December 15, 2008
Social Media Security Threats
I recently attended an information security forum that is renowned for keeping abreast of the most leading, stealth and potent information security threats facing web-based applications. To be prepared, in advance of the meeting I reviewed each of the top threats compiled on the FBI, SANS and NIST lists – as well as a code look at some of the more deviant updates being advanced into the more traditional SQL injections, cross site scripting and directory traversing attack methods. However, much to my surprise and in contrast to prior meetings, the most pervasive and possibly lethal threats were not technical at all, they were simply young professionals who do not know or do not care about corporate IT security policies.
The so called Gen Y is making a sea shift change to the working population, and while they are biased toward and proficient with cutting-edge technologies, several credible research studies indicate they care more about securing their home PC than their work PC. In the last five weeks, four research studies (from Accenture, Intel, ISACA and Face Time Communications) have demonstrated that staff under 28 years of age are the enterprise's newest and most serious IT security risk. How crazy is that?
The Accenture research, published on November 5, polled more than 400 students and employees from age 14 to age 27. The study found that more than half (60%) of young people "are either unaware of their companies' IT policies or are not inclined to follow them."
When asked which technologies they currently use for work-related activities that are not supported by their employers, mid-Millennials (ages 18 to 22) answered mobile telephones (39%), open source software (19%), IM (27%), online applications (12%), and social networking sites (28%)." The respondents also acknowledged freely and regularly downloading freeware, shareware and non-standard technologies from (unknown and untrusted) public Web sites.
In a November 13 released study, Intel and the research firm of Penn Schoen and Berland Associates suggested that while Gen Y workers are having a positive impact in the enterprise, they are also creating new security risks. Their propensity to download unapproved software and social media tools was one of the chief reasons cited for IT professionals' concern. Some participants in the Intel survey indicate that tools for controlling or blocking access to certain applications or sites might be effective in controlling the Gen Y problem. Others referenced tools that monitor employees' activities and flag risky behaviors.
In the only after-the-fact social slip-up review, Face Time Communications discovered that 37% of IT managers surveyed have found employees violating policies about sharing corporate information on social networking sites.
The threat from these unsanctioned activities is very real and the potential impact high. Inadvertently downloading a trojan, harboring a virus or exposing data leakage threaten confidential information and the trust bestowed to employers who manage employee and client information.
If you pass on the who's to blame question and advance to the how do we fix it question, the path to resolution is fairly clear - however requires compromise. In order to attract and retain the next generation of knowledge workers, employers must embrace the tools and technologies that make these professionals productive. Choosing to simply ban Web 2.0 tools (often in large part due to a lack of understanding) is an ostrich in the sand scenario which cannot be successful. Adopting the Web 2.0 tools which can make business sense and supplementing their implementation with initial and recurring user education is the constructive path. The Millennials must similarly compromise. Not all social media tools have a legitimate business purpose and enterprise information security cannot be compromised under any condition. Striking a balance will mediate the requests for the newest and coolest social media technologies within the context of enterprise security and corporate legitimacy.
Technorati: Aplicor, SaaS  Add to Technorati Favorites
Del.icio.us: SaaS, Aplicor  Save this page to del.icio.us
View CC license
Posted by Chuck Schaeffer on December 15, 2008 in Web 2.0, Enterprise 2.0 & Social Media
Permalink | Comments (0) | TrackBack (0)
Trackback 
Trackback URL for this entry: http://www.aplicor.com/blog/081215.htm
Post a comment  Comments can be sent to cschaeffer<at>aplicor.com or via the form below.
Comments are moderated and will not appear on this weblog until approved.
|
