevie were to receive a link from his buddy, Timmay, via Skype, Steve’s probably gonna click on that link since he trusts Timmay.  That link might not in fact be from Timmay, but rather, from some spammer in Estonia.

So, it’s all well and good that the amount of spam has been cut down for now.  But, like Wile E. Coyote’s lifelong pursuit of the Road Runner, I’ll bet a bomb shelter’s worth of Spam that hackers will continue to think up elaborate malware schemes that will make the Grum and Lethic botnets look like starter kits.

Of mice, men, and social eDiscovery

Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.

Having just returned from the Carmel Valley eDiscovery Retreat in lovely Monterey, California (author John Steinbeck’s stomping grounds), I walked away with the distinct impression that social media and enterprise collaboration applications were drawing increasingly more attention, both from the courts as well as the other vendors in attendance.

Why is this happening?  Well, there’s growing acceptance that social-type communications are subject to eDiscovery just like other forms of electronic communication (read:  email).  The list of cases involving social media eDiscovery grows longer each month.  All this reflects the growing demand for solutions that can capture social media and collaboration content in a way that preserves the interactive format of sites like Facebook, Twitter, blogs, and their brethren.

Capturing social content is one thing but to do so contextually is another.  The importance of context can’t be emphasized enough when it comes to social media and collaboration platforms.  That’s because their very DNA is predicated on constant interaction, be it feedback, replies, sharing, you name it.  You might have ten individuals responding one on top of the other to a provocative blog entry.  If an archiving system were to capture each of the ten persons’ comments individually without tying them back to the original blog entry, you lose all context.

Now, when you toss litigation into the mix, where expensive legal costs and tight deadlines are the norm, well, you can see how having accurate, contextual capture can save lots of time, money, and headaches.  Moreover, having a system in place that can handle a wide range of communications (e.g., instant messages, social media, collaboration, Skype, BlackBerry, and all the rest) brings efficiencies that would otherwise be absent if an organization chose to deploy multiple systems to capture all these different types of communication channels.

Point solutions are becoming too difficult to manage, too expensive, and prone to compatibility issues.  Having a single platform to manage all your communications channels, given all your security and compliance concerns, can certainly restore calm to an otherwise chaotic world of real-time communications.

That kind of simplicity even John Steinbeck would be proud.

Somebody’s Watching Me

The last couple of weeks have seen UK newspapers filled with stories over UK Government plans to expand its monitoring activities to include email and social media. The two extreme ends of the point of view being it’s either the only way to stop criminal activity or one step away from a draconian privacy invasion something a kin to 1984.

Neither extreme is accurate. Obviously the more seriously criminally minded will start to use other methods of communication that are more secure, if indeed they are not already. In a humorous look of the proposed legislation comedian and presenter of the BBC’s Friday Night comedy, Sandi Toksvig recently conjured up the image of two terrorists in balaclavas talking to each other on Skype saying “Yes, I promise you it really is me under here.” However, with the right controls, it can play a significant role in the fight against crime.

At the same time, most people don’t have time to read their own email, let alone anyone else’s. If Government was planning on checking content, which incidentally it says it is not, then it would have to be using keyword or lexicon search.

Type “bomb site:twitter.com” into Google and it is easy to see that just the profile names of tweeters alone would keep someone busy for a long time let alone the messages, so it’s clear that some intelligence would need to be applied to make searching content worthwhile. It also highlights the challenges of scale, something that defeated the Labour government in its attempt to introduce similar legislation in 2009.

Perhaps one of the key issues is that of trust. With stories of local councils using RIPA (Regulatory Investigatory Powers Act) to accuse citizens of flouting the school catchment rules, it’s no wonder many people are wary of giving any government power to see who they call or chat to over the internet. If the TV programme Spooks is to be believed, the security services already have the technology anyway and are using it to listen in to every mundane conversation, text stream and email conversation anyway so what’s the difference? This of course is a long way from reality. However, the monitoring of suspicious traffic is a logical and more importantly, justifiable part of the crime-fighters armoury and with the massive strides being made in keyword and lexicon search and identification technology, also relatively easy to implement.

It is not the ability to listen-in to me telling the world what I am having for dinner on Facebook that is the issue, but how much control is in place to ensure we know who can listen to what.

The bottom line is that the growth of social and electronic media use by the criminal fraternity is a serious threat to our national security and well-being. Last summer’s riots grew at the pace they did because of the use of technology such as Blackberry Messaging, SMS and Twitter and monitoring will allow for the police and security organisations to react quickly and effectively to protect our safety. Terrorist communications have been proven to often be in the form of cleverly coded electronic communications.

“Ah”, I hear you say, “but what about human rights?”. Well, I think we have a decision to make – either we take the view that logically, there will be far too much traffic to allow for any investigator to focus on anything other than posts, tweets and blogs that trigger alarm bells OR we do nothing and run the risk of the criminal element enjoying unparalleled freedom of communication. The real issue is one of checks and balances to ensure responsible application of regulations around monitoring.

For this reason the UK Government, and indeed the others that are bound to follow suit, must ensure that the legislation protects society, whilst also protecting the rights of the individual.

When we look at most industry regulation today, that means implementing the technology to enforce a policy, archive it and provide a full audit trail to ensure that actions are accountable and that only authorised personnel have access. This technology is available today and its use needs to be factored into any policy discussion by government

Although we will have to wait until the full plan is revealed to truly analyse the consequences, I think it is inevitable that this type of legislation will eventually come into force.  We live in a world where real-time communications is the norm, it is unrealistic to expect those we look to protect us to do so without the tools to combat others that use them for nefarious activities.

Six degrees of Zuckerberg? (aka Norv gets punked)

For those of you as old as me (and I’m pretty damn crusty), Six Degrees of Kevin Bacon meant something.  It was the informal game you’d play while chitchatting in a bar or tailgating at a football game.  Now, in an age where terms like “liking,” “friending,” “trending,” and “checking in” are all part of the urban lexicon, that game might have to be updated a bit.  In a recent study by Facebook and the University of Milan, the average number of degrees separating any two people on the planet was exactly 4.74, not the six degrees popularized by the Bacon game.

What does this all mean?  Well, in addition to being an exercise by data-loving researchers, it begs the philosophical question of “Is the world really that much closer?”  The ease at which we become “friends” on Facebook might have something to do with it.  The Internet (and social media in particular) shatters the concept of borders (notwithstanding the censors in countries like China), making the flow of information and “friendships” smoother than at any time in the past.

Of course, this has a dark side as well.  Hackers bent on unleashing viruses and other types of malware now have a bigger playground in which to play.  Exploiting “friendships” now can mean loss of sensitive data, compromised bank accounts, and severe embarrassment for those defrauded.

Yours truly, as a side note, was such a victim just this morning.  My Skype account got hacked and some nefarious soul was able to use up $75 worth of Skype credits for phone calls to Slovenia.  Really, Slovenia???  Just goes to show the Internet is a global phenomenon and sites like Skype are an inviting target because of its global reach. 

Hackers are well aware of social’s popularity and the inherent trust these sites breed.  Networks like Facebook, LinkedIn, and Twitter all require a pre-approved connection, friendship, or following before one can receive content from a particular person.  However, that same level of trust is a double-edged sword.  Even when I was dealing with Skype Customer Support this morning, it kept crossing my mind, “Was I REALLY dealing with Skype Customer Support or some punk in the Ukraine fleecing people from his dorm bed.”   

At the end of the day, we all need to be careful and cognizant that security risks will always be present when you’re dealing with the Web and all its new communication platforms.  It needn’t be just social media.  You’ve got instant messaging, peer-to-peer (think Skype again), blogs, Wikis – just to name a few – where security threats lurk.

So, the world may indeed be closer (1.26 degrees to be exact) but that doesn’t necessarily mean it’s a more trustworthy place.

Wanna get away? A Google engineer does.

This is not a Southwest Airlines promotion, but rather, a blog entry on how easy is it to mess up on social media.  None other than a Google engineer (as it’s a social world, you’ll likely know his name already – Steve Yegge) is the latest victim to be ensnarled in the social media web.  As most of you have probably heard by now, Stevie Boy ripped on his own employer in a Google+ post-cum-rant on the shortcomings of that very platform.  Of course, he meant the post to be visible only to his Google colleagues and not to the outside world.   Oooops.

There are oodles of smart folks at Google, but that doesn’t mean they’re immune to the occasional epic screw-up.  Just goes to show how easy it is to forget about who you’re connected to and what your privacy settings are.  Like many social networking platforms today, users have the option of selecting who their audience will be for particular posts and messages.  If you’re not careful (or perhaps too inebriated), it’s quite easy to let 800 million of your closest Facebook “friends” know that you were at the local pub to check out the Rugby World Cup, instead of lying in bed at home since you called in “sick” for the day.

It reads like a broken record throughout the copious blogs, articles, and conferences surrounding social media these days:  be careful what you put out there because you’re never gonna get it back.  Just the other day, I read an article, saying that only 26% of those who use Facebook daily were concerned about privacy on that site.  Pretty scary.  I guess we’re living in a fishbowl world and no one seems to mind.

That’s not true, of course.  Privacy and security will always be an issue for those persons or organizations where data confidentiality is crucial.  From patient health records to financial data to credit card numbers, the types of data that require the utmost security controls would be a long list indeed.  Companies like Actiance strive to bring peace of mind to those organizations in need of granular security and compliance controls.

Content comes in many shapes and sizes these days.  It’s not just social media.  There’s also instant messaging, BlackBerry, Skype, texting, collaboration software, and good ol’ fashioned email that people can use to communicate with one another.  And that’s not an exhaustive list.  As technological innovation chugs along, new communication channels will undoubtedly continue to emerge.

So, if you’re looking to avoid pulling a “Steve Yegge,” pay attention to the details:  know who you’re connected to, check your privacy settings, and try not to get too sloppy before Facebooking or Google+’ing at the end of the evening.

The House is on fire. We don’t need no water, just some Skype.

Wow, for you naysayers out there that think the government is slow, archaic, and behind-the-times, you may have to reconsider your position.  The House of Representatives has OK’d the use of Skype and ooVoo within its hallowed halls.  Up to now, security concerns had impeded adoption of these popular Internet phone and video conferencing tools, respectively, but now that those concerns have been addressed, the House is ready to move forward on its plan to improve communications and transparency with its constituents.

In these tough economic times where government budgets are strapped, leveraging technology solutions that tout cost efficiencies are gaining traction.  Moreover, technological enhancements and plentiful bandwidth are driving the government to look at other real-time alternatives.  Applications like Skype and ooVoo allow for virtual town hall meetings, facilitate responding to constituent inquiries, and obviate the need for travel in many instances.  The net effect is a fluid, cost-effective communications channel between representatives and their constituents.

Now, the House had every right to take its time in blessing the use of Skype and ooVoo.  Security concerns are justified, given the abundance of horror stories involving security breaches in government and other industries as well.  The problem with social media and other Web 2.0 applications is that their ubiquity opens whole new vectors for malware and other types of evil to infiltrate the corporate or government network.  The proliferation of content on these types of sites is mind-boggling – photos, videos, wikis, blogs, tweets, and the list goes on and on.  But, each one of these types of content can be a springboard for malware.

Given the viral nature of social media and the breadth of the social graph, it doesn’t take much for a virus to spread.  A simple, innocent click on a link to your friend’s supposed Morocco vacation pictures may not yield camel pictures, but rather, expletives flowing out of your mouth when you see the Blue Screen of Death.

That’s why you see so many security software and hardware vendors in the marketplace.  They’re there for a reason.  Not the sexiest technology, but definitely critical to your sanity and to the long-run viability of your company, or in the case of this blog entry, the House of Representatives.  Having security systems and policies in place to control the glut of Web 2.0-type applications out there (Skype and ooVoo are just two of the thousands) is downright essential.

Without granular controls of social media, instant messaging, video conferencing, and the like, safely managing that fluid communications channel between government and the constituents becomes that much more difficult.  Throw into the mix potential national security implications and one can see why security breaches aren’t taken lightly in government circles.

So, bravo to the House for giving the green light to Skype and ooVoo.  Now, I can Skype my congresswoman to fix that pothole in front of my driveway.

Defaulting to the closed door. Day Zero protection in a Facebook – Skype world.

Social media is often typecast as a dynamic technology segment where, in the blink of an eye, you can miss the latest viral video on YouTube or the latest casualty of an erstwhile social media darling (RIP, MySpace).  Thus, it’s no small feat to keep up with the continuous feature, product, and service enhancements emanating from the labs of Facebook, Twitter, and their brethren.

This week’s announcement of the Facebook-Skype integration sent shockwaves at typical lightning speed.  And for  those organizations who have embraced not just Facebook but also Skype and other forms of real-time communications now seek to understand what this integration means to their security and communications infrastructure, we have some words of comfort.

Many times, compliance,  legal, and IT security departments need some time to digest the implications of these new features on their business.  So being able to block new features by default is a necessary requirement for enterprise organizations.   Hark back to the early days of the firewall, when it was incredibly important to ensure that the default setting, when you implemented a new system, was to block and then open access.

That’s where we are with social media now.  With more than 530 changes to the major social networks (Facebook, LinkedIn, Twitter)  in 2011 alone, security issues rear their heads with every new feature, especially when we look at the world of P2P communications.  Long heralded as the darling of intrusion detection, Skype’s encrypted nature and ability to tunnel through any open port on a firewall makes it a unique and beloved communications tool.  But at the same time, it’s also a risk for some organizations that cannot – and – will not allow encrypted traffic on their network (unless they know the key).  And when I look at the requirement from the new Facebook Video Calling application to install an .exe file in order to use the plugin, I head back to my roots in the UK IT Security space and think that’s not necessarily something we as security professionals want our end users doing.

Here at Actiance, we were able to provide DAY ZERO protection to our customers – blocking access to the new Facebook Video and Calling capabilities.  As a default, we block new features to ensure that our customers can then decide their policies.  And, with a decade of experience dealing with real-time changes to networks and communications platforms, it comes as second nature to our team to provide these capabilities.

That said, did I install Facebook Video Calling?  Of course.   Am I using it?  Of course.  Do I like it?  I have to say, “Wow, yes.”  Being that Skype and Facebook have been, since I moved to the USA just over a year ago, my primary forms of personal communications with the folks back home, having these two communications modalities in a single login is sweet.  Oh yes, I like it.  I like it lots.

For the Love of Dodd-Frank

There’s been a lot of chatter recently over Dodd-Frank, the act that was passed to promote more financial stability following the crisis of 2008-09.  Designed to improve accountability and transparency in the financial system, it’s ushered in sweeping changes to financial regulation, unseen since the days of the Great Depression.  So you know it must be a big deal if it’s keeping lobbyists and lawyers busy in the nation’s capital.

What’s it all about?
Under Dodd-Frank, the Securities and Exchange Commission (SEC) must create rules to establish a fiduciary duty for broker dealers and provide disclosures of material conflicts by broker dealers and registered investment advisors.  If that statement is adopted, each broker dealer would be required to provide potential customers with a written statement, prior to working with them.  The broker disclosure statement would require that the written statement given to customers outline such information as:  description of the types of accounts and services that the broker dealer provides, any areas of potential conflicts with such services, disclosure of all financial and other incentives, and the limitations on the duties a firm owes to its customers.

Translation?  Broker dealers must be completely forthcoming and open when they’re prospecting for new business or new customers.  And they have to be very clear from the outset what kinds of services they can offer, any potential conflicts of interest, and other such items.  This puts a tighter leash on broker dealers and you can bet that the regulatory agencies will be keeping a close eye on the content to ensure that relevant parties meet requirements on full disclosure.  The US government is taking steps to avoid a repeat of what happened a couple years ago.

If you need to monitor the communications of broker dealers or investment advisors, then it’s now possible to monitor and archive instant messages, content posted to social networks, as well as BlackBerry SMS and PIN content.  As there are so many ways for broker dealers to communicate these days, it’s not just about email anymore.  That’s so 1990s.  Now, you’ve got Facebook, Twitter, Skype, OCS, Sametime, SMS, to name just a few.

In fact, there are around 330,000 sales folks on LinkedIn who work in the financial services sector in the US.  That’s a lot of people for regulators to monitor.  Making sure broker dealers stay in line with the Dodd-Frank regulations is becoming ever more challenging, but at least now, firms can now leverage technology options to ensure that real-time communications are your friend – and not foe.