BT's Web 2.0 security strategy

managing the vulnerability of mashups to data leakage

In 2006, just as the first tweet was being Twittered, BT Global Services launched an effort to keep its customers and 112,000 employees safe in a new world of Web-based communities and other interactive sites.

BT's security initiative started early, paralleling the emergence of collaborative Web 2.0 applications such as Twitter, LinkedIn and Facebook.

"We see social networking sites as an enablement tool" to help extend BT Group PLC's reach to prospective customers while helping employees build new business relationships online, says Ray Stanton, global head of BT's business continuity, security and governance practice.

But while BT stands apart from many companies in that it lets employees visit social media sites within the constructs of its Internet usage policy, it still needed a way to protect the company and its staffers from potential security threats lurking in cyberspace. For instance, the vulnerability of mashups to data leakage "has been one of our critical concerns," says Stanton.

A user might, for example, gain access to a mashup that combines a service for finding local restaurants with information from a social networking or mapping site, says Stanton. "There is the opportunity if the information is not secured across all the boundaries [that] residual information could be left or leaked at any point in the process," he says.

A criminal could figure out where the employee lives based on the restaurant's location and the mashup of the mapping system, adds Stanton. "And yes, if you book online, then guess what, we know where you live [and] what time you're out," he says.

In addition to keeping its employees safe, BT also wanted to apply technologies that would enable it to enforce its Internet usage policies. After holding a series of technical workshops with a number of security software vendors, Stanton and his team decided to use a set of URL filtering and security technologies from Blue Coat Systems Inc. about three years ago.

The systems include Blue Coat's ProxySG appliance, which BT uses to categorize URLs as either business productivity sites, such as LinkedIn, or sites that might be deemed improper, such as the Web pages of hate groups, says Steve Schick, a spokesman for the Sunnyvale, Calif.-based vendor. Depending on a customer's usage policies, the rackable ProxySG appliance can be configured to block access to certain sites or issue a warning when an employee is in violation of the company's acceptable-use policies, Schick says.

The appliance can also be configured to enforce usage policies for single users or groups of users. For example, a company that doesn't allow most of its employees to watch YouTube at work can program the ProxySG appliance to permit access only to employees of its marketing department who might use the site while developing marketing campaigns, says Schick.

BT is also using Blue Coat's ProxyAV, which enables the telecommunications giant to scan its network for viruses, worms, spyware, bots and other forms of malware.

While BT has taken a progressive approach toward employees' Internet use, it's important for it and other companies to also adopt practical usage policies, says IDC analyst Melanie Posey. "You have to know on some level what people are doing on the Internet and what impact it's having on network performance," she says.

Stanton declined to quantify BT's investment in the security tools. Schick says pricing for the ProxyAG appliance starts at $2,000, depending on the number of end users being monitored.

At a Glance

BT Group PLC

Headquarters: London

Company charter: One of the world's leading providers of communications services, operating in more than 170 countries.

Revenue for the fiscal year that ended March 31, 2009: $35.3 billion

Project champion: Ray Stanton, global head of BT's business continuity, security and governance practice, which has total oversight for BT's commercial security business.

Project payback: A return-on-investment study that's expected to be completed by year's end will examine the operational man-hours saved as well as capitalized IT infrastructure cost savings achieved.

Hoffman is a freelance writer in New York. You can contact him at tom.hoffman24@gmail.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags BTsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Thomas Hoffman

Computerworld (US)
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?