Enterprises Share More Real-World Examples of Safe Enablement

Last week's annual RSA Security Conference in San Francisco was an exciting week. There was tremendous buzz and a sense of optimism that permeated the show floor. For us, that sense of optimism was perhaps best expressed through some very poignant examples shared by customers of how their enterprises are successfully implementing strategies to safely and securely enable applications throughout their networks. We heard these stories at our booth, in the hallways and at various networking events throughout the week. We also heard these stories via a customer panel, which I had the honor of moderating. I would like to share some of the highlights from panelists Paul Carugati (Motorola Solutions), Sam Ghelfi (Raymond James Financial), Justin Kwong (24 Hour Fitness), and Mike Wade (Summa Health Systems), in their own words:

On business agility & growth

"We've been trying to move away from the 'stop the beast' mentality and more into the role of risk managers. The new generation of workers coming into various industries across the board are certainly reliant more on social media for day-to-day operations, so the question is how can we enable the business to become more agile, more streamlined and to positively affect the bottom line – because at the end of the day, that's what the business is concerned about." – Paul Carugati

"In a hospital, we're currently allowing our marketing departments and corporate communication departments to use social media and grow the business." – Mike Wade

On satisfying compliance concerns

"We have to manage what people are doing on these sites. We use a technology platform that can control that. Can you post? Can you just read the social media sites? In a heavily regulated industry like ours, our broker dealers have a requirement to oversee [their] financial advisors [activities], so for us we can't just have financial advisors posting [to sites]... we have to have tools that allow us [some control]." – Sam Ghelfi

"It's not the things that people do on purpose that we are really trying to protect against. It's the things they do by accident and those are the ones that can cause the biggest law suits." – Mike Wade

On safe application enablement

"With the new generation of workforce they're using social media regardless of whether or not you know it, or if you like it or not, so you need to be able to adopt the strategy to safely enable that for the business." – Mike Wade

"My CEO said 'we want to be more connected to our customers.' So we had to look at how we enable that to happen. Social media allows us to be more connected to our members. We want them to give us feedback. We want them to engage. We want our clubs to be engaged. We want our club managers to engage. [Then] from my perspective how do we enable that [both for] security compliance and business benefits." – Justin Kwong

"If you're not part of the solution you're part of the problem and it goes back to us: Instead of inhibiting a business you're trying to enable the business." – Mike Wade

On applications visibility

"A critical item is visibility within the environment. We can't begin to implement or define a strategy for something that we don't understand, so getting complete visibility into the environment and how social media is being used within the business is critical." – Mike Wade

"We actually meet on a monthly basis and review the visibility aspects of our applications, and not just the applications themselves, but the categories – whether social media or otherwise. Understanding what the most heavily used apps are and then taking the different information, drilling down and getting to know how and why those applications are being used and why it's important for business for those applications to be used." – Paul Carugati

On end user awareness

"For the past 12 months we have initiated an awareness campaign around security specifically to try to educate the end user around protecting propriety information and protecting sensitive information to further drive the mantra: Don't be stupid. Some of the areas that we drive awareness and education is ensuring that our entire user base – both employees and contractors – understand the importance of protecting information. And we have done this from the top down: We had our CIO record a five-minute video session on how to be smart in protecting information." – Paul Carugati

On zero tolerance applications

"We have absolutely zero tolerance for file sharing applications over the Internet due to our business model. There is no way to secure data sharing once the data is out of our control, so we have to be able to share data through applications that we control, not outside, so to us file-sharing apps are a completely inappropriate tool. And today we look for those, we try to identify those applications and block them as applications instead of trying to rely on reputation engines." – Sam Ghelfi

"File sharing applications and peer to peer type of applications are actually blocked 100 percent outright now. One of the few applications that does really scare me, and really drives home the idea that understanding the context of Web 2.0 applications and how they are used is something like Salesforce.com. That's something that we absolutely cannot block and would never be able to block because our businesses absolutely rely on them but at the same time I have serious concern as to how it's implemented and how it's being used from an information sharing perspective." – Paul Carugati