Security Threats from Social Computing
With the influx of Web 2.0, highly collaborative tools and information exchanges between knowledge workers, the enterprise is poised for a significant shift. Adding another layer of complexity, the new generation—the Millennials—are entering the workforce and they bring with them the familiarity of social computing tools.
How exactly this will affect business operations is yet to be determined. However if the way 2.0 technologies such as blogs, wikis and networking sites have impacted our social lives is any indication, then social software applications and social networks are likely to profoundly transform the way the enterprise works.
A Facebook ThreatBut are enterprises ready to accommodate the Millennials’ needs? These tools have been deeply ingrained into their daily personal activity as is evident by the inclusion of product features like the Facebook “wall” into their everyday vernacular. But there’s a big difference between personal computing and computing for the enterprise, in particular where security is concerned. Vulnerabilities can easily be transferred from one environment to the next without proper guidance and technological know-how and C-levels need to be prepared.
This being said, the benefits of this dramatic transformation are also coupled with some serious issues around corporate governance and security. Many organizations struggle with the most effective way to leverage governance and security. These concerns stem from the nature of ad hoc collaborative and content rich environments that these new toolsets provide to users. As people throughout the enterprise rapidly create content on the quest to unlock tacit knowledge and access information with greater speed and agility, a series of security issues need to be mitigated and addressed.
To create a low barrier for collaboration, the tools inherently have adopted security models and work best for content that is meant to be widely distributed. Features of the products like RSS can also pose challenges around the granularity at which they can be secured and delivered.
Governance has now come to the forefront on the issues list. With the inherent ability to quickly deliver content, Web 2.0 tools face some challenges that need to be addressed from a business standpoint and not technology layer. What is acceptable use? Who has responsibility? Who maintains content?
Phishing and malware are serious concerns in the consumer space and this need to be addressed in the corporate space. Corporate social networks are perfect entry points for these threats. The worms that once crawled into our e-mail inboxes are now going to appear from within our own corporate networks on our own wikis and blogs.
Social networks make it easier for people to form connections, understand relationships and leverage connections in the enterprise. They also provide a wealth of knowledge for people performing social engineering activities.
Reputation Management ConcernsAs enterprises embrace more consumer tools to reach out to their prospects and customers, external content and reputation management in forums and blogs become of paramount concern. Companies spend billions of dollars developing their brands and need to protect their investments.
Rapid user-driven creation of content impacts auditing and regulatory concerns. Traditional content management systems contain rigid controls to manage this, but the very nature of Web 2.0 tools excludes them.
There are a number of critical steps that enterprises can do to protect against online threat and mitigate risk. There is a tremendous amount of undeniable business benefit to using social computing tools but getting started on the right foot will ensure the most value is gained for the business. Additionally, physical security and IT teams will not be swamped under the weight of managing the rapid creation and sharing of content and ideas throughout implementation of the toolset. It is better to be safe and informed now, then to be caught off guard by a new 2.0 technology later.