Posts Tagged instant messaging
Although the Financial Services Bill is still going through the House of Lords, in less than nine months time the demise of the FSA will be complete. Its replacements, the PRA (Prudential Regulatory Authority) and the FCA (Financial Conduct Authority) have issued guidelines on their approach, but their current lack of detail on financial promotions has left many firms confused about the future.
The biggest initial change I think we are going to see is not new guidelines, but a stricter enforcement of the current ones with heavier fines for those that stretch the mark. One of the contentious issues around this is the proposed public “early warning” notices of firms that do not comply and the cutting of the right to reply from 28 to just 14 days.
The FCA guidelines state: The government intends that the FCA will have new powers in product intervention; to direct firms to withdraw or amend mis-leading financial promotions with immediate effect; and to publish the fact that a warning notice in relation to a disciplinary matter has been issued.
Besides the problem of drawing adverse attention to a potentially innocent firm, there are other issues to consider. Retrieving the evidence of a print or email-based marketing campaign to argue your case is relatively easy, but trying to collate proof around a social media campaign that’s taken place over several different platforms is time-consuming without an adequate contextual archive.
14 days is a long time if warning notices are issued and waiting that long to demonstrate publicly that it was within the regulation is not really an option for a firm looking at damage limitation and protecting its reputation. A successful, or indeed notorious, social media campaign that’s been running for just a week can produce a vast amount of content that will need to be reviewed. But working out who said what, who saw what, whether they were public messages or private DMs takes time if you’re doing it manually or using disparate databases. Not to mention the additional headache if the campaign actually ended months before.
In addition, the PRA outlines that it may even intervene in a financial institution’s business, citing the Japanese Financial Services Agency that in 2009 banned the retail division of a large financial institution from advertising and running sales campaigns for one month after it failed to maintain required standards to control money laundering.
We’ll have to wait until October when the House of Lords meets again to discuss the Financial Services Bill to see if the early warning notices will remain, but either way there are several things firms can do now in preparation for the final transition.
Review your risk within the current FSA guidelines, amended your policies and procedures if you find them lacking and starting thinking about using technology not just to enforce them, but to help you understand the situation and react quickly if something does go wrong. Even better, put a strategy in place that allows for real-time monitoring, compliant logging and archiving and content control that means that even if audited, you know you are safe when using Social Media as part of a marketing portfolio. The cost of implementing such an approach will always be significantly lower than the potential penalties for not doing so.
Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.
Having just returned from the Carmel Valley eDiscovery Retreat in lovely Monterey, California (author John Steinbeck’s stomping grounds), I walked away with the distinct impression that social media and enterprise collaboration applications were drawing increasingly more attention, both from the courts as well as the other vendors in attendance.
Why is this happening? Well, there’s growing acceptance that social-type communications are subject to eDiscovery just like other forms of electronic communication (read: email). The list of cases involving social media eDiscovery grows longer each month. All this reflects the growing demand for solutions that can capture social media and collaboration content in a way that preserves the interactive format of sites like Facebook, Twitter, blogs, and their brethren.
Capturing social content is one thing but to do so contextually is another. The importance of context can’t be emphasized enough when it comes to social media and collaboration platforms. That’s because their very DNA is predicated on constant interaction, be it feedback, replies, sharing, you name it. You might have ten individuals responding one on top of the other to a provocative blog entry. If an archiving system were to capture each of the ten persons’ comments individually without tying them back to the original blog entry, you lose all context.
Now, when you toss litigation into the mix, where expensive legal costs and tight deadlines are the norm, well, you can see how having accurate, contextual capture can save lots of time, money, and headaches. Moreover, having a system in place that can handle a wide range of communications (e.g., instant messages, social media, collaboration, Skype, BlackBerry, and all the rest) brings efficiencies that would otherwise be absent if an organization chose to deploy multiple systems to capture all these different types of communication channels.
Point solutions are becoming too difficult to manage, too expensive, and prone to compatibility issues. Having a single platform to manage all your communications channels, given all your security and compliance concerns, can certainly restore calm to an otherwise chaotic world of real-time communications.
That kind of simplicity even John Steinbeck would be proud.
The last couple of weeks have seen UK newspapers filled with stories over UK Government plans to expand its monitoring activities to include email and social media. The two extreme ends of the point of view being it’s either the only way to stop criminal activity or one step away from a draconian privacy invasion something a kin to 1984.
Neither extreme is accurate. Obviously the more seriously criminally minded will start to use other methods of communication that are more secure, if indeed they are not already. In a humorous look of the proposed legislation comedian and presenter of the BBC’s Friday Night comedy, Sandi Toksvig recently conjured up the image of two terrorists in balaclavas talking to each other on Skype saying “Yes, I promise you it really is me under here.” However, with the right controls, it can play a significant role in the fight against crime.
At the same time, most people don’t have time to read their own email, let alone anyone else’s. If Government was planning on checking content, which incidentally it says it is not, then it would have to be using keyword or lexicon search.
Type “bomb site:twitter.com” into Google and it is easy to see that just the profile names of tweeters alone would keep someone busy for a long time let alone the messages, so it’s clear that some intelligence would need to be applied to make searching content worthwhile. It also highlights the challenges of scale, something that defeated the Labour government in its attempt to introduce similar legislation in 2009.
Perhaps one of the key issues is that of trust. With stories of local councils using RIPA (Regulatory Investigatory Powers Act) to accuse citizens of flouting the school catchment rules, it’s no wonder many people are wary of giving any government power to see who they call or chat to over the internet. If the TV programme Spooks is to be believed, the security services already have the technology anyway and are using it to listen in to every mundane conversation, text stream and email conversation anyway so what’s the difference? This of course is a long way from reality. However, the monitoring of suspicious traffic is a logical and more importantly, justifiable part of the crime-fighters armoury and with the massive strides being made in keyword and lexicon search and identification technology, also relatively easy to implement.
It is not the ability to listen-in to me telling the world what I am having for dinner on Facebook that is the issue, but how much control is in place to ensure we know who can listen to what.
The bottom line is that the growth of social and electronic media use by the criminal fraternity is a serious threat to our national security and well-being. Last summer’s riots grew at the pace they did because of the use of technology such as Blackberry Messaging, SMS and Twitter and monitoring will allow for the police and security organisations to react quickly and effectively to protect our safety. Terrorist communications have been proven to often be in the form of cleverly coded electronic communications.
“Ah”, I hear you say, “but what about human rights?”. Well, I think we have a decision to make – either we take the view that logically, there will be far too much traffic to allow for any investigator to focus on anything other than posts, tweets and blogs that trigger alarm bells OR we do nothing and run the risk of the criminal element enjoying unparalleled freedom of communication. The real issue is one of checks and balances to ensure responsible application of regulations around monitoring.
For this reason the UK Government, and indeed the others that are bound to follow suit, must ensure that the legislation protects society, whilst also protecting the rights of the individual.
When we look at most industry regulation today, that means implementing the technology to enforce a policy, archive it and provide a full audit trail to ensure that actions are accountable and that only authorised personnel have access. This technology is available today and its use needs to be factored into any policy discussion by government
Although we will have to wait until the full plan is revealed to truly analyse the consequences, I think it is inevitable that this type of legislation will eventually come into force. We live in a world where real-time communications is the norm, it is unrealistic to expect those we look to protect us to do so without the tools to combat others that use them for nefarious activities.
For those who already utilize tracking, monitoring and control solutions for IM and UC infrastructure, it can be a real blow when you find out that your solution isn’t keeping current, or doesn’t plan to in the future.
In this real-time world, ensuring that your solution maintains the security, management and compliance of these real-time solutions is key to ensuring the future of your business. So what happens when your selected solution doesn’t?
Take the announcement from Quest that Policy Authority for UC has come to end of life and end of support at the end of last year. The hard part for customers is going to be pulling the pieces back together. No doubt you’ve transitioned your entire organization onto a specific platform, now only to find that it’s not keeping up to date with industry changes, or your vendor plans to stop development.
What should you do in that situation?
First, you should identify the timing of the change. Do you have three months or 12 months? Understanding your timeline can help you prioritize your next steps.
The next step is identifying a new partner that you can work with. Here are a few things to look for:
- Customer churn: How many customers have recently left them to work with a different vendor? This can also be indicative of the type of support you may receive
- Product roadmap: Has it been a while since they’ve deployed a new version of their solution? Do they support capabilities like Group Chat? Are they compliant with Live Meeting? Do they support the new Microsoft Lync Server? What about IBM Sametime Advanced? Skype?
- Company’s primary focus: Is security merely a component of their product offerings? Or, is security, management and compliance for the new Internet their primary focus?
- Social media capabilities: Do they support the big three (Facebook, Twitter and LinkedIn)? What are the specific features for each they offer?
- Partners: Who do they work with to get their updates? Are they members of industry organizations? Do they partner with platforms so they are the most up to date with new product and feature rollouts?
Why not – if this affects you, join us on one of our webinars, and look at just how easy it is to move!
If there are any doubts in your mind or issues that arise, it’s important to take a closer look at your relationship with this partner and reconsider the engagement.
In this day and age, it’s too easy to miss one update and find your network compromised. It’s critical to partner with a company who will be dedicated to your organization’s safety and success in real time communications – and who makes it their entire business, so that you don’t have to.
This is not a Southwest Airlines promotion, but rather, a blog entry on how easy is it to mess up on social media. None other than a Google engineer (as it’s a social world, you’ll likely know his name already – Steve Yegge) is the latest victim to be ensnarled in the social media web. As most of you have probably heard by now, Stevie Boy ripped on his own employer in a Google+ post-cum-rant on the shortcomings of that very platform. Of course, he meant the post to be visible only to his Google colleagues and not to the outside world. Oooops.
There are oodles of smart folks at Google, but that doesn’t mean they’re immune to the occasional epic screw-up. Just goes to show how easy it is to forget about who you’re connected to and what your privacy settings are. Like many social networking platforms today, users have the option of selecting who their audience will be for particular posts and messages. If you’re not careful (or perhaps too inebriated), it’s quite easy to let 800 million of your closest Facebook “friends” know that you were at the local pub to check out the Rugby World Cup, instead of lying in bed at home since you called in “sick” for the day.
It reads like a broken record throughout the copious blogs, articles, and conferences surrounding social media these days: be careful what you put out there because you’re never gonna get it back. Just the other day, I read an article, saying that only 26% of those who use Facebook daily were concerned about privacy on that site. Pretty scary. I guess we’re living in a fishbowl world and no one seems to mind.
That’s not true, of course. Privacy and security will always be an issue for those persons or organizations where data confidentiality is crucial. From patient health records to financial data to credit card numbers, the types of data that require the utmost security controls would be a long list indeed. Companies like Actiance strive to bring peace of mind to those organizations in need of granular security and compliance controls.
Content comes in many shapes and sizes these days. It’s not just social media. There’s also instant messaging, BlackBerry, Skype, texting, collaboration software, and good ol’ fashioned email that people can use to communicate with one another. And that’s not an exhaustive list. As technological innovation chugs along, new communication channels will undoubtedly continue to emerge.
So, if you’re looking to avoid pulling a “Steve Yegge,” pay attention to the details: know who you’re connected to, check your privacy settings, and try not to get too sloppy before Facebooking or Google+’ing at the end of the evening.
Well, it’s been four months since FINRA reconvened its task force to revisit Regulatory Notice 10-06. Anticipation’s been building within the financial services and technology communities as to what additional guidance FINRA will come out with, having had a year to assess 10-06 in action. Whatever new guidance FINRA does come out with, however, must be approved by the mothership (aka the SEC).
FINRA’s only been around since 2007, its creation having been approved by the SEC. So, in many respects, FINRA still maintains close ties to the mothership, just by the very nature of the industry they oversee. Many financial institutions are countries unto themselves with countless subsidiaries and offshoots left and right. Inevitably, the line blurs between investment advisories (IAs) and broker-dealers (BDs) since many of these institutions are dually registered, making it difficult to determine which rules to apply – the SEC’s, FINRA’s, or both.
Since the changes implemented by the SEC in the 1990s regarding instant messaging storage and retention, we’ve seen the importance of both engaging with the regulators to keep abreast of what’s happening in the regulatory world and keeping them up-to-speed on what technology is capable of doing. I just had a call this morning with some attorneys from the SEC’s Office of the Chief Counsel on the topic of social media. Not surprisingly, they keep close tabs on what FINRA’s doing with respect to this emerging area. There aren’t any social media-specific guidelines from the SEC, at least not yet. But, judging by the questions I was asked by the SEC attorneys, I got the feeling they are keen to see how IAs are using technology to remain compliant with rules such as 204-2 and 206(4)-1, pertaining to recordkeeping and advertising, respectively.
Their concerns were consistent with what we’ve heard in similar discussions with other regulatory bodies – the FSA in the UK, IIROC in Canada, and, of course, FINRA here in the US. It’s the gnawing feeling that guidance was necessary, given the rapid spread and adoption of social media, but that the guidance needed to be well thought out before being issued.
I’ve got no problem with things taking time. The financial services industry and its regulators have historically leaned toward the cautious, conservative tack. Certainly, that approach hasn’t changed, even if social media moves at a breakneck pace. It’s like the ol’ race between the tortoise and the hare. Slow and steady will win out over “irrational exuberance” 99% of the time. At least, that’s what your mother would have you believe.
Most social media interaction relies on a fairly immediate response. A tweet has a half life of 3 hours for instance. Whether it’s responding to a customer query, discussing the latest piece of industry news with a partner or just a bit of friendly banter with colleagues, joining in the conversation an hour later can be an opportunity missed. It’s one of the reasons so many of us take our mobile or cell phone wherever we go. I might only be the other side of the office, but I can still respond instantly to something pertinent, without having to walk back to my desk.
Mobility has become an important part of our lives, but it has also added a complexity to the IT aspect of controlling data. A couple of years ago most enterprises standardised on PCs, laptops and mobiles. Today, users want to be able to choose not just the device that helps them do their job the best, but also the one they feel most comfortable using. Some prefer proper keyboards on their mobile, others like electronic; iPads are really popular with sales guys doing a lot of presentations, hated by others for their lack of true multi-tasking. Users even consider the personal aspects of their devices – can they continue reading the latest thriller on the commute to work, video conference with their family when away from home.
The end result for the poor IT guy is that he has to control and record information coming in and going out of the network through a myriad of devices. It’s one of the reasons we developed our technology to focus on the data stream to the social media application, not the method of communication. We already provide full support for recording conversations on Facebook and LinkedIn regardless of device and will be extending this to include Twitter in May.
However, providing support via a direct connection to the API of the social network is only half the story. It won’t surprise you to learn that social media sites are constantly updating their offering, but it may surprise you to know how many changes are made on a weekly basis that directly affect how third party systems such as those provided by Actiance function. The top three sites Facebook, LinkedIn and Twitter average around twenty changes a week, though for a couple of weeks in March they nearly topped forty. Some are minor changes or tweaks, others have a significant impact in the way data is handled.
Fortunately, our close relationship with the major social networking sites means that we are frequently aware of changes ahead of time and can easily make any necessary changes to our own technology in response. In addition, the constant moving of goal posts is nothing new to Actiance. Our heritage in dealing with the instant messaging networks from way back when in the early 2000’s where the introduction of new networks and protocol changes were profuse has enabled us to develop processes that enable our research and technical team to react swiftly.
As the workforce becomes more mobile, the problem of different devices isn’t going to go away. The mobile phone was once touted as being the de-facto communications tool, but the impact of tablets has shown that this might not be the case. I can’t predict what I’ll be using in the future to communicate with customers, partners and colleagues, but I do know that a point solution for devices or specific applications to enable it isn’t the long term answer. A scalable platform that enables the secure, compliant use not just of social media, but UC and Web 2.0 is.
Just five years ago, stringing the words in this blog title would’ve been complete nonsense. Fast forward to 2011, and they now make perfect sense. Hopping on the social media bandwagon, investors are now turning to new communications channels like Facebook, Twitter, and blogs to get the latest tips on hot stocks, rumored IPOs, and corporate scandals.
A March 2011 study by CMC Markets, Share Trader Insights Survey, hammers home the point: social media is being increasingly used by investors to gather trading information, especially among those of us under the age of 45. The study found that the under-45 demographic had the highest percentage of individuals using social sites like Facebook and Twitter to enhance their investment knowledge. The 25-34 segment was particularly notable, too. A whopping 59% of those under the age of 35 use Twitter to acquire trading information. Interestingly, investors over the age of 45 were more likely to use their iPhone to gather trading information.
In terms of which social media sites were deemed to be most useful, trading websites took the top spot with 57% of investors using this form. Beyond trading websites though, there was no clear social media site that investors preferred. Blogs, webinars, Facebook, Twitter, iPhone apps, and even YouTube were all cited by investors as being sources of trading information.
I won’t bore you with any more gory statistics, but the inside scoop is that social media seriously is a viable source of information for investors. However (deep breath), care must be taken to analyze all this mountain of data objectively (you don’t say…). It’s easy to post information on any of these sites and even easier for it to spread virally. Just think what could happen if someone started a false rumor on a company with the aim of sending the stock price soaring. If written persuasively enough and if that rumor appears on several social media sites, the rumor begins to take on a life of its own. The phrase “buyer beware” becomes that much more important, with due diligence, background checking, and due care assuming more prominent roles.
Along these lines, companies themselves have to be careful of what’s being posted about them in these social media fora. That’s why we’re starting to see organizations turn to technology to help them address this flood of social media content. Protection of the corporate brand and confidential information is top-of-mind for many firms. Add to that the constant threat of malware and viruses piggybacking on tweets and Facebook posts, and it’s easy to see why solutions have begun to sprout up to manage this social media content and ensure that it’s safely used within the organization.
Actiance Unified Security Gateway (USG) is the only secure Web gateway focused on these Web 2.0 and social media applications, on top of the usual security protections (anti-virus, anti-malware, and URL filtering). From allowing and blocking access to over 4,700 Web 2.0 applications to granular content and access controls for Facebook, LinkedIn, and Twitter, USG is the platform for making sure that social media doesn’t commandeer your corporate network and throttle your reputation.
It’s the enabler that lets you use social media productively and safely. Just don’t count on it to tell you whether to buy or sell the 1,500 shares of MSFT you’re sitting on.
In the last couple of weeks we’ve been informed that our products have been shortlisted for not just one, not two, not three, but four leading industry awards (yes really!) – two of them related to Financial Services and two awards covering everyone’s darling, Social Media. This got me thinking about how modern communication tools such as UC, Social Media and Web 2.0 have completely infiltrated our working lives and the breadth and depth of platform required to enable their secure use.
In an average day I use nearly a dozen different mediums to communicate with colleagues, partners and customers including Microsoft OCS, IBM Lotus Sametime, Skype, Twitter, LinkedIn, Facebook, Quora, Blackberry Messenger and Cisco Webex. I use my iPhone, my Blackberry, my iPad, my laptop. In the past month, I’ve connected and communicated at 37,000 feet, on a cruise ship off the coast of Cuba, Costa Rica and (shame on me), even in the office. Face it, if there’s a way of connecting with the internet…I guess I’ll find it. Equally, if I worked directly in a Financial Services organization – like many of our customers – then I would probably also be adding something like Thomson Reuters Messenger or Bloomberg to the list.
You might be wondering how on earth do I find the time to work – but that’s the point, virtually everything I do on these networks helps me to do my job. But it’s also interesting that what I use has changed too. Twelve months ago I wasn’t using Facebook for chat much and I didn’t have an account on Quora, I’d certainly not Skyped at 37,000 feet, nor had I SMS’d while traversing the Panama Canal.
The other weekend I co-hosted a conference workshop for compliance officers in Utilities organizations on how to develop a social media policy. After protracted discussions about how the organizations attending use social media and considering some of the pitfalls – including my question du jour “how do you comply with retention of records on your twitter account?” that always gets the room buzzing – the group split up into teams to draft a social media policy that would work for them.
It’s almost a guarantee that somewhere in the policy specific networks, normally Facebook, will be mentioned. But in just the same way you can’t spare the time to rewrite your policy every time a new social network becomes popular, neither can you afford to update your IT controls either. Not to mention the fact that there are thousands of social networks available that may not be popular, but still have a considerable amount of users that might just be your employees. So looking at the bigger picture isn’t just important, it’s imperative.
Being able to secure, manage and meet compliance duties requires a platform that offers breadth and flexibility in adapting to the changing world we work in. I can’t claim to know what tomorrow’s hot favorite communications tool may be, but I work with a team of people who do know how to spot them and who also know how to manage them . Our Actiance Security Labs live and breathe social networks and Web 2.0 applications and track, monitor and provide management capabilities on a daily, if not hourly basis.
I’m probably not going to meet fellow brit Colin Firth (rats) over the next three weeks and my acceptance speech, should we win (again), certainly won’t be as polished as his, but I will be attending the Oscar equivalent in the IT security world, SC Magazine’s award ceremony. If you’re there, come over and say hi – I promise not to try out my question du jour.
SC Awards – Best security Solution in Financial Services – Vantage
Network Computing – New Product of the Year – Socialite
We all know there’s a glut of information out there, what with all the social media sites, instant messaging (IM) networks, and unified communications platforms (think Microsoft OCS and IBM Sametime) being used to facilitate communications, so it should come as no surprise that making sense out of that mountain of data is no small feat.
This is the quandary many organizations face today. They’re capturing all this data but are having a difficult time organizing it into actionable data (e.g., analyzing customer buying trends, market opportunities, etc.). Many technology solutions today can capture social media content like Facebook Wall posts, LinkedIn status updates, and tweets, but nearly all of them capture only the individual post or tweet itself. When exported out to an archiving platform, such as the popular Symantec Enterprise Vault, there’s nothing but headaches for eDiscovery and legal folks, trying to piece together related tweets and Facebook posts scattered throughout an archive.
What really separates the “men” from the “boys” is not only being able to capture the data in context, but also display that context in full when retrieving content for eDiscovery, regulatory, or legal purposes. Capturing data in context means not just capturing a single “missive,” but capturing the entire stream of messages posted throughout the day in a single, simple, easy–to-read transcript. This simplifies reviewing by leaps and bounds. It also makes for a more fluid eDiscovery process as legal teams, both in-house and law firms, can more easily find the information they’re looking for and, in turn, more quickly determine if a piece of data is relevant or not. At the end of the day, man-hours and legal costs are driven down dramatically, and employee productivity is maximized.
Socialite from Actiance is one such platform that can capture data in context. Capturing content posted to sites like Facebook, LinkedIn, and Twitter and then being able to present it in transcript format makes it not only much easier for end users to find what they need and determine its relevance, but also shows the original message in its true format. You can liken it to the ol’ “quality vs. quantity” debate: what good is archiving a million different Facebook posts if you can’t make sense of it?
As the Web 2.0 and social media train screams along at breakneck speed, the chaos that data can become will only get worse and the need for that “calming” influence becomes more pronounced. Socialite brings order to that chaos.
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- July 2009
- June 2009
- April 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- Application Filtering
- Electronically Stored Information (ESI)
- Employee Behavior
- Enterprise 2.0
- Enterprise IM
- Financial Services
- Guest Post
- New Internet
- personal v professional
- Product Announcements
- Public IM
- Retail banking
- RSA Conference
- Securities and Exchange Commission
- Social Networking
- Unified Communications
- Web 2.0
- Web Security