Slashdot Mirror
Businesses Struggle To Control Social Networking
Lucas123 writes "Businesses in highly regulated industries are trying to strike a balance between workers who use social networking sites such as Twitter, Facebook, and LinkedIn to communicate, and trying to satisfy federal requirements to monitor, capture, and audit all forms of electronic communications. As with instant messaging a decade ago, corporations are first blocking all access to the applications, and then considering what tools may be available to control them in the future. A cottage industry is being built around software that can not only control access to social networking websites but also ensure conversations over those websites can be stored for electronic discovery purposes."
From TFA:
Seriously. What idiot wants his financial transactions posted on FaceBook?
Websense can suck it.
I want to delete my account but Slashdot doesn't allow it.
Slashdot has saved the place I worked more time than I've wasted reading it. I've learned how to do stuff that I would never find reading Tech Manuals and taking classes.
Practical application of practical experience is way better than theoretical classes on optimal situations.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
The DoD has been struggling with this same issues as well, they recently issued guidance that opened up social media on their networks.
http://socialmedia.defense.gov/index.php/2010/02/26/dod-official-policy-on-newsocial-media/
My employees have two rules to follow: 1. Get the job done. 2. Don't embarrass the company.
Seems reasonable, but Number 2 may be harder than you think.
Disclaimer: This management method looks like it would be a bitch to scale.
Good point; it may be worth considering that if your company is so big that treating people like human beings doesn't scale, it's time to break up into smaller, more manageable units.
I read somewhere that 3M Corp actually does that, breaking off independent business units for each product line. As soon as a particular unit gets to be above 300 people, they figure, they can safely be split in two. If one of the two parts can't survive on its own, they let it die, as it was probably a drain on the bottom line anyway.
The CB App. What's your 20?
Actually, I am, since we're a law practice.
But another one of the things I do "different" is that I hire people based on brains, not skills or experience. Not that the latter two aren't important, but that having brains will get you skills and experience, but skills and experience don't get you brains.
I also pay more than everybody else. The point: Compliance is easy. Trust is hard. Guess which one I've decided to concentrate my energies and money on?
Linux, you magnificent bastard, I read the fucking manual!
Amen.
The only thing we need to do to get a proper perspective on this problem to change the headline slightly:
Businesses Struggle to Control Their Staff
Suddenly, it becomes crystal clear that this is an administrative issue more than it is a technical one. Yes, compliance with federal regulation is a daunting task. It's not even reasonable to attempt it without active buy-in participation of the employees. I don't want to go all Princess Leia on you, but there's a point to be made about tightening one's grasp too far.
Consent and a collective sense of responsibility are far more powerful tools when dealing with issues like confidentiality and corporate ethics.
Crumb's Corollary: Never bring a knife to a bun fight.
Things I've learned about on Slashdot, while waiting for old style shit to get done ....
I learned of RIS (WDS) on /. and was getting ready to deploy it when I heard about DriverPacks on /. and then about using MSI based silent installers, and combined them all to now set up a workstation from scratch.
Before I read about such things on Slashdot, I used to run around and use Windows XP CD to install XP by hand, manually typing in Product keys and what not. Four to six hours of babysitting installs. Per computer.
Now, I can RE IMAGE a machine using RIS (WDS) with about 5 mins of tech time. It provides a consistent installation base for all users.
Map "My Documents" to Network Share and now you have a system where I don't care what is wrong with it, I just re-image it. Virus? Don't care. Hardware failure? I don't care. Crappified computer? I don't care.
I don't have to spend hours trying to fix something. Now it takes five to ten minutes of my time, and less than two hours total time to have a fully patched (slipstream patches to the RIS image) and ready system.
So, compared to the former ways of doing things, I now have the time to work on more interesting projects. We can get more done with less people, provide better service and support, and respond quicker to problems and resolve them more quickly.
THAT is just one example of a "how to" found within the comments of /. Oh, BTW, this solution cannot be found anywhere in any training for any certification that I've ever seen.
Solving a real problem with real innovative solutions that requires experience and a bit of creativity.
So yeah, /. has saved thousands of man hours.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
See Dunbar's number. This is a concept covered, as my Anonymous sibling is correct to believe, in The Tipping Point by Malcolm Gladwell.
Mother, do you think they'll like this sig?
Meh, when done right, it just looks like a long ssl and/or vpn tunnel session.
You really cannot do much to filter/firewall this sort of bypass for the technical user. Unless you allow whitelist-only access to https/ssl sites and/or force corporate-only machine access with corporate-installed SSL CAs that decrypt SSL traffic and re-encrypted (putting the corporate proxy as a man-in-the-middle) you have no way to stop this.
The real trick is blocking all "leaking" dns and apps. Socks leaks badly, as does flash, java and many other plugins. Just firewalling all outbound traffic except your tunnel works, but will require a dedicated machine.
http to a remote proxy over openvpn (ssl) is a bit more efficient than socks over ssh and clearly better than socks over ssh over ssl.