Meet the Bloggers Twitter BTSecureThinking YouTube Channel Blogroll About BT Looking for more?
BTSecureThinking Resources center

SecureThinking > Tags

Posts tagged - BlueCoat

Monday, November 16, 2009

Integrating Web 2.0 Tools Securely into the Business Environment

Pete Russo, Senior Marketing Manager, BT Global Services

How would you solve this problem?  As a network security expert, you understand that your company’s employees need to access Web 2.0 tools to build new business relationships, collaborate with partners and reach prospective customers.  But how do you ensure not only their online safety but the company’s overall network security?

Ray Stanton, Global Head of BT’s Business Continuity, Security, and Governance Practice, discusses BT’s approach in a recent Computerworld article (Computerworld, “BT’s Web 2.0 security strategy,” October 19, 2009).

BT was an early adopter of Web 2.0 tools and has a strong social media presence including:

Mr. Stanton identified data leakage as his number one concern when employees are allowed to access social media tools at work.  Data Leakage not only exposes the company to security risks, such as the inadvertent sharing of proprietary information, but it also can lead to an employee becoming a victim of personal crime.  In addition, companies should be mindful of these other top Web 2.0 threats:

  • Cross Site Request Forgery
  • Cross Site Scripting
  • Information Integrity Violations

BT uses a combination of policy and technology to ensure that employees and the company are secure online.  By setting acceptable use policies and conducting regular awareness training, users are knowledgeable about their responsibilities and the vulnerabilities their actions could introduce into the network.  Acceptable use policies are reinforced by software, hardware and managed solutions which, in addition to providing physical barriers to access, enable flexible access policies.  For example, BT works with BlueCoat, using their Proxy SG Appliance to categorize URLs of web pages.  Web sites can be identified by their purpose – e.g., “business productivity sites,” such as LinkedIn – or segmented by who needs to access a type of site – such as permitting the marketing department to have access to YouTube, but not the rest of the company.

While no single solution will provide absolute protection for the employee, the company or the network, taking a multi-pronged approach sets up checks and balances throughout the business environment.  Let us know what you think of this strategy in the comments or by sending us a tweet @SecureThinking.


Posted at 2:07 PM in SecureStrategies | No Comments »
Tags: , , , , , , , , ,

Bookmark and Share