Tweet this: Social network security is risky business
Panel discussions at RSA focus on a more social attack vector
Computerworld - SAN FRANCISCO -- Businesses are still trying to figure out what to make of social networking. The knee-jerk impulse at some companies is to ban its use because it's insecure and seen as unproductive, while at others it's viewed as, in fact, the way a lot of people now get work done.
The debate gets into familiar territory -- balancing business benefits versus risks -- and some that's not so familiar: Is a new generation in the workforce wired differently because of Facebook and Twitter?
"It starts way before college," said Gillian Hayes, a University of California at Irvine professor who took part in a panel at this week's RSA Security conference. "The emphasis is on 21st century skills, solving problems creatively; kids solve problems by mashing up bits and pieces."
Hayes' panel addressed "Lifestyle Hacking: Social Networks and Gen Y Meet Security and Privacy."
There's a growing generation gap between those who have grown up immersed in the Internet and those who think using social network sites is no more productive than spending work time surfing e-Bay, Amazon, ESPN.com, or, for that matter, porn and gambling sites. Companies often cite productivity, even more than security, as the prime reason for banning social networking.
"There are baby boomers like me who think the road to productivity is through single focus, one thing at a time, said Jim Routh, a consultant for Archer Technologies. "In reality, those brought up on the Internet are accustomed to using multiple media-rich environments productively. The older generation separates the work and the social, but the technology is so pervasive, there is no separation anymore."
Some companies are responding by allowing social networks for specific business initiatives, such as marketing and sales. Even then, however, people who were raised with technology often find ways to break through work-imposed barriers, tunneling through Web proxies or getting to Facebook using Google.
Not surprisingly, this puts security people in a tough place. They're under pressure from employees, business managers and, sometimes, upper management to find a way to bring social networking in securely. Even for security mangers who understand risk assessment in a world in which business is often powered by access to a global network, social networking is still risky business.
"We spent so many years locking things down," said Frank Waszmer, information security architect at Florida-based Health First. Waszmer was part of a panel discussing "How CIOs Protect Their Data in A Web 2.0 World."
"It took a long time to convince management to tighten things up," he said. "You have to make sure management is on board to the risk of opening up."
- Security execs express surprise over CISO's firing following RSA talk
- Security industry faces attacks it cannot stop
- Pennsylvania fires CISO over RSA talk
- Google attacks, Web 2.0 fuel FUD at RSA
- Analysis: Does the storm over cloud security mean opportunity?
- Microsoft's tax-for-hacks 'horrible' idea, say security experts
- FBI Director: Hackers have corrupted valuable data
- CISOs rain on cloud-computing parade at RSA
- FBI embeds cyber-investigators in Ukraine, Estonia
- Tweet this: Social network security is risky business
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts