More Options
- Subscribe
- nGenera Community Feed
More Options
|
Valid XHTML v1.0
|
Default conversation security update to BSG Hub - updated Mar 14
belongs to Security  by Anonymous User on 2008-03-14 05:23 PM read 707 times |
The BSG Collaboration Hub security has been changed to default to more secure internal communication. This was done in an expedient manner to address the dramatic growth of online conversations. While this is not how we ultimately want to handle secure internal communications, it was the quickest way to ensure externalizing communications is deliberate.
All conversations Conversations created by BSG employees within the BSG Hub are now defaulted to be visible only to BSG personnel by the automatic addition of the BSGLock security tag (see example below). If you want non-BSG users to view your conversation (e.g. customers), simply delete this tag to unlock the conversation.
In addition, the following adjustments were made:
Note: A conversation that's not secured either by:
... the conversation will be pushed out to the major search engines in order to improve the visibility of BSG on the Web (e.g. Google). You can tell if a conversation is secure by the notice at the bottom of your conversation. Additional information on conversation security can be found here.
What if you could control this based on the URL you used to access the hub? So if I am a blogger I go to http://www.bsgalliance.com/public (or something) and whatever I post defaults to publicly viewable and http://www.bsgalliance.com/internal does the opposite? People could just bookmark whatever mode they usually use.
I think you usually know what you want before you start your post.
Just throwing out ideas...
Tonight we're releasing a patch that'll more granularly control this policy:
In the financial services world, the rule is that security isn't always convenient, but is very necessary. Our job is to provide the best customer experience around tight security, not to reduce security. As we begin to try and get subscriptions to e.laborate at Merrill Lynch and Fortune 500 firms, all of us have to be make sure we are protecting the privacy of our clients information. If a customer at the firm can accidentally display confidential information to the public, we will lose that customer's trust very quickly. And, it's never the customer's fault. So, while we may not be perfect, we should be doing everything to make it easier to protect our client's information.
Jeff - Would it be less secure if we want our customers to view conversations within the BSG hub, we give them a userid and invite them to that specific group as opposed to removing the lock (either have them self-register or do it for them)? The conversation would have to have a specific lock as opposed to just "bsglock". Then they are using e.laborate in a more secure way. I realize that this is a bigger discussion, but just want to lob this idea out....
If you have not already seen it this post by Scott is helpful:
BSG Alliance - Communication strengths of a Hub (aka e.laborate)
As Scott mentions, e.laborate is not really designed with a "security first" mindset. It is more focused on making it easy to share rather than protecting and restricting information flow. Many others take that approach (I came from the classified data world...) , and they tend to build expensive software that few people actually use, or they build expensive and restrictive "walls" around more accessible software.
I empathize with the need for secure communication and certainly we could help the Financial Services sector customers build "walled" installations of e.laborate, but we should be careful we don't try to offer e.laborate as something it is not.
That said, Jeff and I are very happy to talk about customer needs in this area along with how many of those customers exist and what they might be willing to pay to get the tools they need.
icon
,
Guys, I understand the need to err on the side of caution, but this is probably not a good idea. I predict our bloggers will not physically go in and unlock each public post. Time-- everyone is pressed for time.
Isn't there a better way?