[David Strom's Web Informant] 29 July 2010: How to control corporate Facebook access

[David Strom]

Web Informant 29 July 2010: How to control corporate Facebook access

In keeping with my last post on cleaning up your Facebook account,
today I want to talk to you about how you can regulate Facebook access
across your enterprise networks. I heard a story last week about a
soldier in Afghanistan who posted on his Facebook status page about
the location of his next mission a few days before the actual event.
Needless to say, the mission was cancelled and he was sent packing.

Your concerns might not be as life-and-death related, but just as
important: do you think your employees are leaking company
confidential information? Do you want to put limits on what they can
do while inside Facebook, such as playing Farmville or other games?
How about blocking or slowing down access during business hours, but
then opening up afterwards?

I began doing some research for this topic for an article that I am
writing for one of TechTarget's web sites, and found a very rich
landscape that is available to enterprise IT folks. Just about every
network security product has some form of control over Facebook. Some
offer more granularity than others. For example, McAfee's Firewall
Enterprise offers two different controls: one for the basic Facebook
access, and one for all Facebook apps. That is nice. Palo Alto
Networks takes it a step further, having these two plus four
additional controls for chat, mail, posting updates, and any plug-ins
too. That gives IT managers a lot of control over how they want their
users to act. For example, you could restrict any posting until after
hours, so that users could at least browse what their friends are
doing, or keep the apps off the business network entirely, but still
let people check their Facebook accounts.

Sonicwall and BlueCoat have products that can be used to restrict the
amount of network bandwidth that Facebook is using at any given time.
This doesn't block the site entirely, just slows it down enough to be
annoying, so that hopefully users will go do something else rather
than wait for slow page uploads. For college campuses that need to
free up their business bandwidth during the day, this is a good idea.

And then there are several data loss prevention products that can dig
deeper into the Facebook data stream and determine if any information
is leaving a corporate network that shouldn't be – such as our army
grunt's status location update. Global Velocity's product has a lot of
granularity here and can be set similarly to the Palo Alto box for
examining chat or apps traffic (or all Facebook data) specifically.

The trouble is that a single product doesn't do everything, and you
might be using a competitor's firewall that makes it more difficult to
set up these controls (I am thinking about you Cisco owners). But at
least several vendors are moving in the right direction to enable
these kinds of controls and at the level of detail that many of us
need nowadays.

Retweet this: http://bit.ly/ahvl7N