October 19, 2009, 9:49 PM — In 2006, just as the first tweet was being Twittered, BT Global Services launched an effort to keep its customers and 112,000 employees safe in a new world of Web-based communities and other interactive sites.
BT's security initiative started early, paralleling the emergence of collaborative Web 2.0 applications such as Twitter, LinkedIn and Facebook.
"We see social networking sites as an enablement tool" to help extend BT Group PLC's reach to prospective customers while helping employees build new business relationships online, says Ray Stanton, global head of BT's business continuity, security and governance practice.
But while BT stands apart from many companies in that it lets employees visit social media sites within the constructs of its Internet usage policy, it still needed a way to protect the company and its staffers from potential security threats lurking in cyberspace. For instance, the vulnerability of mashups to data leakage "has been one of our critical concerns," says Stanton.
A user might, for example, gain access to a mashup that combines a service for finding local restaurants with information from a social networking or mapping site, says Stanton. "There is the opportunity if the information is not secured across all the boundaries [that] residual information could be left or leaked at any point in the process," he says.
A criminal could figure out where the employee lives based on the restaurant's location and the mashup of the mapping system, adds Stanton. "And yes, if you book online, then guess what, we know where you live [and] what time you're out," he says.
In addition to keeping its employees safe, BT also wanted to apply technologies that would enable it to enforce its Internet usage policies. After holding a series of technical workshops with a number of security software vendors, Stanton and his team decided to use a set of URL filtering and security technologies from Blue Coat Systems Inc. about three years ago.
The systems include Blue Coat's ProxySG appliance, which BT uses to categorize URLs as either business productivity sites, such as LinkedIn, or sites that might be deemed improper, such as the Web pages of hate groups, says Steve Schick, a spokesman for the Sunnyvale, Calif.-based vendor. Depending on a customer's usage policies, the rackable ProxySG appliance can be configured to block access to certain sites or issue a warning when an employee is in violation of the company's acceptable-use policies, Schick says.
The appliance can also be configured to enforce usage policies for single users or groups of users. For example, a company that doesn't allow most of its employees to watch YouTube at work can program the ProxySG appliance to permit access only to employees of its marketing department who might use the site while developing marketing campaigns, says Schick.