BT's Web 2.0 security strategy

managing the vulnerability of mashups to data leakage

In 2006, just as the first tweet was being Twittered, BT Global Services launched an effort to keep its customers and 112,000 employees safe in a new world of Web-based communities and other interactive sites.

BT's security initiative started early, paralleling the emergence of collaborative Web 2.0 applications such as Twitter, LinkedIn and Facebook.

"We see social networking sites as an enablement tool" to help extend BT Group PLC's reach to prospective customers while helping employees build new business relationships online, says Ray Stanton, global head of BT's business continuity, security and governance practice.

But while BT stands apart from many companies in that it lets employees visit social media sites within the constructs of its Internet usage policy, it still needed a way to protect the company and its staffers from potential security threats lurking in cyberspace. For instance, the vulnerability of mashups to data leakage "has been one of our critical concerns," says Stanton.

A user might, for example, gain access to a mashup that combines a service for finding local restaurants with information from a social networking or mapping site, says Stanton. "There is the opportunity if the information is not secured across all the boundaries [that] residual information could be left or leaked at any point in the process," he says.

A criminal could figure out where the employee lives based on the restaurant's location and the mashup of the mapping system, adds Stanton. "And yes, if you book online, then guess what, we know where you live [and] what time you're out," he says.

In addition to keeping its employees safe, BT also wanted to apply technologies that would enable it to enforce its Internet usage policies. After holding a series of technical workshops with a number of security software vendors, Stanton and his team decided to use a set of URL filtering and security technologies from Blue Coat Systems Inc. about three years ago.

The systems include Blue Coat's ProxySG appliance, which BT uses to categorize URLs as either business productivity sites, such as LinkedIn, or sites that might be deemed improper, such as the Web pages of hate groups, says Steve Schick, a spokesman for the Sunnyvale, Calif.-based vendor. Depending on a customer's usage policies, the rackable ProxySG appliance can be configured to block access to certain sites or issue a warning when an employee is in violation of the company's acceptable-use policies, Schick says.

The appliance can also be configured to enforce usage policies for single users or groups of users. For example, a company that doesn't allow most of its employees to watch YouTube at work can program the ProxySG appliance to permit access only to employees of its marketing department who might use the site while developing marketing campaigns, says Schick.

BT is also using Blue Coat's ProxyAV, which enables the telecommunications giant to scan its network for viruses, worms, spyware, bots and other forms of malware.

While BT has taken a progressive approach toward employees' Internet use, it's important for it and other companies to also adopt practical usage policies, says IDC analyst Melanie Posey. "You have to know on some level what people are doing on the Internet and what impact it's having on network performance," she says.

Stanton declined to quantify BT's investment in the security tools. Schick says pricing for the ProxyAG appliance starts at $2,000, depending on the number of end users being monitored.

At a Glance

BT Group PLC

Headquarters: London

Company charter: One of the world's leading providers of communications services, operating in more than 170 countries.

Revenue for the fiscal year that ended March 31, 2009: $35.3 billion

Project champion: Ray Stanton, global head of BT's business continuity, security and governance practice, which has total oversight for BT's commercial security business.

Project payback: A return-on-investment study that's expected to be completed by year's end will examine the operational man-hours saved as well as capitalized IT infrastructure cost savings achieved.

Hoffman is a freelance writer in New York. You can contact him at

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags BTsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Thomas Hoffman

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?