A web-based business embraced social media as a business enabler...after putting in place the right tool, reports Greg Masters.Denis Brooker was initially opposed to permitting the use of social media at his company. It is one of the main avenues for viruses and other malware, he says.
“At first it didn't seem that the benefits of enabling social media would outweigh the risks,” he says. Indeed, as the information security head and VP of preventive security at NetSpend, an Austin, Texas-based provider of general-purpose reloadable (GPR) prepaid debit cards, he didn't want social media in his environment at all.
However, NetSpend is largely a web-based business, and the company's marketing and executive team saw the promotional and business-expansion benefits of social media. The communications officer wanted to use social media to get a sense of where there are problem areas and how customers feel about the company. The marketing and the online direct team also demanded access to Facebook, Twitter, and LinkedIn, and the HR department wanted to use LinkedIn extensively to find new employees and for reference checking, Brooker (left) says.
“So, it was time to find a way to embrace social media safely for the company's 500 employees and its seven million customers,” he says. “We needed a way to provide secure social media access and conform to financial regulations. As a financial services company, NetSpend is subject to Financial Industry Regulatory Authority (FINRA) compliance, so it needed a way to monitor and manage social media use. The company also wanted to control potential data leaks and other communications that would affect U.S. Securities and Exchange Commission (SEC) compliance prior to its plan to go public.
“Social media is an important part of our marketing program,” says Brooker.
The IT security team, with input from senior management and marketing, began a search for a solution. After surveying the options, they chose to implement Socialite, Actiance's security, management and compliance solution for social networks, which provides granular control over Facebook, LinkedIn and Twitter. It not only controls more than 160 different features across social networks, but allows users to moderate, manage and archive social media traffic routed through the solution, says Sarah Carter, VP of marketing at Actiance, based in Belmont, Calif.
“These controls help organizations stay compliant with guidelines from various regulatory bodies, including FINRA, the SEC, IIROC [Canada's self-regulatory organization which oversees trading activity], HIPAA and Sarbanes-Oxley,” Carter says.
The Actiance solution was implemented shortly after a $1.2 million fine was imposed by FINRA on a major insurance company for inadequate online protection and data archiving procedures. Subsequently, senior management directed the NetSpend IT security team to address the problem of social media. The executives, in fact, provided a link to an Actiance webinar.
“We selected Actiance over the competition because it offered exactly what we needed for regulatory compliance,” says Brooker.
Once Brooker determined social networking access was a vulnerability, he wanted to address the risk quickly. “That was the key factor for us – speed to deploy,” says Brooker. NetSpend chose the SaaS option.
Socialite can be run as an on-premise solution (using the Actiance United Security Gateway as a hardware appliance or virtual appliance), as a software-as-a-service (SaaS) solution, or as a hybrid that combines on-premise and hosted SaaS to define both an on-network and roaming social media policy, says Carter.
And deployment was easy, Brooker adds. “Socialite has an intuitive user interface and is easy to configure, especially in the SaaS configuration.”
NetSpend already had policies and procedures in place to ensure proper online behavior, says Brooker. But it needed a means to enforce those policies. “Before we installed Socialite, we had no way to control internet access other than to allow it or block it,” he says. “Now we can moderate and control access to all aspects of social media, including who can post, what they post, and even such things as games.” The deployment of the Actiance tool scales across the entire company.
Actiance monitors updates to social networking sites and applications, and pushes out updates on a regular basis, says Carter (right). Since Actiance has a partnership with major players, like Facebook and LinkedIn, it often gets insight into scheduled updates before they are released, she says. “This is due to the relationship and access to those sites' APIs, which are not available to everyone.”
The latest addition to the platform, Socialite Engage, allows users to distribute pre-approved content so organizations can proactively manage social media in a secure and compliant environment, while they can see which content had the most impact, adds Carter. It also leverages third-party data sources, such as internal systems and data feeds, highlighting channels that are the most effective.
Moving forward, NetSpend is appointing social media moderators for individual departments, and providing a formal training program to ensure that each department is up to speed on guidelines for appropriate commentary, to protect against data leaks and regulatory violations.
Further, it continues to expand its existing use of Socialite to protect against malware and to enforce compliance with a number of guidelines and regulations.
Socialite is doing exactly what it was designed to do, says Brooker. “Our users understand why we have these controls in place, and Socialite monitoring serves as a constant reminder to them as to what is and is not appropriate social media behavior.”
Social media: Protection
- SaaS, on-premise or hybrid deployment options to support network and remote users.
- Centralized identity management to maintain different identities on different social network platforms, and track them as a single identity.
- Conversations and content logging that captures all posts, content, messages and comments in context, and either stores them on the Socialite SaaS system or exports them to an archive for eDiscovery.
- Granular application control of access to prevent misuse, such as blocking chat and games on Facebook.
- Moderator control of posts on Twitter, Facebook and LinkedIn for pre-approval before post.
- Activity control over who can post updates, “likes” and comments.
- Extensive customized reporting.
This case study originally appeared in SC Magazine's Spotlight on Social Media in November 2011. Click here to download a PDF of the special issue.