5 Steps To Google+ Compliance - InformationWeek
Software // Social
11:07 AM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

5 Steps To Google+ Compliance

Your business can gain the benefits of social media marketing and collaboration without risking a compliance nightmare. Here's how.

10 Crowdsourcing Success Stories
Slideshow: 10 Crowdsourcing Success Stories
(click image for larger view and for slideshow)
Social networks have proven their value to businesses in the form of better customer communications and increased brand recognition. However, once social networking is used for the dissemination of information between employees, vendors, teams, and external personnel, concerns about compliance should become a major issue. After all, compliance regulations are meant to keep information secure and control the distribution of information that is deemed sensitive.

Compliance concerns affect businesses in many different ways--depending of course on the regulation that a business is subject to. For public companies there are regulations set forth in Sarbanes-Oxley (SOX) legislation, while healthcare organizations are bound by Health Insurance Portability and Accountability Act regulations, retail establishments have to follow Payment Card Industry regulation, and other professions--such as law, financial services, and others--have their own sets of rules to follow.

Now that Google is looking to launch a social networking solution for businesses, based upon its newly minted Google+ offering, compliance concerns are going to grow exponentially for many businesses, simply because any technology that makes it easier to share information makes information that much easier to share.

Therein lies the problem--how does an IT manager control that information and make sure that the information does not violate compliance rules, expose proprietary intellectual property, or potentially reveal trade secrets?

Here are five tips on how to remain compliant in a world driven by social networking:

1. Block Access: The most obvious way to protect a company and its data from compliance violations is to simply block access to social networking sites. It is an easy concept, but also proves difficult to execute. Blocking access requires advanced firewall settings, or possibly purchasing security appliances. However, the simplest way to build an effective blocking technique may be by incorporating Web-filtering software or hardware. Here, policies can be implemented that will block access to those sites.

2. Deploy Data Leakage Protection Technologies: For some, the answer may be to simply control the content that enters and leaves the network. With DLP, data is examined during transit to make sure it does not contain information that violates compliance policies. DLP is one step above filtering, because it allows access, yet examines inbound and outbound traffic.

3. Education: Perhaps one of the most basic methods to protect data is to educate the end users. By informing users of company policy, compliance requirements, and having them sign an agreement to protect data, most, if not all, compliance issues can be prevented. However, education usually proves to be the hardest solution to pull off.

4. Control Access: Limit access to social networking sites to those who only need it as part of their job function and define clear-cut policies on what is and what is not acceptable communications. To enforce limited access, you may have to rely on implementing the first three steps above to make controlled access possible.

5. Define Policies: A majority of companies lack comprehensive policies for social networking. Although policies tie into employee education, the fact is that most policies do not target the rules and regulations surrounding social networking and legislative compliance requirements. Clear-cut policies help to educate employees, define acceptable behavior, and ease auditing--all of which are key components of effective compliance enforcement.

With a little forethought and a bit of planning, the benefits offered by business social networking can be realized by most businesses, without risking a compliance nightmare.

At the 2011 InformationWeek 500 Conference, C-level executives from leading global companies will gather to discuss how their organizations are turbo-charging business execution and growth--how their accelerated enterprises manage cash more effectively, invest more wisely, delight customers more consistently, manage risk more profitably. The conference will feature a range of keynote, panel, and workshop sessions. St. Regis Monarch Beach, Calif., Sept. 11-13. Find out more and register.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Deb Donston-Miller
Deb Donston-Miller,
User Rank: Apprentice
7/15/2011 | 6:18:07 PM
re: 5 Steps To Google+ Compliance
I would agree that #s 3 and 5 are huge. It's pretty amazing (and disturbing) what people *don't* know about social networking, in terms of reach and potential pitfalls. I think this is one of the reasons Google+ may eventually overtake Facebook (if not in number of users then in businesses using it). The ability to easily wall off your friends from your family from your professional contacts, and so on, is huge in terms of protecting data and privacy.

Deb Donston-Miller
Contributing Editor, The BrainYard
User Rank: Apprentice
7/14/2011 | 7:44:31 PM
re: 5 Steps To Google+ Compliance
Personally, I think # 3 and # 5 are the only reasonable ones. Saying that you're just going to technologically block people from doing damage is the equivalent of saying that you're going to stop them from handing out confidential documents in AA's Admiral's Club, or tape their mouths so that they can't say inflammatory or liability-ridden things. People are going to do what they're going to do (meaning if they want to cause harm), even if they have to go to Starbucks and do it. If you can educate them and talk about it, that's the best thing.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll