A web-based business embraced social media as a business enabler...after putting in place the right tool, reports Greg Masters.Denis Brooker was initially opposed to permitting the use of social media at his company. It is one of the main avenues for viruses and other malware, he says.
“At first it didn't seem that the benefits of enabling social media would outweigh the risks,” he says. Indeed, as the information security head and VP of preventive security at NetSpend, an Austin, Texas-based provider of general-purpose reloadable (GPR) prepaid debit cards, he didn't want social media in his environment at all.
However, NetSpend is largely a web-based business, and the company's marketing and executive team saw the promotional and business-expansion benefits of social media. The communications officer wanted to use social media to get a sense of where there are problem areas and how customers feel about the company. The marketing and the online direct team also demanded access to Facebook, Twitter, and LinkedIn, and the HR department wanted to use LinkedIn extensively to find new employees and for reference checking, Brooker (left) says.
“So, it was time to find a way to embrace social media safely for the company's 500 employees and its seven million customers,” he says. “We needed a way to provide secure social media access and conform to financial regulations. As a financial services company, NetSpend is subject to Financial Industry Regulatory Authority (FINRA) compliance, so it needed a way to monitor and manage social media use. The company also wanted to control potential data leaks and other communications that would affect U.S. Securities and Exchange Commission (SEC) compliance prior to its plan to go public.
“Social media is an important part of our marketing program,” says Brooker.
The IT security team, with input from senior management and marketing, began a search for a solution. After surveying the options, they chose to implement Socialite, Actiance's security, management and compliance solution for social networks, which provides granular control over Facebook, LinkedIn and Twitter. It not only controls more than 160 different features across social networks, but allows users to moderate, manage and archive social media traffic routed through the solution, says Sarah Carter, VP of marketing at Actiance, based in Belmont, Calif.
“These controls help organizations stay compliant with guidelines from various regulatory bodies, including FINRA, the SEC, IIROC [Canada's self-regulatory organization which oversees trading activity], HIPAA and Sarbanes-Oxley,” Carter says.
The Actiance solution was implemented shortly after a $1.2 million fine was imposed by FINRA on a major insurance company for inadequate online protection and data archiving procedures. Subsequently, senior management directed the NetSpend IT security team to address the problem of social media. The executives, in fact, provided a link to an Actiance webinar.
“We selected Actiance over the competition because it offered exactly what we needed for regulatory compliance,” says Brooker.
Once Brooker determined social networking access was a vulnerability, he wanted to address the risk quickly. “That was the key factor for us – speed to deploy,” says Brooker. NetSpend chose the SaaS option.
Socialite can be run as an on-premise solution (using the Actiance United Security Gateway as a hardware appliance or virtual appliance), as a software-as-a-service (SaaS) solution, or as a hybrid that combines on-premise and hosted SaaS to define both an on-network and roaming social media policy, says Carter.
And deployment was easy, Brooker adds. “Socialite has an intuitive user interface and is easy to configure, especially in the SaaS configuration.”