Social, Web 2.0, and Security


One of the biggest concerns for many enterprises is the security around protecting Intellectual Property (IP), data, privacy, and overall corporate data that has the potential to negatively impact a company market share, corporate image (goodwill),  and bring various legal ramifications to bear.  McAfee recently published a report on Social Media that details the challenges companies have around this very topic.

With the advent of Web 2.0 tools and technologies, many firms have been very concerned how employees use these tools.  While the consumer sector has seen the largest explosion of Web 2.0 tools, enterprises have been reluctant to allow their users unfettered access to these tools even though the business-related benefits are there.  Many employees are unaware of the various malware, viruses, and bots, that can be easily inserted into various web 2.0 tools and platforms.

  • Why are corporate users so ignorant of the threats that Web 2.0 tools carry?
  • Why are corporate IT Security teams so unwilling to “Open the Doors” to leverage these Web 2.0 Tools which clearly carry revenue opportunities for the business?
  • How can we come to a consensus between protecting corporate IP, and allowing the business to leverage powerful new capabilities to drive revenue and cost efficiencies in this crappy economic times?

As an IT security professional, I have taken an oath to protect company data, even when the company does not understand the threats and attack vectors that exist.  At the same time however, as an employee we have obligations to help the company drive revenue, operate efficiently,  while protecting IP.  My point here is not to dissect the IT Security profession, but to simply point out the conflict security professionals need to recognize.

image

There have been other recent articles detailing how Web 2.0 has cost over $1.1 Billion due to security incidents.  This is not a glaring endorsement for companies to promote Web 2.0 technologies, and unless there is a program in place to focus on reducing these incidents, and being able to bring basic security awareness into the Web 2.0 discussion will lead to more and more enterprises restricting access for employees, and more and more employees looking to circumvent or bypass those security controls to leverage the power of Web 2.0.

The benefits of Web 2.0 to the business has been proven, especially in Marketing, and Product Engineering.  In fact a recent survey showed interesting statistics.

In 2006 Gartner published a listing of 7 Core Benefits of Web 2.0 that businesses cannot overlook, and while 4 years old, still emphasis what companies are now leveraging from Web 2.0 today.

Seven Core Benefits

The seven core benefits of Web 2.0 for traditional enterprises that, according to Gartner, should not be overlooked are:

  • Core enterprise applications will become more effective through the incorporation of Web 2.0 technologies.
  • Next-generation Web platforms can be highly efficient in overall procurement and sales strategies.
  • Lessons from Web 2.0 community and social networking success stories can be leveraged within the enterprise for more efficient knowledge worker collaboration and overall employee satisfaction.
  • Semantic tagging technologies can greatly increase the navigation of internal and external information overload and increase information-based product consumption and use.
  • Web 2.0 communities can be used for new product feedback, shortening the product development time and targeting valuable marketing resources.
  • Targeting bloggers and other influential Web users can help to control an organization’s image and influence publicity for the positive
  • Making Web-based marketing the norm, rather than the exception, will help optimise overall marketing spend.

So while the benefits are now bearing the fruit of 3-6 years of technology innovation, the same benefits from Web 2.0 are now enticements to the “Bad Guys” in terms of exploiting the openness and transparencies within Web 2.0.  This security issue will only get more public, moving into the spotlight, and more difficult to dismiss by Collaboration and Social Strategy experts as uncommon. More and more systems are becoming linked with mashups to Cloud platforms, using OpenAuth for authentication integration between disparate platforms, endless plug-in, and of course tying back to the advent of Social Business Networking platforms within the enterprise.

Action Plan

I think the way for Security Professionals to defend the IP, while helping the business is to use a multiple approach.  First, using Web Technologies, such as Web-Content Filtering appliances, Good Social\Web 2.0 Usage Policies and Governance, and Awareness Training.  The Awareness Training that Security Professional have used in the past is useless with Web 2.0.  Users would be sleeping in 5 minutes hearing how dangerous Web 2.0 is, and would reject those lessons immediately.  I am for Awareness Training 2.0, which is to show users how to leverage Web 2.0 tools and capabilities, BUT inject at key points the potential for threats to exploit the user’s actions as they leverage those Web 2.0 tools.  Tying those threats to Web 2.0 in terms of how user’s could have their customer’s contacts hijacked, leads stolen, public relations nightmares, and how the user’s and the company could lose potential revenue.

Advertisements

2 Comments

Filed under Collaboration

2 responses to “Social, Web 2.0, and Security

  1. Hi Richard. The challenge for IT security professionals is to create secure work environments where trusted knowledge-exchange can flow freely inside and outside of the enterprise. The most progressive companies are working diligently on this, while the laggards are resisting.

    On a positive note, it’s probably one of the best times ever to be a security expert. Opportunity abounds for brilliant solutions that preserve the spirit of the social web, while protecting the organization’s self-interest and ability to compete in an ever-connected digital marketplace for things and ideas.

    • Susan, I could not agree more. If one point could derail Enterprise 2 from making inroads within organizations is the risks and actual loss of IP within a company. That could shut down or delay Enterprise 2 adoption.

      great points

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s