In keeping with my last post on cleaning up your Facebook account, today I want to talk to you about how you can regulate Facebook access across your enterprise networks. I heard a story last week about a soldier in Afghanistan who posted on his Facebook status page about the location of his next mission a few days before the actual event. Needless to say, the mission was cancelled and he was sent packing.
Your concerns might not be as life-and-death related, but just as important: do you think your employees are leaking company confidential information? Do you want to put limits on what they can do while inside Facebook, such as playing Farmville or other games? How about blocking or slowing down access during business hours, but then opening up afterwards?
I began doing some research for this topic for an article that I am writing for one of TechTarget’s web sites, and found a very rich landscape that is available to enterprise IT folks. Just about every network security product has some form of control over Facebook. Some offer more granularity than others. For example, McAfee’s Firewall Enterprise offers two different controls: one for the basic Facebook access, and one for all Facebook apps. That is nice. Palo Alto Networks takes it a step further, having these two plus four additional controls for chat, mail, posting updates, and any plug-ins too. That gives IT managers a lot of control over how they want their users to act. For example, you could restrict any posting until after hours, so that users could at least browse what their friends are doing, or keep the apps off the business network entirely, but still let people check their Facebook accounts.
Sonicwall and BlueCoat have products that can be used to restrict the amount of network bandwidth that Facebook is using at any given time. This doesn’t block the site entirely, just slows it down enough to be annoying, so that hopefully users will go do something else rather than wait for slow page uploads. For college campuses that need to free up their business bandwidth during the day, this is a good idea.
And then there are several data loss prevention products that can dig deeper into the Facebook data stream and determine if any information is leaving a corporate network that shouldn’t be – such as our army grunt’s status location update. Global Velocity’s product has a lot of granularity here and can be set similarly to the Palo Alto box for examining chat or apps traffic (or all Facebook data) specifically.
The trouble is that a single product doesn’t do everything, and you might be using a competitor’s firewall that makes it more difficult to set up these controls (I am thinking about you Cisco owners). But at least several vendors are moving in the right direction to enable these kinds of controls and at the level of detail that many of us need nowadays.
Pingback: The E-Policy Handbook: Designing and Implementing Effective E-Mail, Internet, and Software Policies | software blog
I might add Dave that watching for SSL is important because with DLP products it is important to make sure that popular public email and IM sites now communicate over SSL. As a result, placement of DLP products on the corporate edge is very important. Thanks Bill