Keeping Secrets in a WikiBlogTubeSpace World

Computerworld - When the media relations department at Global Crossing Ltd. first started planning a company-sponsored external blog last year, Michael Miller, vice president of security at the telecommunications services provider, made sure he was involved in the conversation.

“The normal reaction for most people in a security organization is, ‘How do we restrict this activity?’” he says. “But we wanted to clearly articulate some guidance around blogging in terms of what the employee’s responsibility is, what’s permissible, what isn’t. If you spend all your time blocking it, people will find ways around it.”

Miller’s response strikes at the heart of the corporate debate over how to minimize the security risks opened up by blogging, social networking, video sharing and other interactions that fall under the Web 2.0 umbrella. Companies are wrestling with a multitude of issues, such as whether to restrict employees from blogging on employer-owned equipment, whether to monitor what blogs say, whether to steer blogging activity toward a company- sponsored blog and how to set up parameters around these activities. There’s also the question of whether to open the corporate network to the wild and woolly worlds of MySpace.com, iTunes, Flickr and YouTube.

“Sites like MySpace and YouTube are new ways for companies to get infected by malicious code — viruses or spyware — and other scams,” says Arabella Hallawell, an analyst at Gartner Inc. Examples include the Yamanner worm, which hit Yahoo Mail users, and the Samy and Spaceflash worms, which spread among MySpace users.

For many, the blogging dilemma comes down to weighing the risks and benefits of spotlighting the company’s intellectual capital — the opinions of its employees — and opening new channels of communication with its customers without inadvertently leaking valuable information into the public sphere.

And loss of trade secrets is only one type of threat, according to Diana McKenzie, chairwoman of the information technology group at law firm Neal, Gerber & Eisenberg LLP in Chicago. Other common problems include co-worker harassment and defamation, securities law violations and intellectual property abuses, such as misuse of copyrights or trademarks.

“It’s not uncommon for employees to not know better and say, ‘We’re going to have great earnings this month,’ during a company’s quiet period,” McKenzie says. She even knows of a blogger who discussed where his employer planned to set up hidden security cameras.

Why Not Institute a Policy?

Companies can avoid legal troubles by creating policies for blogging, but not everyone makes that effort. In an exclusive Computerworld survey of 113 IT managers, just over half of the respondents reported that their companies have policies regarding employee participation in social and networking sites (see charts above).