Category Archives: Unified Communications

The House is on fire. We don’t need no water, just some Skype.

By actiance,   September 15, 2011

Wow, for you naysayers out there that think the government is slow, archaic, and behind-the-times, you may have to reconsider your position.  The House of Representatives has OK’d the use of Skype and ooVoo within its hallowed halls.  Up to now, security concerns had impeded adoption of these popular Internet phone and video conferencing tools, respectively, but now that those concerns have been addressed, the House is ready to move forward on its plan to improve communications and transparency with its constituents.

In these tough economic times where government budgets are strapped, leveraging technology solutions that tout cost efficiencies are gaining traction.  Moreover, technological enhancements and plentiful bandwidth are driving the government to look at other real-time alternatives.  Applications like Skype and ooVoo allow for virtual town hall meetings, facilitate responding to constituent inquiries, and obviate the need for travel in many instances.  The net effect is a fluid, cost-effective communications channel between representatives and their constituents.

Now, the House had every right to take its time in blessing the use of Skype and ooVoo.  Security concerns are justified, given the abundance of horror stories involving security breaches in government and other industries as well.  The problem with social media and other Web 2.0 applications is that their ubiquity opens whole new vectors for malware and other types of evil to infiltrate the corporate or government network.  The proliferation of content on these types of sites is mind-boggling – photos, videos, wikis, blogs, tweets, and the list goes on and on.  But, each one of these types of content can be a springboard for malware.

Given the viral nature of social media and the breadth of the social graph, it doesn’t take much for a virus to spread.  A simple, innocent click on a link to your friend’s supposed Morocco vacation pictures may not yield camel pictures, but rather, expletives flowing out of your mouth when you see the Blue Screen of Death.

That’s why you see so many security software and hardware vendors in the marketplace.  They’re there for a reason.  Not the sexiest technology, but definitely critical to your sanity and to the long-run viability of your company, or in the case of this blog entry, the House of Representatives.  Having security systems and policies in place to control the glut of Web 2.0-type applications out there (Skype and ooVoo are just two of the thousands) is downright essential.

Without granular controls of social media, instant messaging, video conferencing, and the like, safely managing that fluid communications channel between government and the constituents becomes that much more difficult.  Throw into the mix potential national security implications and one can see why security breaches aren’t taken lightly in government circles.

So, bravo to the House for giving the green light to Skype and ooVoo.  Now, I can Skype my congresswoman to fix that pothole in front of my driveway.

Social Media and Cloud Security, are they on the new Federal CIO’s radar?

By actiance,   August 8, 2011

Last week, it was announced that Steven VanRoekel would be replacing Vivek Kundra as the CIO at the Office of Management and Budget (OMB).  It’s a high-profile position that essentially puts VanRoekel in charge of the federal government’s IT budget – currently about $80 billion a year.  A tidy sum of money.

So, as VanRoekel assumes his new role, all eyes will be focused on how he handles the projects he’s inheriting from Kundra as well as new initiatives.  Of the former, issues such as data center consolidation and the “cloud” are top-of-mind.  Recently, much of the buzz, both in the government and in the private sector, has revolved around Web 2.0 and social media.  However, they’re just two components of an overall security strategy.

VanRoekel must also take into consideration other types of application that factor into a comprehensive cybersecurity strategy.  These days, hackers are pretty sophisticated and are quite adept at exploiting encrypted traffic to pass along viruses or other types of malware.  For instance, unified communications (UC) platforms, such as Jabber, Microsoft OCS and Lync, and IBM Sametime, all enable federation, which is the ability to communicate with others who are not members of your UC community.  The danger here is federating with outside networks that may present unknown risks, like viruses, hackers, enemies mining for confidential information, etc.

The same analogy holds for the “cloud” initiative.  Cloud computing is all the rage, but there’s no shortage of companies and government agencies that are incredibly leery of turning over key computing processes and applications to the cloud.  Security is almost always the first issue mentioned when talking to skeptics of the cloud.  Multi-tenancy (i.e., sharing physical appliances that have been logically partitioned), data storage off-premises, and the relatively short history of this computing paradigm send shivers down the spines of the most experienced IT practitioners.

With the Internet being a global resource, the potential scope of security breaches is immense.  Sophisticated hackers might reside in the US, China, Russia, Iraq, North Korea; you just never know.  It is under this backdrop that VanRoekel will have to drawn upon his experience in the private and public sectors to devise a strategy addressing all of these security concerns.  A daunting challenge for sure, but absolutely attainable, given today’s technology.

Wouldn’t you agree?

Defaulting to the closed door. Day Zero protection in a Facebook – Skype world.

By Sarah Carter,   July 9, 2011

Social media is often typecast as a dynamic technology segment where, in the blink of an eye, you can miss the latest viral video on YouTube or the latest casualty of an erstwhile social media darling (RIP, MySpace).  Thus, it’s no small feat to keep up with the continuous feature, product, and service enhancements emanating from the labs of Facebook, Twitter, and their brethren.

This week’s announcement of the Facebook-Skype integration sent shockwaves at typical lightning speed.  And for  those organizations who have embraced not just Facebook but also Skype and other forms of real-time communications now seek to understand what this integration means to their security and communications infrastructure, we have some words of comfort.

Many times, compliance,  legal, and IT security departments need some time to digest the implications of these new features on their business.  So being able to block new features by default is a necessary requirement for enterprise organizations.   Hark back to the early days of the firewall, when it was incredibly important to ensure that the default setting, when you implemented a new system, was to block and then open access.

That’s where we are with social media now.  With more than 530 changes to the major social networks (Facebook, LinkedIn, Twitter)  in 2011 alone, security issues rear their heads with every new feature, especially when we look at the world of P2P communications.  Long heralded as the darling of intrusion detection, Skype’s encrypted nature and ability to tunnel through any open port on a firewall makes it a unique and beloved communications tool.  But at the same time, it’s also a risk for some organizations that cannot – and – will not allow encrypted traffic on their network (unless they know the key).  And when I look at the requirement from the new Facebook Video Calling application to install an .exe file in order to use the plugin, I head back to my roots in the UK IT Security space and think that’s not necessarily something we as security professionals want our end users doing.

Here at Actiance, we were able to provide DAY ZERO protection to our customers – blocking access to the new Facebook Video and Calling capabilities.  As a default, we block new features to ensure that our customers can then decide their policies.  And, with a decade of experience dealing with real-time changes to networks and communications platforms, it comes as second nature to our team to provide these capabilities.

That said, did I install Facebook Video Calling?  Of course.   Am I using it?  Of course.  Do I like it?  I have to say, “Wow, yes.”  Being that Skype and Facebook have been, since I moved to the USA just over a year ago, my primary forms of personal communications with the folks back home, having these two communications modalities in a single login is sweet.  Oh yes, I like it.  I like it lots.

Are you socially mobile or stuck in a time lapse?

By Sarah Carter,   May 3, 2011

Most social media interaction relies on a fairly immediate response. A tweet has a half life of 3 hours for instance. Whether it’s responding to a customer query, discussing the latest piece of industry news with a partner or just a bit of friendly banter with colleagues, joining in the conversation an hour later can be an opportunity missed. It’s one of the reasons so many of us take our mobile or cell phone wherever we go. I might only be the other side of the office, but I can still respond instantly to something pertinent, without having to walk back to my desk.

Mobility has become an important part of our lives, but it has also added a complexity to the IT aspect of controlling data. A couple of years ago most enterprises standardised on PCs, laptops and mobiles. Today, users want to be able to choose not just the device that helps them do their job the best, but also the one they feel most comfortable using. Some prefer proper keyboards on their mobile, others like electronic; iPads are really popular with sales guys doing a lot of presentations, hated by others for their lack of true multi-tasking. Users even consider the personal aspects of their devices – can they continue reading the latest thriller on the commute to work, video conference with their family when away from home.

The end result for the poor IT guy is that he has to control and record information coming in and going out of the network through a myriad of devices. It’s one of the reasons we developed our technology to focus on the data stream to the social media application, not the method of communication. We already provide full support for recording conversations on Facebook and LinkedIn regardless of device and will be extending this to include Twitter in May.

However, providing support via a direct connection to the API of the social network is only half the story. It won’t surprise you to learn that social media sites are constantly updating their offering, but it may surprise you to know how many changes are made on a weekly basis that directly affect how third party systems such as those provided by Actiance function. The top three sites Facebook, LinkedIn and Twitter average around twenty changes a week, though for a couple of weeks in March they nearly topped forty. Some are minor changes or tweaks, others have a significant impact in the way data is handled.

Fortunately, our close relationship with the major social networking sites means that we are frequently aware of changes ahead of time and can easily make any necessary changes to our own technology in response. In addition, the constant moving of goal posts is nothing new to Actiance. Our heritage in dealing with the instant messaging networks from way back when in the early 2000’s where the introduction of new networks and protocol changes were profuse has enabled us to develop processes that enable our research and technical team to react swiftly.

As the workforce becomes more mobile, the problem of different devices isn’t going to go away. The mobile phone was once touted as being the de-facto communications tool, but the impact of tablets has shown that this might not be the case. I can’t predict what I’ll be using in the future to communicate with customers, partners and colleagues, but I do know that a point solution for devices or specific applications to enable it isn’t the long term answer. A scalable platform that enables the secure, compliant use not just of social media, but UC and Web 2.0 is.

#EPS? #EBITDA? #Cash on hand? #Twitter?

By nleong,   March 31, 2011

Just five years ago, stringing the words in this blog title would’ve been complete nonsense.  Fast forward to 2011, and they now make perfect sense.  Hopping on the social media bandwagon, investors are now turning to new communications channels like Facebook, Twitter, and blogs to get the latest tips on hot stocks, rumored IPOs, and corporate scandals.

A March 2011 study by CMC Markets, Share Trader Insights Survey, hammers home the point:  social media is being increasingly used by investors to gather trading information, especially among those of us under the age of 45.  The study found that the under-45 demographic had the highest percentage of individuals using social sites like Facebook and Twitter to enhance their investment knowledge.  The 25-34 segment was particularly notable, too.  A whopping 59% of those under the age of 35 use Twitter to acquire trading information.  Interestingly, investors over the age of 45 were more likely to use their iPhone to gather trading information.

In terms of which social media sites were deemed to be most useful, trading websites took the top spot with 57% of investors using this form.  Beyond trading websites though, there was no clear social media site that investors preferred.  Blogs, webinars, Facebook, Twitter, iPhone apps, and even YouTube were all cited by investors as being sources of trading information.

I won’t bore you with any more gory statistics, but the inside scoop is that social media seriously is a viable source of information for investors.  However (deep breath), care must be taken to analyze all this mountain of data objectively (you don’t say…).  It’s easy to post information on any of these sites and even easier for it to spread virally.  Just think what could happen if someone started a false rumor on a company with the aim of sending the stock price soaring.  If written persuasively enough and if that rumor appears on several social media sites, the rumor begins to take on a life of its own.  The phrase “buyer beware” becomes that much more important, with due diligence, background checking, and due care assuming more prominent roles.

Along these lines, companies themselves have to be careful of what’s being posted about them in these social media fora.  That’s why we’re starting to see organizations turn to technology to help them address this flood of social media content.  Protection of the corporate brand and confidential information is top-of-mind for many firms.  Add to that the constant threat of malware and viruses piggybacking on tweets and Facebook posts, and it’s easy to see why solutions have begun to sprout up to manage this social media content and ensure that it’s safely used within the organization.

Actiance Unified Security Gateway (USG) is the only secure Web gateway focused on these Web 2.0 and social media applications, on top of the usual security protections (anti-virus, anti-malware, and URL filtering).  From allowing and blocking access to over 4,700 Web 2.0 applications to granular content and access controls for Facebook, LinkedIn, and Twitter, USG is the platform for making sure that social media doesn’t commandeer your corporate network and throttle your reputation.

It’s the enabler that lets you use social media productively and safely.  Just don’t count on it to tell you whether to buy or sell the 1,500 shares of MSFT you’re sitting on.

And the award goes to…..

By Sarah Carter,   March 30, 2011

In the last couple of weeks we’ve been informed that our products have been shortlisted for not just one, not two, not three, but four leading industry awards (yes really!) – two of them related to Financial Services and two awards covering everyone’s darling, Social Media. This got me thinking about how modern communication tools such as UC, Social Media and Web 2.0 have completely infiltrated our working lives and the breadth and depth of platform required to enable their secure use.

In an average day I use nearly a dozen different mediums to communicate with colleagues, partners and customers including Microsoft OCS, IBM Lotus Sametime, Skype, Twitter, LinkedIn, Facebook, Quora, Blackberry Messenger and Cisco Webex. I use my iPhone, my Blackberry, my iPad, my laptop.  In the past month, I’ve connected and communicated at 37,000 feet, on a cruise ship off the coast of Cuba, Costa Rica and (shame on me), even in the office. Face it, if there’s a way of connecting with the internet…I guess I’ll find it.  Equally, if I worked directly in a Financial Services organization – like many of our customers – then I would probably also be adding something like Thomson Reuters Messenger or Bloomberg to the list.

You might be wondering how on earth do I find the time to work – but that’s the point, virtually everything I do on these networks helps me to do my job. But it’s also interesting that what I use has changed too. Twelve months ago I wasn’t using Facebook for chat much and I didn’t have an account on Quora, I’d certainly not Skyped at 37,000 feet, nor had I SMS’d while traversing the Panama Canal.

The other weekend I co-hosted a conference workshop for compliance officers in Utilities organizations on how to develop a social media policy. After protracted discussions about how the organizations attending use social media and considering some of the pitfalls – including my question du jour “how do you comply with retention of records on your twitter account?” that always gets the room buzzing – the group split up into teams to draft a social media policy that would work for them.

It’s almost a guarantee that somewhere in the policy specific networks, normally Facebook, will be mentioned. But in just the same way you can’t spare the time to rewrite your policy every time a new social network becomes popular, neither can you afford to update your IT controls either. Not to mention the fact that there are thousands of social networks available that may not be popular, but still have a considerable amount of users that might just be your employees.  So looking at the bigger picture isn’t just important, it’s imperative.

Being able to secure, manage and meet compliance duties requires a platform that offers breadth and flexibility in adapting to the changing world we work in. I can’t claim to know what tomorrow’s hot favorite communications tool may be, but I work with a team of people who do know how to spot them and who also know how to manage them .  Our Actiance Security Labs live and breathe social networks and Web 2.0 applications  and track, monitor and provide management capabilities on a daily, if not hourly basis.

I’m probably not going to meet fellow brit Colin Firth (rats) over the next three weeks and my acceptance speech, should we win (again), certainly won’t be as polished as his, but I will be attending the Oscar equivalent in the IT security world, SC Magazine’s award ceremony. If you’re there, come over and say hi – I promise not to try out my question du jour.

Financial Sector Technology – Most innovative Solution of the Year – Socialite

SC Awards – Information Security Product of the Year – USG

SC Awards – Best security Solution in Financial Services – Vantage

Network Computing – New Product of the Year – Socialite

Keep It Simple, Stupid

By nleong,   February 24, 2011

We’ve all heard this saying before and it’s easy to get lost in the bewildering array of communications channels available to us. There’s the usual email, instant messaging networks (Yahoo!, Google Talk), peer-to-peer networks (Skype), enterprise IM applications (IBM Sametime, Microsoft Lync/OCS), and social networks (Facebook, Twitter). And these are just the big boys. There are literally thousands of IM, P2P, and social networks, in addition to those listed above.

To give you an idea of the bevy of tools out there, the US Department of Agriculture (USDA) uses over 21 different email systems, but they’ve recently decided to award Microsoft a contract to provide cloud-based email, Web conferencing, IM, and collaboration solutions. Similarly, the US General Services Administration (GSA) awarded an email contract to Google. What this goes to show is that messaging in large organizations (in this case, it’s the government) is starting to move to the cloud as companies look for ways to streamline their messaging systems, improve efficiency, and cut costs.

What with all these communications options available to end users, it’s all too common for folks to use Facebook, Yahoo!, or Skype while they’re at work on company-issued computers. Oftentimes, individuals use a combination of Web 2.0 (think Facebook or Skype) and enterprise (think Microsoft Communicator or Cisco Jabber) applications. The problem with doing so is that it opens up new vectors for malware to invade the corporate network. In other words, there are far more avenues for evil to infiltrate the corporate network these days than ever before.

Thankfully, platforms like Actiance Vantage make it easier to manage the proliferation of communications tools within the enterprise. From blocking virus attacks to managing file transfers to logging and archiving of all IM activities, Vantages provides end-to-end security and compliance coverage for an organization’s unified communications.

We can all learn a lesson from the government contracts cited above. Long ridiculed for being the poster child of bureaucracy and antiquated computer systems, it must be saying something to have two large agencies moving their communications applications to the cloud. Looks like the US government has taken heed of that old KISS principle after all.

What’s in a name?

By kailashambwani,   January 25, 2011

“What’s in a name? That which we call a rose By any other name would smell as sweet” –

Juliet in Romeo and Juliet by William Shakespeare

Juliet knew that Romeo would be the same great guy even if he had another name.

And, this is what is occurring for us today…same great company, just with a new name.

But first, the why…

FaceTime’s business and offerings have changed dramatically since the turn of the century. We began as a provider of security and compliance solutions for public Instant Messaging networks, such as AOL, MSN and Yahoo. Today, we are a trusted partner to large enterprises, delivering platforms that enable them to cope with the explosion of new communications channels – from Unified Communications systems, such as Microsoft Lync Server, OCS, IBM Sametime or Cisco CUPS, to social networking channels such as Facebook, LinkedIn and Twitter.

Our current customer roster includes 9 of the top 10 banks, all 5 top Canadian banks, 3 of the top 5 independent energy companies and a myriad of large enterprises across all industries. These companies seek to leverage the New Internet to foster more collaboration internally and with partners, gain more customers and increase customer satisfaction. They rely on FaceTime to provide the security and compliance framework to ensure the safe use of these networks and channels.

Our promise to our customers is “You worry about the policy, we’ll worry about the channel.”

To deliver on this promise, we have greatly expanded our capabilities. Now our platform supports all the major IM networks, all the major Unified Communication platforms, popular VoIP networks, including Skype, widespread social networks such as Facebook, LinkedIn and Twitter. We also support financial networks like Reuters and Bloomberg, and Web 2.0 channels, such as Youtube, webmail, blogs and Wikis, to name but a few.

We’ve evolved over the last decade. And, we’re not done yet – this year we will launch support for various collaboration platforms and even more Web 2.0 networks.  Because of this metamorphosis, we have changed our name. Oh, and there is this small company based in Cupertino, California that launched a video chat application by the same name (yes, we were aware of it in advance) and I hear that it’s catching on…

Few companies have the opportunity to select a new name for a thriving business and we wanted one that would better reflect what we do today and our vision for tomorrow.

Changing our name….

We started mid-last year by rebranding one of our two core platform offerings from IMAuditor to Vantage. The dictionary defines a vantage point as “…a position that affords a broad overall view or perspective, as of a place or situation.” Vantage and USG provide an overall view of all the communications in your enterprise. But more than just a view, they give you the ability to ACTIVELY ensure COMPLIANCE with your security, management and regulatory policies.

Mark the words: ACTIVE COMPLIANCE. That’s what we enable:  Thus we are Actiance.

Welcome to Actiance…it’s still a great company.

For the Love of Dodd-Frank

By nleong,   December 9, 2010

There’s been a lot of chatter recently over Dodd-Frank, the act that was passed to promote more financial stability following the crisis of 2008-09.  Designed to improve accountability and transparency in the financial system, it’s ushered in sweeping changes to financial regulation, unseen since the days of the Great Depression.  So you know it must be a big deal if it’s keeping lobbyists and lawyers busy in the nation’s capital.

What’s it all about?
Under Dodd-Frank, the Securities and Exchange Commission (SEC) must create rules to establish a fiduciary duty for broker dealers and provide disclosures of material conflicts by broker dealers and registered investment advisors.  If that statement is adopted, each broker dealer would be required to provide potential customers with a written statement, prior to working with them.  The broker disclosure statement would require that the written statement given to customers outline such information as:  description of the types of accounts and services that the broker dealer provides, any areas of potential conflicts with such services, disclosure of all financial and other incentives, and the limitations on the duties a firm owes to its customers.

Translation?  Broker dealers must be completely forthcoming and open when they’re prospecting for new business or new customers.  And they have to be very clear from the outset what kinds of services they can offer, any potential conflicts of interest, and other such items.  This puts a tighter leash on broker dealers and you can bet that the regulatory agencies will be keeping a close eye on the content to ensure that relevant parties meet requirements on full disclosure.  The US government is taking steps to avoid a repeat of what happened a couple years ago.

If you need to monitor the communications of broker dealers or investment advisors, then it’s now possible to monitor and archive instant messages, content posted to social networks, as well as BlackBerry SMS and PIN content.  As there are so many ways for broker dealers to communicate these days, it’s not just about email anymore.  That’s so 1990s.  Now, you’ve got Facebook, Twitter, Skype, OCS, Sametime, SMS, to name just a few.

In fact, there are around 330,000 sales folks on LinkedIn who work in the financial services sector in the US.  That’s a lot of people for regulators to monitor.  Making sure broker dealers stay in line with the Dodd-Frank regulations is becoming ever more challenging, but at least now, firms can now leverage technology options to ensure that real-time communications are your friend – and not foe.

Who’s Your Daddy – Federal or State Regulations?

By nleong,   October 13, 2010

When it comes to regulation of the financial services industry, nearly all the focus to date has been at the national level.  The Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have rightly been in the spotlight regarding the issuing of social media guidance for the financial services sector.  The scope of SEC and FINRA regulations extend across state borders and is applied even-handedly on a national level.  However, in August of this year, the state of Florida amended its own record-keeping regulations to reflect the growing trend of social media within the enterprise.  This was hammered home in an interview we did with Federal Computer Week, where we noticed that Florida was leading the way with respect to specific state guidelines for these new communications channels.

Before August of this year, Florida’s guidelines were drafted with only email in mind.  However, given the pace of change within the technology space and the plethora of communications channels now available, Florida realized that its record-keeping guidelines needed to be updated to reflect the changing times.  As a result, the state’s General Records Schedule for State and Local Government Agencies was amended to include SMS, BlackBerry PIN, MMS, Facebook, and Twitter within its scope.  Florida’s amendment created a buzz that other states would soon follow suit.  However, just last week, the state amended Rule 69W-100.007, stating that if an advertisement or piece of sales literature complies with NASD Rule 2210, then it does not have to be approved or filed with the Florida Office of Financial Regulation, effective September 30, 2010.

And for those in the dark about Rule 2210, it requires that a registered principal of a firm approve all advertisements and sales literature prior to use either electronically or in writing and that they all be maintained in a separate file for a period of three years from the date of last use.

What this essentially amounts to is deference to federal guidelines when it comes to overlapping provisions between federal and state bodies.  More specifically, the federal standard reigns supreme with respect to the marketing of financial instruments.  This clarification on the part of Florida really underscores the importance of remaining compliant with FINRA rules.  Other states are following in Florida’s footsteps by incorporating FINRA into their own guidelines.

We’ve got a solid handle on these SEC and FINRA rules because that’s right up our alley – making sure that companies in heavily-regulated industries stay compliant.  We’ve got over 1,500 customers, many of which are in the financial services industry.  In fact, we count nearly all of the top ten US banks as our customers and about two-thirds of financial services professionals in the US work at a company that uses FaceTime solutions.

FaceTime tracks regulatory developments closely to ensure that the latest trends are considered when building new features for our security, management, and compliance platforms – whether that’s for social networks or unified communications.  From the moderation of content to logging and archiving, when we’re specifically talking about social networks, Socialite offers a host of features that can calm the nerves of even the most frazzled compliance and legal officers.  At the end of the day, companies that are subject to FINRA regulations, for instance, rely on the level of attentiveness FaceTime applies to this sector and that our solutions are designed with the most applicable guidelines in mind.  Check out Facetime’s Mapping of FINRA Regulatory Notice 10-06 to Facebook, LinkedIn, and Twitter to see what I mean.