Web 2.0 — the emerging social media world populated by entities like Facebook, Twitter and MySpace — represents the greatest danger in a sea of threats for 2010 … Read the rest of the security trends for 2010 on eChannelline.
Ontario’s privacy commissioner Ann Cavoukian says that banning employees from visiting social media sites, such as Facebook and Twitter at work isn’t a good idea.
“I think it’s a mistake,”Cavoukian said. She completely understands why in today’s environment some businesses may favour an outright ban, but says such prohibitions are almost always counterproductive.
What the commissioner has neglected to mention, is the fact that although a ‘blanket ban’ is not the solution, neither is unsecured open policy.
To leverage the advantages that twitter, facebook and other social networking/user generated content sites bring to your business, you have to allow access and mitigate the security risks associated with them.
I am a whole hearted advocate of saying ’yes’ to these Web 2.0 sites - as long as you have both a usage policy to educate your ‘users’ AND a security solution in place that can categorize pages on these sites in real time - thus giving you the ability to maximize the advantages, without compromising your security posture.
Read the story as reported on itbusiness.ca
According to an Everything Channel study of CIOs, seven in 10 midsize CIOs are using social media technology for their businesses.
Although the survey found that midsize CIOs still use social media tools more for personal reasons (73.5 percent) than for business (69.9 percent), respondents also said that social media can help improve business networks and gather product ideas — that is, once they figure out how to use it.
Productivity and effieciency seemed to be the major concern…however, I would argue that SECURITY needs to be on that list of deciding factors when establishing and implementing a usage policy for these various social media tools.
Here is a good example of the increased ‘pressure’ from constituents with respect to using social media tools:
“… we’re investigating on how to manage and monitor connections while maintaining security,” Gary Allen, CTO at the Amarillo Independent School District in Amarillo, Texas.
Mr. Allen is investigating his organization’s future with social media, as …
the number of requests to incorporate it (social media) have increased.
To any of you in the same boat as Mr. Allen and his colleagues, here is a great whitepaper that should help provide some insight into implementing a security posture for these Web 2.0 sites.
Here is an excerpt from a post on Gartner’s Blog Network by Andrea DiMaio. Although he claims not be a security expert, Andrea provides some good insight on Web 2.0 risks in light of the affect of the Twitter outage.
He touches on three key risks:
Click here to read his suggestions on how to address these risks.
I recently attended a customer event where I presented a short overview of the Web 2.0 at Work study released by Websense.
Just to ensure everyone was on the same page with respect to what Web 2.0 was… I started by asking the audience for their definition of Web 2.0.
Although only a few were brave enough to respond, just as when I ask about DLP, each one had a different definition… ranging from the generic ‘social networks’ to technical references such as ’Ajax’. We finally agreed upon the common denominator of ‘user generated content’.
Even though I felt like that kid in Jerry Maguire having the ‘did you know?’ conversation, it was interesting to see the reactions of each attendee once presented with some of the facts and stats on the prevelance of Web 2.0 and the security misconceptions.
Needless to say, the dialogue following my breakfast presentation was dominated by…’ I didn’t realize that !” or ‘if I could do that, that would solve …’
Most if not all of the attendees knew that they needed an update in their security posture, but were unaware of how to address this shift from a technology perspective.
If are trying to figure out how to provide safe and secure access to sites like Facebook, Linkedin and others social media / web 2.0 sites, I recommend the following Best Practices document.
Web 2.0 is here to stay – we just need to adapt our security infrastructure and policies to better address it.
Facebook just released as statement with respect to the findings of the office of the Privacy Commisioner. Glad to see that the message of a coordinated effort being the key to true security in the Web 2.0 space is being re-iterated.
The Commissioner also recognised, as we (Facebook)do, that privacy and user control on the social web is a new area, which requires websites, users and data protection authorities to work together.
Here is the article in the Ottawa Citizen about the original findings of the Privacy Commissioners with respect to ‘serious privacy gaps in Facebook’ and her ‘ultimatum’.
A key aspect to social media that many organizations sometimes forget is people power. With all of it’s business benefits, Social media needs real live people being social and active … in whatever Web 2.0 initiative you are embarking upon.
There are a few considerations every organization needs to consider when developing their blueprints for their own unique social media design. While there is no one-size-fits-all solution, there are few things you can plan for as you review the many options before you. (David Armano)
I would add a security component is also a ‘must consider’ prior to launching a web 2.0 initiative.
Read the rest of the blog post at Harvard Business.
Regardless of the social network(s) you are using… the 7 Deadly Sins of Social Networking written by Bill Brenner on CIO.com echoes my sentiments on posting information and/or pictures on Web 2.o sites such as Facebook, MySpace and others.
As Paul V. de Souza, chief security engineer at AT&T puts it:
…one of the major rules when engaging in social networking is to be aware that your words belong in the public domain,”
This highlights the ‘other’ side of Web 2.0 and the sometimes negative aspect of user generated content…
Websense Security Labs has seen an increase of over 300 per cent in the first five months of 2009 the number of sites it categorizes as containing “racism and hate” and “militancy and extremist” over the same period in 2008. The content was particularly prevelant on Web 2.0 sites such as Facebook.
The rise in this category of sites potentially forces businesses to reevaluate their policies on allowing Web 2.0 sites to be used at work.
A Websense survey of 1,300 IT managers in 10 countries showed that although 95 per cent of IT managers allow access to Web 2.0 in some way, only nine per cent have security to protect all threats. The statistic becomes troublesome considering the survey also found that 62 per cent of IT managers believe Web 2.0 is necessary for their business.
Part of the trouble with Web 2.0 is correctly identifying the kinds of sites that it encompasses. The same Websense survey showed that only 17 per cent of IT manger correctly identified all types of Web 2.0 sites from a list. Half of these IT managers identified wikis, video uploading and cloud computing to be Web 2.0.
Global Language Monitor, a US-based web monitoring firm, announced that the millionth English word is “Web 2.0″ !
The firm searches the web for newly coined terms, and once a word or phrase has been used at least 25,000 times, it is recognized as a word. This includes hybrid words in Chinglish (Chinese English), Hinglish (Hindi English), Spanglish (Spanish English), Hollywords (terms created by the film industry), computer jargon and words forged by the internet. (i wonder if those terms are official ‘words’ )
The five words leading up to the millionth clearly show how the language is influenced by current social trends.
The list included “Jai Ho!” an Indian exclamation signifying victory or accomplishment, and “slumdog,” popularized by the Oscar-winning movie “Slumdog Millionaire.” As well as, “Cloud computing” and “carbon neutral”… and last but not least my favourite.. a term used for newcomers to the gaming world… ”N00B”… with zeros for o’s. Obviously not a complimentary term.
On a bit of a trivia note.. the Web 2.0 conference in 2004 hosted by O’Reilly Media and Tim O’Reilly, was the same year that ‘Blogosphere’ and ‘Cybercrime’ officially became New Words in the Concise Oxford English Dictionary
