Nexgate Password Lockbox reduces risky social media fails for IT admins

As companies move closer to becoming engaged enterprises, IT admins want an extra layer of security across their social channels.

It is so easy to bring malware into an organisation from your social activities. Malware is easily propagated by clicking Facebook links and links in tweets.

The more popular a brand becomes, the likelihood of malicious content appearing grows. The threat landscape has changed and admins need to keep on top of what is happening in this space.

Bullying, hate speech and offensive content on brand channels are a risk to brand perception.

"Too many social teams rely on rudimentary and dated Excel spread sheets to manage social account passwords, sometimes across hundreds of accounts and employees" ~ Devin Redmond, Co-founder and CEO at Nexgate.

Often corporates have multiple social media accounts, Facebook pages and other channels.

There are often multiple people on the social team, agencies and employees with access spread across a variety of channels, accounts and apps.

The challenge is that social media channels fall outside of the traditional IT control.

IT administrators can manage corporate accounts, such as who gets a logon and email address but anyone can create a corporate Facebook page or social media account.

Companies may be active with their social brand messaging. For example there might be five social media channels in use daily operated by a team of 20 people.

Alternatively there might be 30-40 social media accounts across different business units at a company. Login information is shared centrally and the channels are managed by a small team of about five people.

All social accounts need to be discovered and managed. Are there any fraudulent accounts? Are all of the brand accounts actually owned by someone at the company?

San Francisco Based Nexgate has created Social Password Lockbox to manage this problem.

It simplifies social password management for IT administrators while adding an extra layer of security to their social channels. Instead of just managing passwords, the solution manages the applications.

The company launched in April 2013 and already has over 60 customers using the solution.

Administrators can do away with shared passwords and Excel-based password management. Instead they can implement social media account access controls which connect using SaaS to the social channels themselves.

The solution works within the social network — not in the corporate network or at the device. It works across any connecting application, software, hardware or mobile device to identify bad content, stop hackers, and address compliance risks where they happen — in the social network.

It is designed to work on a mobile device using the built-in browser. There is not a custom app at this time, though the administrative functions can be accessed via the mobile browser.

This implementation guarantees that only personnel who are authorised can access social channels. Passwords are consolidated and therefore more easily managed. Social media issues are mitigated.

Some organisations feel that they want to add an additional layer of security for multiple accounts. Two factor authentication works for single user accounts.

It works by using a social wrapper on top of its OneLogin single sign on and identity management product. Users log in using their corporate login credentials and Password Lockbox manages access to the branded social channels.

OneLogin has connectors for Active Directory to populate user and group information for access controls to social media accounts and applications.  

When Password Lockbox identifies objectionable content, the solution automatically audits it, including who the originator of the post or comment is. This is captured along with the user information so admins can identify and block repeat offenders.

An alert is automatically generated to administrators if there is an account change by anyone that is potentially malicious. The solution sends an email with details of the potential intrusion, and asks the admin to identify whether or not the event is malicious or not.

If the admin identifies that the event is malicious, or if they fail to respond to the alert,Password Lockbox can be configured to automatically lock the account from further activity to prevent the intruder from using the account for malicious purposes.

"Too many social teams rely on rudimentary and dated Excel spread sheets to manage social account passwords, sometimes across hundreds of accounts and hundreds of employees, contractors, and agency employees," said Devin Redmond, Co-founder and CEO at Nexgate.

Social Password Locker is sold as a packaged solution or a component of a broader solution. Subscriptions start at $10,000 per year. Licensing is per account on a social channel (e.g., one Facebook page, one Twitter account and one YouTube Channel).

A small price to pay for brand reputation protection and intrusion detection that could potentially destroy your brand.