There are four options that come to mind that will not completely ban social networking sites, but either actively or tacitly put some restrictions in place. The first, depending on the corporate culture, is to put a social networking acceptable use policy in place that states: "Employees may not access social networking sites unless it is a requirement for them to perform their duties." This behavioral approach is normally the first line of defense in an organization. But in order to be effective, these policies must be enforceable. That may require monitoring and audit of enterprise traffic, educating the users on acceptable use and responding strongly to users who insist on violating them. Plus, it also assumes you can enforce your policies across your entire organization.
The next approach is to use a Web content filter appliance that can limit access to sites based upon user roles. In this case, the program uses enterprise roles (like Active Directory groups) to determine access in real time and block access -- usually with a warning page -- for unauthorized populations.
The third approach is to use a network proxy service. Similar to a Web filtering program, the device is configured on a per-user basis to control access to the network entry point into the Internet sites.
Finally, there's a new market for social network management and audit software. The first company I'm aware of that offers this type of software is SocialWare Inc. The SocialWare software provides an application gateway that does more than allow/disallow access; it actually provides fine-grained access to a social site's applications (like allowing access to Facebook but disallowing access to Facebook messaging) and gives admins the ability to moderate user postings before they actually go on a site. As an alternative approach, Palo Alto Networks Inc. has put application-level controls into its firewall product. This combines the management of applications, like social networking, with network access and the layer-4 router-level control. While these are powerful features, companies like SocialWare and Palo Alto Networks are providing these new features to the market and companies are only just starting to evaluate how effective this type of functionality really is.
So, of the four ways described above, what's the best way? I believe enforced policies are still the best. In other instances of Internet access, like preventing users from accessing porn sites, enforcing policy has proven to virtually eliminate this practice within corporate workforce populations (so long as HR policies addressing these infractions are in place as well). Technology isn't always the best preventive method.
For more information:
- Read more about how to implement and enforce a social networking policy.
- Learn how to provide access to Web content without sacrificing security in this expert response.
This was first published in December 2009