Best Practices for Archiving and Securing Social Media

Osterman Research has recently published a new report entitled, Best Practices for Archiving and Securing Social Media and Collaboration Platforms, which outlines the staggering penetration and growth in use of social media and cloud collaboration platforms in business environments.

It shows that while there are a lot of irreplaceable benefits to leveraging social media and cloud collaboration platforms for business, there are also risks that, if not managed properly, leave organisations vulnerable to business and legal risk.

“It should come as no surprise that the use of social media and cloud collaboration platforms are proliferating virtually every business environment, and for good reason. The ability to freely communicate, access and share information is invaluable and critical to success in today’s digital economy,” said Michael Osterman, principal analyst and founder, Osterman Research. “However, for many organizations – whether public, private or government, the inability to effectively monitor, manage, capture, store and protect all data and communications puts it at serious business, legal and/or regulatory compliance risk,”.

The use of social media – both from “official” corporate accounts and from employees’ personal accounts – is growing rapidly. Most organizations and their employees are using a large and growing number of social media tools for a variety of purposes, some of which are related to their work and some used for strictly personal reasons. Add to this the growing number of enterprise-grade social media and collaboration tools that IT and other departments are deploying to improve work processes, enable enhanced employee productivity, and provide more efficient file sharing and communication between employees.

However, while beneficial, the use of these tools comes with significant risk on two levels:

  • In many organizations, critical business content generated by and stored in both enterprise-grade and non-enterprise social media accounts is not being properly archived and retained, exposing organizations to a variety of risks. These include an inability to satisfy regulatory obligations, an inability to place important business content on legal hold, and an inability to discover and produce information during litigation.
  • Unmanaged social media and collaboration solutions can serve as a conduit for ransomware, other malware and data breaches, and they are an effective method for cyber criminals to use social engineering techniques as an attack vector. Although more traditional tools like corporate email are typically well protected against threats like these, social media and collaboration tools very often are not.


The key for any organization is to enable the use of social media and collaborative tools and gain from the productivity and other benefits they provide, while at the same time properly managing these tools and the content they generate and mitigating the risks they can introduce.

Major findings include:

  • Social media use, both approved and unapproved, is growing at a healthy pace in most organizations.
  • The vast majority of organizations have well-established policies in place for corporate email, but these types of policies are much less common for tools like consumer-focused social media, collaboration systems, unified communications systems and other social platforms.
  • A large number of organizations have experienced a malware infection through a social media channel, most commonly through Facebook.
  • Non-enterprise social media tools are unlikely to secure and protect account access and content to degree necessary to satisfy corporate security policies.
  • Most organizations do not retain social media content from non-enterprise accounts, and fewer than three in five do so for social media content from enterprise accounts. Neither is content from collaboration systems retained to the same degree as more commonly used tools like collaboration solutions.
  • While true archiving is quite common for corporate systems like email and file shares, it is less common for social media, text messages and other types of content, despite that these solutions often contain important business information.
  • There are a number of important best practices that any organization should consider and implement in the context of proper social media management. These include understanding why social media and collaboration tools are used, development of detailed and thorough policies, monitoring and managing employee use of these tools, archiving business content from them, and deploying enterprise-grade alternatives where possible.

This white paper was sponsored by Archive360 a provider of data migration and management solutions for the Microsoft cloud.