Archive for category Malware
Belbey Blogs: New Guidance on Using Social Media at Retail Banks
Posted by belbey in Actiance, Collaboration, Compliance, eDiscovery, Electronically Stored Information (ESI), Employee Behavior, Enterprise 2.0, Enterprise IM, FFIEC, Financial Services, FINRA, Legal, Malware, Privacy, Retail banking on January 25, 2013
This week, the Federal Financial Institutions Examination Council (FFIEC) released “Social Media: Consumer Compliance Risk Management Guidance. The FFIEC is asking for comments within sixty days. You can download the 31-page document here.
Its release has created quite a stir within the banking industry. A comprehensive article appeared on TheFinancialBrand.com, “Regulatory Shocker on Social Media in Banking Coming Soon” that summarizes the guidance quite nicely.
But . . . what’s so shocking?
We’ve been having the same conversations in the securities industry for three years. And in those three years, firms have learned that there are three major areas of risk that need to be mitigated before deploying social media:
- Security: your IT department needs to prevent your firm’s proprietary and client information from being leaked out either inadvertently or maliciously from the enterprise. They also need to ramp up malware protection. That’s because social media users are susceptible to incoming threats as they view themselves as part of a tribe and tend to click on any link sent by a “friend.”
- Compliance and Governance: your legal and compliance departments already know that there are thousands of rules and regulations that govern the communications and advertising of publicly held corporations, firms in general, and bank specifically. Take the securities industry as an example – the banking regulators aren’t issuing new rules and regulations around social media. Social media is viewed as just another form of written communications. Your compliance department is therefore challenged to interpret existing rules as they apply to social media and to develop and enforce firm policies.
- Enablement: your executive team is concerned about productivity and the bottom line. Now that every employee can be the face of the business, you either have a powerful marketing tool or your worst nightmare. Employees will need to be trained on how to use social media effectively to meet the firm’s goals, such as nurturing existing clients, attracting new business, recruiting, and brand awareness.
However, during the last three years, we’ve learned that all these risks can be mitigated by strong corporate polices, backed up with technology and training.
So far, so good. Nothing new here. Or is there? In addition to what we’ve already seen from other regulators, the FFIEC specifically also calls for:
- Creation of policies to address negative feedback or customer complaints, even if a financial firm chooses not to actively engage in social media.
- Monitoring to protect the firm’s brand identity
- Due diligence and oversight for third-party vendors that firms may hire in connection with social media
And the one that I find most interesting:
- Processes and reporting to demonstrate how social media “contributes to the strategic goals of the institution.”
In other words, the FFIEC recommends that firms measure the ROI of social media.
It will be interesting to see the reaction that FFIEC gets from the industry. I just hope that the banking industry can use some of the key learnings from the securities industry to streamline the processes to reap the benefits of “getting social.”
For more details on how to deploy social media within retail banking, you can also check out Belbey Blogs: Upcoming Guidance for the Use of Social Media for Retail Banking from FFIEC.
Spam going down
Posted by nleong in Malware, Social Networking on July 30, 2012
Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.
No, I’m not talking about one of America’s most beloved (or perhaps ridiculed) canned foods, but rather, the elimination of about half of the world’s electronic spam recently, thanks to a coordinated effort from several ISPs spread across the globe. Their efforts wiped out and crippled the Grum and Lethic botnets, respectively, which together accounted for about half of the world’s spam. Let that sink in for a moment.
Everybody that has ever touched a computer has likely received some kind of spam in their email inbox. It’s annoying and never seems to go away. Just goes to show that there will always be evil lurking in cyberspace. I’m talking about folks who are solely focused on wreaking havoc, stealing passwords, launching denial of service attacks, or hacking into computer networks of some of the most secretive agencies in the world. Whether they do it for fun, cuz they’re bored, or on someone’s payroll, I do not know.
The bottom line is that all individuals and companies have to be on their guard and not underestimate the importance of having the proper security measures, settings, and policies in place to combat the evildoers out there. Nowadays, the wildfire proliferation of social media and other Web 2.0 sites has proved to be prime hunting ground for spammers (check out a blog entry we did earlier on this topic).
Passing along malware is no longer the domain of email; it’s now spread to sites like Facebook, Twitter, and Skype. One thing that’s different about these sites (vis-à-vis email) is that they require a connection, friendship, or link to be established before you can receive content. That wasn’t the case with email. For instance, if Stevie were to receive a link from his buddy, Timmay, via Skype, Steve’s probably gonna click on that link since he trusts Timmay. That link might not in fact be from Timmay, but rather, from some spammer in Estonia.
So, it’s all well and good that the amount of spam has been cut down for now. But, like Wile E. Coyote’s lifelong pursuit of the Road Runner, I’ll bet a bomb shelter’s worth of Spam that hackers will continue to think up elaborate malware schemes that will make the Grum and Lethic botnets look like starter kits.
Social Media Scammers – New Frontiers of Aggravation
Posted by cmannon in Application Filtering, Malware, Privacy, Social Networking, Web Security on March 28, 2012
Any veteran of social media has at one time or another put face-to-palm when they see another one of their contacts trying to distribute yet another scam through their profile. There is no escaping it. Whether it’s a third-party application that promises free coupons or a tweet promising a free iPad, illegitimate offers wanting your PII (Personally Identifiable Information) are everywhere. If this were 10 years ago, you would hear me complaining about e-mail or IM spam. Sure these spam attempts still happen, but that is broad attacks at best. E-mail or IM spam doesn’t even know your gender most of the time, let alone what demographic you may fall under. That’s what makes Social Media spam such a lucrative trade. Never before have people been so compelled to give away so much information about themselves. The content that we end up posting on social network sites is so descriptive of our personal lives that even corporations are asking for your content during the interview process.
It’s not difficult to tell if someone close to you has been hit by a spam attack. If their profile has been hijacked, then you can expect to see the same messages to several friends – always with a shortened URL link. Your best defense is to be weary of links that you receive, even if they are from trusted sources. You should also take a moment to explore what privacy settings you already have in place. The goal should be to make sure that your information is not accessible without your explicit knowledge.
You should look at all social network privacy settings, not just Facebook.
Spammers are able to find you and send targeted attacks, if you share all of your information with the open web. Any kind of application that you use to access a social network is acting as the middleman for your data. This usually means that you are allowing them access to your data in exchange for their ‘free’ service. What they do with that information after they provide their service is up to them.
The application above collects basic information. This means any information that you have made public.
Before you click that link, be more skeptical. Does this person really want to give me free money? Unfortunately, we don’t live in that kind of world. The more likely answer is that they are looking to sell your information to advertisers for other scam attempts. I could be wrong of course. A smartly-dressed woman could always show up in a diamond -crusted Bentley with $500 and a promise of a new monetary system that will work out in my favor.
If it's a new cash system, why is she holding the old cash?
Let’s use a recent scam example seen on Facebook. A common attack method on Facebook is to create a third-party application that immediately redirects the user away from Facebook. This could be as harmless as trying to build SEO tracking to a site or propagating something malicious to your PC. In this case, it’s just a scam to get more traffic to a site selling shoes. It starts as most of these scam attacks start: a buddy clicked something they should not have and now a third-party application on Facebook is posting messages as them. To make sure that their friends view the content, they tag them in a picture.
41 lucky people got a free picture of gold shoes!
Now they’ve got you on the hook. If you happen to click that link, you are navigated first to a Facebook Application page that only redirects to a site not belonging to Facebook.
The Facebook page immediately redirects the user to another site not controlled by Facebook.
Applications like this one are a dime a dozen. Facebook has been under heat in the past for allowing this kind of activity. This is an unavoidable side effect whenever you provide an open web platform for users to create their own applications. Facebook deletes the malicious ones, but they haven’t done an outstanding job of policing these in the past. In this case, the user is immediately taken to a blogger page that looks like this:
SCAM DUNK
There are a few tools that you can use in your browser to make sure your exchanges on social media are kept as private as possible. I recommend Ghostery for detecting any invisible trackers that exist on most web pages. These are usually advertisers trying to capitalize on your digital presence. Unless you intend to read a 30-page EULA describing what they are allowed to do with your data afterwards, just block it. Another useful tool is called LongURL. This allows you to see the link you are about to click. It will also help you avoid getting hit by that one friend that is always rickrolling people.
Cyber security strategy in the spotlight at DHS
Posted by actiancefederal in Malware, Social Networking, Web Security on December 20, 2011
Recently, the Department of Homeland Security (DHS) released its blueprint on cybersecurity. The document essentially provides a framework for managing the myriad cyber threats that are lurking out there, while still fostering an environment of innovation, prosperity, and economic growth. It’s an ambitious plan, but it’s certainly necessary.
The range of security threats runs the gamut these days. You’ve got so many different options for hackers to ply their trade that it can be quite a challenge to police all physical and virtual borders. The explosion in social media and collaboration tools has opened up a bevy of new channels for hackers to distribute viruses and other types of malware. Thus, the sophistication of criminals nowadays makes cybersecurity one of the most important issues for DHS in the 21st century.
The DHS framework has two key pillars: (1) the infrastructure protecting critical information, and (2) strengthening the cyber ecosystem in general. To achieve these twin objectives, DHS must execute on several fronts: hardening critical networks, prosecuting cybercriminals, raising public awareness, and hiring/training cybersecurity-savvy workers. As you can see, it’s a multi-faceted strategy that requires cooperation and input from several sources and individuals (including we the people).
Thankfully, the pace of technological innovation in the security space is just as brisk. Anti-malware and URL filtering technologies continue to push the envelope in terms of detection capabilities. Monitoring software now offers granular controls over social media sites. And archiving capabilities now include a slew of communications modalities, including email, instant messaging, social media, collaboration platforms, etc., making it easier to build a case should prosecution become an option.
Security dangers may lurk everywhere, but with the right systems, policies, and training in place, the DHS blueprint may well become a reality sooner rather than later.
School’s not quite out, but the results are in.
Posted by actiancefederal in Employee Behavior, Enterprise 2.0, Malware, New Internet, Social Networking, Trends, Unified Communications, Web 2.0, Web Security on September 21, 2011
You know that there’s been a seismic shift in the US Government’s communications strategy when guidelines are published by the government for agencies about how they can adopt social networks to deliver a better customer experience.
We can all applaud the good – when the magnitude 5.8 earthquake shook the East Coast in August, the Department of Homeland security was quick to tweet advice on getting in touch with loved ones via social networks, eschewing phone lines which were getting clogged.
But before we get carried away, we need to put this success in perspective.
Just last week, news was released that Air Force One’s flight plans were inadvertently leaked when a Japanese air traffic controller decided to post them on his blog to show off to his friends.
Who needs Wikileaks when you have to contend with the foibles of your own staff?
The threat of malware infection continues to loom large, as our own Jae found out to his chagrin.
There is no time to be complacent. This is why we’ve knuckled down and begun the process of testing our platform for federal government usage. We’ve kicked of with subjecting Vantage and Unified Security Gateway (USG) to the rigorous tests conducted by Science Applications International Corporation (SAIC) Labs.
It is with a mixture of post-exam relief, pleasure and pride that we can reveal that (drumroll please…) we have met the initial requirements for Common Criteria IA SL2 and The Federal Information Processing Standard (FIPS) 140-2.
The process is by no means over, but we’re certainly well on the way, but it’s another confirmation that Federal Agencies can rest assured that our solutions are robust, enterprise-ready and will do what they say on the ‘can’.
Regardless of media – it could be Jabber, Microsoft Lync or Facebook – we can monitor, track and archive content to protect against unsanctioned disclosures and security threats.
What is YOUR federal agency doing with regard to new communications modalities?
FINRA 11-39: Applause, Missing Pieces, and Users
Posted by SarahActiance in Compliance, FINRA, Malware, Social Networking, Web Security on August 25, 2011
In the week that “retweeted” was officially added to the Oxford English Dictionary, after only two years of use, FINRA beats the retweet and issues new guidelines on social media, just 18 months after 10-06 hit our doorsteps, and “So, what do you read into 11-39?” is the question on the tip of everyone’s tongue.
As expected, a few points are clarified; the latest guidance has become more prescriptive in some areas and less so in others. (Puzzled looks abound, I’m sure.) If you’d rather hear more about this, than to continue reading, please join me on a webinar Wednesday, August 31st at 10am EST and I’ll explain.
I’ll start with the missing pieces of 11-39
What’s missing is the specific reference to individual social networking sites (I bet that’s not what you were expecting). And for this, I applaud FINRA. Examples were given in 10-06 – Facebook was mentioned twice (OK, three times if you look at the endnotes), Twitter four times, and LinkedIn just the once. Interesting that, in the conversations I’ve had with wealth management firms and wire houses, it’s LinkedIn that is the network of choice.
Why my applause though? Good job, FINRA, I say, because you’ve recognized that this world moves very quickly. Three months ago, YouTube was the fastest growing social network. Then it was Google+. And now, as Google+’s new member growth falls by 30% a day to 700,000, we’re not sure anymore. That said, LinkedIn has added 20 million new profiles since its IPO in May and now boasts 120 million profiles. Equally, since January 1, 2011, we’ve tracked 938 changes across Facebook, LinkedIn, and Twitter (yes, really!).
Good job, FINRA, because you’ve recognized that loyalty in our social world is somewhat limited. And, that just because Facebook, LinkedIn, and Twitter are today’s Holy Trinity of social, it doesn’t necessarily mean that they will be tomorrow.
What else is good?
It’s also good to see clarification on business versus personal commentary – this reinforces what we’ve been saying for some time, that “the regulator is interested in the communications related to the business and when the individual is representing the business” – the advice we have been giving since January 2010, is NOT to go against the Facebook rules (for instance) and set up two profiles, but take advantage of Facebook giving you the ability to set up a profile for personal use and a page for professional use, because contrary to a lot of public opinion, you CAN do this – as a businessperson, you can set up a specific page for your business use (drop me a note if you want step-by-step instructions). The SEC itself has stated that the content of an electronic communications determines whether it should be preserved. Just like the FSA out of the UK does. It doesn’t matter about the modality.
I do believe that, as an industry, we are perhaps being somewhat short-sighted by thinking that you can absolutely separate personal from business communications in the social world. I think the lines will continue to blur (increasingly so) as we become more accustomed to social. I do believe we’ll see more guidance on this as time goes on.
What else is new?
A proposed social media site must be approved in the “form in which it will be launched.” FINRA is talking here about the launch of new social media sites. So, if you’re launching a new design, a new Twitter feed, for instance, then the graphics that you’re using, the imagery, and the actual site – the “wireframes” in design parlance – need to be part of the approvals process. Third Party Data Feeds are referenced also. FINRA reminds us that the firm is responsible for checking the proficiency of the vendor of the data and its ability to provide accurate data – and it must regularly review for red flags.
Don’t Delete!
In reaction perhaps to the number of new companies popping up purporting to provide control and manage social media, FINRA specifically calls out details on technology that automatically erases or deletes content, stating that this precludes the ability of the firm to retain the communications in compliance with their obligations under SEA Rule 17a-4, yet further into the 11-39 guidelines, FINRA details more about the deletion of inappropriate third-party content.
It’s clear that a record of communications that doesn’t contain the full record is no record at all. However, I do hold to the fact that some content simply has to be deleted. I can’t control the 750 million other Facebook users out there (heck, I can’t even control what my little brother says on Facebook), and not all of those users have the same filtering mechanism that I have when it comes to content. I’ve deleted some friends and banned others because their language would offend my Mother, who to me, is my ultimate Facebook controller. In a corporate environment, I certainly don’t want the Actiance brand associated with profanity, racism, or a host of other comments, that we automatically delete through the use of our Urban Dictionary.
But we do record the fact that they were made. We also record the fact that they were deleted. We also record what the page looks like before and after the delete. Belt and braces. It might not be on the social network anymore, but it’s in the archive.
Mobile IS mainstream, and network barriers have crumbled.
And, it’s clear to see that the growth of mobile is having an impact; 250 million of the 750 million active Facebook users use the site through a mobile device – and on mobile, they’re twice as active. It’s clear that firms are concerned about mobile, rightly so, but equally, that FINRA is being sensible about how firms operate and how they do business. And, not all of us use devices that are firm-owned to post content and collaborate on social networks. That’s the way the world is changing. It’s one of the biggest challenges of today’s CIO: the personally owned device (whatever that might be – iPhone, BlackBerry, Droid, iPad, Tablet, Netbook). FINRA reminds us that it’s the communications, not the device, that is important.
The Users, the pesky Users…
FINRA gives an even bigger call-out about training and education. Human beings, I’m convinced were put on earth to create chaos. And in a social world, we can do this very quickly and very easily. (I should at this point, before our CEO, @Kambwani, sees this, reference that this quote is mine and mine alone.) But equally, you don’t just give 20,000 financial advisors access to LinkedIn and expect that they know what to do. In a lot of instances, there is a generational gap, injecting social into the DNA of individuals doesn’t happen overnight. FINRA is dead-right by saying that training is important, that certification is important. And regular training is not just a one-off, because people forget when they’re on a social network. They forget who they’re connected to, and who might see their content.
We are, after all, as human beings, ultimately fallible. And, we have technology in every other area of our business lives to protect us (anti-spam and security in the email world), to stop us sending our bank account details to Nigeria or our intimate personal details to hackers, Web filtering in the Web world to stop us playing online poker all day, and maybe even Actiance to limit our usage of Farmville to a mere 30 minutes a day. In other words, we use technology to protect us against technology. And it goes without saying that using technology to protect us from malware infection (our very own @jaeho9kim wrote about this recently right here on this blog), from ourselves, and from malicious intent.
I think I’ve rattled on quite long enough now, so I’ll leave you with this final set of questions. Did 11-39 answer your questions? Did it raise more? What do you think it didn’t cover? Tune in next week for our webinar – and for thoughts that I’ve gathered recently, when I got together with 60 Financial Services Marketing, Compliance, and IT professionals and asked them what they thought FINRA should issue in terms of guidance.
Twitter Malware: It’s Coming After You
Posted by Jae Kim in Malware, Social Networking, Web 2.0, Web Security on August 23, 2011
 |
| I may need to wear a shirt like this in the office. |
Most readers of this blog are savvy social media users. I would include myself in that category. Well, I would have until last Sunday.
Yes, I will come out and admit it for once. I got suckered into clicking on a Twitter malware link that was forwarded to me by one of my ‘trusted’ venture friends. Now that I got that off my chest (and demonstrated that I could be just as naive as thousands of users out in the Internet), I think I can talk about this incident somewhat objectively.
It turns out that this particular malware spreads by getting a Twitter user to click on the shortened t.co URL that’s sent via private message. When an unsuspecting recipient clicks on the link, it automatically sends the same tweet to all of the recipient’s followers as a private message. Very sneaky.
It was quite an embarrassing moment when I realized what just happened (I even had to update the new Twitter app to follow the link on my iPhone). Thanks to a couple of my co-workers and good Twitter citizen @DevonAlderton, I came to my senses only after a few hours had passed. Once a few seconds of disillusionment of my malware ‘detect-o-meter’ had passed, I regained my composure to delete all of my private tweets to all my followers (thank goodness I don’t have Kim Kardashian’s follower base) and took remedial action to shore up my defenses.
Social Media and Cloud Security, are they on the new Federal CIO’s radar?
Posted by actiancefederal in Malware, Social Networking, Unified Communications, Web 2.0, Web Security on August 8, 2011
Last week, it was announced that Steven VanRoekel would be replacing Vivek Kundra as the CIO at the Office of Management and Budget (OMB). It’s a high-profile position that essentially puts VanRoekel in charge of the federal government’s IT budget – currently about $80 billion a year. A tidy sum of money.
So, as VanRoekel assumes his new role, all eyes will be focused on how he handles the projects he’s inheriting from Kundra as well as new initiatives. Of the former, issues such as data center consolidation and the “cloud” are top-of-mind. Recently, much of the buzz, both in the government and in the private sector, has revolved around Web 2.0 and social media. However, they’re just two components of an overall security strategy.
VanRoekel must also take into consideration other types of application that factor into a comprehensive cybersecurity strategy. These days, hackers are pretty sophisticated and are quite adept at exploiting encrypted traffic to pass along viruses or other types of malware. For instance, unified communications (UC) platforms, such as Jabber, Microsoft OCS and Lync, and IBM Sametime, all enable federation, which is the ability to communicate with others who are not members of your UC community. The danger here is federating with outside networks that may present unknown risks, like viruses, hackers, enemies mining for confidential information, etc.
The same analogy holds for the “cloud” initiative. Cloud computing is all the rage, but there’s no shortage of companies and government agencies that are incredibly leery of turning over key computing processes and applications to the cloud. Security is almost always the first issue mentioned when talking to skeptics of the cloud. Multi-tenancy (i.e., sharing physical appliances that have been logically partitioned), data storage off-premises, and the relatively short history of this computing paradigm send shivers down the spines of the most experienced IT practitioners.
With the Internet being a global resource, the potential scope of security breaches is immense. Sophisticated hackers might reside in the US, China, Russia, Iraq, North Korea; you just never know. It is under this backdrop that VanRoekel will have to drawn upon his experience in the private and public sectors to devise a strategy addressing all of these security concerns. A daunting challenge for sure, but absolutely attainable, given today’s technology.
Wouldn’t you agree?
Keep It Simple, Stupid
Posted by nleong in Application Filtering, Compliance, Employee Behavior, Enterprise 2.0, Enterprise IM, Malware, Unified Communications on February 24, 2011
We’ve all heard this saying before and it’s easy to get lost in the bewildering array of communications channels available to us. There’s the usual email, instant messaging networks (Yahoo!, Google Talk), peer-to-peer networks (Skype), enterprise IM applications (IBM Sametime, Microsoft Lync/OCS), and social networks (Facebook, Twitter). And these are just the big boys. There are literally thousands of IM, P2P, and social networks, in addition to those listed above.
To give you an idea of the bevy of tools out there, the US Department of Agriculture (USDA) uses over 21 different email systems, but they’ve recently decided to award Microsoft a contract to provide cloud-based email, Web conferencing, IM, and collaboration solutions. Similarly, the US General Services Administration (GSA) awarded an email contract to Google. What this goes to show is that messaging in large organizations (in this case, it’s the government) is starting to move to the cloud as companies look for ways to streamline their messaging systems, improve efficiency, and cut costs.
What with all these communications options available to end users, it’s all too common for folks to use Facebook, Yahoo!, or Skype while they’re at work on company-issued computers. Oftentimes, individuals use a combination of Web 2.0 (think Facebook or Skype) and enterprise (think Microsoft Communicator or Cisco Jabber) applications. The problem with doing so is that it opens up new vectors for malware to invade the corporate network. In other words, there are far more avenues for evil to infiltrate the corporate network these days than ever before.
Thankfully, platforms like Actiance Vantage make it easier to manage the proliferation of communications tools within the enterprise. From blocking virus attacks to managing file transfers to logging and archiving of all IM activities, Vantages provides end-to-end security and compliance coverage for an organization’s unified communications.
We can all learn a lesson from the government contracts cited above. Long ridiculed for being the poster child of bureaucracy and antiquated computer systems, it must be saying something to have two large agencies moving their communications applications to the cloud. Looks like the US government has taken heed of that old KISS principle after all.
If Paul the Octopus Can Do It…
Posted by nleong in Compliance, Electronically Stored Information (ESI), FINRA, Malware, New Internet, Social Networking, Trends, Web 2.0, Web Security on December 30, 2010
For you football (soccer as they say here in the US) fans, you’ve got to love the uncanny talent and skill (and maybe luck, too) of Paul the Octopus. He’s the eight-legged oracle who correctly picked all the World Cup 2010 matches, including the final one resulting in Spain being crowned el campeon at the quadrennial event.
I’m not Paul (nor an octopus for that matter, although my colleagues do call me interesting names from time to time), but I’ll take a stab at offering my predictions on what may unfold in 2011 on the technology side of the pitch. 2010 was pretty exciting (think iPad, Facebook, Foursquare – and the boss wants me to mention that England retaining the Ashes was pretty big, too), but 2011 portends to be at least as innovative and disruptive.
Mordor Won’t Go Away
The Lord of the Rings trilogy pitted good versus evil. This couldn’t be more apropos for technology as well. There are those who are good, and those who are bad. The latter are folks who are ever persistent in their attempts to hack computer networks in search of credit card numbers, passwords, personally identifiable information, or avenues to unleash the new virus they just created. It’s a continual game of cat-and-mouse that never seems to die. It’s like Jason of Friday the 13th fame meets Groundhog Day. Different dung, same day.
Look for these cybercriminals to continue to exploit vulnerabilities in social networks to deliver their malware. The popularity and trusted nature of users’ relationships with each other on sites like Facebook, LinkedIn, and Twitter are perfect platforms for evildoers to ply their trade. Unified communications platforms like Microsoft Lync, OCS and Lotus Sametime are also ripe targets for new forms of malware, especially since many of these platforms support federation, which opens up corporate messaging systems to the outside world through IM applications (e.g., Yahoo IM and Google Talk). Because many of these communications channels operate in real-time, the spreading of malware can happen very quickly and very globally.
Oh, behaaaaave…
You didn’t think the regulatory bodies were just gonna sit around and let their respective industries run amok with respect to social media, did you? Mwha ha ha (that’s the evil laugh I’ve been practicing). The coming year (I’m furiously rubbing the crystal ball here and looking wise) will see the introduction of more regulations specific to social media and these new communications channels. It’s not just about email any more. There’s Skype, Twitter, Facebook, Google Talk, corporate IM networks, and the list goes on and on.
The financial services industry was the first to issue social media-specific guidelines, and the FDA began to hold hearings way back in 2009 to solicit opinions and advice on what to do for social media. The energy and utilities sector has FERC and NERC regulations that can be interpreted, if not explicitly, to encompass social media. Even the government, the poster child for rigidity and glacial-paced operations (oh boy, I really am going all out to get myself some form of government monitoring on this blog, aren’t I?), is starting to step up to the plate, as evidenced by the State of Florida and the US Department of Defense each releasing guidelines on social media usage and record retention. So, the trend is impacting all levels of government – local, state, and federal.
Smartphones: My New BFF
Look around everywhere, and people are texting away, playing games on the subway, or listening to some tunes on the beach – all with their smartphones. It seems everyone has an iPhone or a Droid these days, and who can blame them. These little gizmos are so loaded with features and intelligence that it’s hard to put them down, hence, BFF. It’s like having MacGyver in the palm of your hand.
From shopping to “checking in” to online dating, mobile phones have come a long way since the days of the “brick” phones. The globalization of the Internet and the rate of mobile adoption in every part of the world reflect the ongoing opportunities within this technology space. With so many business applications moving to the “cloud”, this opens up new potential markets for vendors looking to secure or manage communications via smartphones.
Partly Cloudy Forecast
We’ve already begun to see many businesses offer a hosted version of their software. Though the “cloud” concept has been around for awhile, 2011 may see a surge in customers opting for hosted solutions. With the widespread use of real-time collaboration tools, like Microsoft Lync and Cisco Webex, it’s very easy these days to hold meetings over the Web without needing to travel to a customer or partner site. This also makes it easier to accommodate remote workers, too, who may not want to travel to or live near corporate headquarters.
Especially in times where IT budgets are strapped and qualified IT professionals are difficult to recruit and retain, the cloud computing model has a compelling value proposition. When taking into consideration ROI and security enhancements, the model has more in its favor than at any time in its past. Such a confluence of factors bodes well for 2011.
Well, I’m not sure if I’ll do as well as Paul the Octopus, but, like all the World Cup participants, it’s all about soaking up the atmosphere and enjoying the ride. What are your predictions for 2011?
