No Longer Safe for Work: Blogs

Robert Mason (not his real name) would love to spend a few minutes during lunch catching up on blog posts from around the web, but his company doesn't allow it. The financial institution where Mason works as a vice president has security filters set up to block access to -- among other things -- any website that contains the phrase "blog" in the URL. What's more, says Mason, such practices are becoming prevalent in corporate America, particularly in financial services. Mason sits on a roundtable privacy group of 20 of the country's largest banks. "My best understanding is that my company's anti-blog stance is the industry norm," he says. Filtering out every blog isn't a completely feasible project (and, in fact, Mason says his company's filter doesn't catch everything), but the technology to censor the lion's share of blogs is fairly commonplace. From installing simple URL filters and content scanners to blacklisting ranges of IP addresses, myriad methods for shutting out blog content are available. If nothing else, the corporate firewall can simply add the word "blog" to the company's list of verboten phrases that trigger blocking, alongside "games," "warez" and "britney spears sex tape." Keith Crosley, director of corporate communications at censorware company Proofpoint, says there's no anti-blog conspiracy at work, but that some companies have higher security, privacy and regulatory needs that require greater diligence over what companies can and cannot do. In particular, companies worry that employees might leak sensitive material -- perhaps inadvertently -- while posting comments to blog message boards. In a survey of over 300 large businesses conducted in conjunction with Forrester, Proofpoint found 57.2 percent of respondents were concerned with employees exposing sensitive material in blogs. That's higher than the portion concerned with the risks of P2P networks....

===