Managing Employee Communications over IM, Social Networks

REVIEW: Employees can interact securely and stay in compliance with regulations thanks to the granular control of FaceTime USG 3.0 over instant messaging, Twitter, Facebook and P2P applications.

Businesses of all sizes have embraced new communication tools as they have become available. The telephone, fax, mobile phone, e-mail, instant messaging, social networking sites such as Twitter, Facebook and LinkedIn, and Web 2.0 applications like wikis, blogs and intranet portals push business forward more efficiently than a series of runners carrying papyrus.

We've got a lot of information about ourselves, our companies, our intellectual property, our competitors and our clients that's accessible 24/7. Effective and efficient communication provides a competitive advantage, but be aware that the same tools that bring those benefits also bring security risks.

For a Labs gallery of images of FaceTimeUSG 530 in action, click here.

With Web 2.0 power comes great responsibility. Employees can, and should, use every tool at their disposal to do their jobs as effectively as possible. But they will usually do so without considering the security implications.

Many companies, government agencies and schools have restricted the use of these Web tools, thereby restricting the stream of communication. Simply blocking services such as IM blocks productivity. But how can IT departments monitor so many communication streams to ensure that they are being used properly?

FaceTime has been in the IM security space for a long time. The first products I evaluated focused on monitoring and blocking corporate information that's being sent over public IM tools such as AOL, Yahoo and MSN Messenger services. The FaceTime USG (Unified Security Gateway) platform offers much more than IM protection, and it now includes the ability to monitor and control content posted to social networks and blogs, while scanning inbound Web traffic for malware and inappropriate content. In addition, USG 3.0 can be installed as an ICAP (Internet Content Adaptation Protocol) proxy to ease installation while augmenting current security measures.

After I installed the 1U (1.75-inch) box in the lab, I realized that the ports on the back of the unit should be labeled more clearly. Of the three Ethernet ports, one is unlabeled and the others are labeled "1" and "2". At some point, I had to guess which were the management, monitor and proxy ports.

I integrated with a Windows Server 2003 Active Directory and easily created security policies assigned to groups and individuals. LDAP is also an option, as is importing some basic employee information from a CSV (comma-separated values) file. There is also an "unmapped" group, which is a catch-all for clients that are discovered but not authenticated. This is a good place to create a policy covering visitors who might connect to your network.