Robert Mason (not his real name) would love to spend a few minutes during lunch catching up on blog posts from around the web, but his company doesn’t allow it. The financial institution where Mason works as a vice president has security filters set up to block access to — among other things — any website that contains the phrase “blog” in the URL.
What’s more, says Mason, such practices are becoming prevalent in corporate America, particularly in financial services. Mason sits on a roundtable privacy group of 20 of the country’s largest banks. “My best understanding is that my company’s anti-blog stance is the industry norm,” he says.
Filtering out every blog isn’t a completely feasible project (and, in fact, Mason says his company’s filter doesn’t catch everything), but the technology to censor the lion’s share of blogs is fairly commonplace. From installing simple URL filters and content scanners to blacklisting ranges of IP addresses, myriad methods for shutting out blog content are available.
If nothing else, the corporate firewall can simply add the word “blog” to the company’s list of verboten phrases that trigger blocking, alongside “games,” “warez” and “britney spears sex tape.”
Keith Crosley, director of corporate communications at censorware company Proofpoint, says there’s no anti-blog conspiracy at work, but that some companies have higher security, privacy and regulatory needs that require greater diligence over what companies can and cannot do.
In particular, companies worry that employees might leak sensitive material — perhaps inadvertently — while posting comments to blog message boards. In a survey of over 300 large businesses conducted in conjunction with Forrester, Proofpoint found 57.2 percent of respondents were concerned with employees exposing sensitive material in blogs. That’s higher than the portion concerned with the risks of P2P networks.
Proofpoint’s products have historically been geared toward monitoring e-mail for sensitive material, but about a month ago the company released a beta of a new product designed to scan standard HTTP traffic (such as comment postings) for the same kind of information. Sandra Vaughan, the company’s senior vice president of marketing and products, says the Network Content Sentry software has attracted “incredible interest” and already has 20 companies beta testing it.
Connor Brosnahan, manager of network systems at South Nassau Communities Hospital, is due to start beta testing the product shortly, after having successfully implemented a similar system three years ago to block or encrypt outgoing e-mail on a keyword basis. “It started with HIPAA and all the new privacy regulations,” he says. “We’re trying to manage what goes out of the building rather than what comes in.”
By Christopher Null