Tweet this: Social network security is risky business
Panel discussions at RSA focus on a more social attack vector
Computerworld - SAN FRANCISCO -- Businesses are still trying to figure out what to make of social networking. The knee-jerk impulse at some companies is to ban its use because it's insecure and seen as unproductive, while at others it's viewed as, in fact, the way a lot of people now get work done.
The debate gets into familiar territory -- balancing business benefits versus risks -- and some that's not so familiar: Is a new generation in the workforce wired differently because of Facebook and Twitter?
"It starts way before college," said Gillian Hayes, a University of California at Irvine professor who took part in a panel at this week's RSA Security conference. "The emphasis is on 21st century skills, solving problems creatively; kids solve problems by mashing up bits and pieces."
Hayes' panel addressed "Lifestyle Hacking: Social Networks and Gen Y Meet Security and Privacy."
There's a growing generation gap between those who have grown up immersed in the Internet and those who think using social network sites is no more productive than spending work time surfing e-Bay, Amazon, ESPN.com, or, for that matter, porn and gambling sites. Companies often cite productivity, even more than security, as the prime reason for banning social networking.
"There are baby boomers like me who think the road to productivity is through single focus, one thing at a time, said Jim Routh, a consultant for Archer Technologies. "In reality, those brought up on the Internet are accustomed to using multiple media-rich environments productively. The older generation separates the work and the social, but the technology is so pervasive, there is no separation anymore."
Some companies are responding by allowing social networks for specific business initiatives, such as marketing and sales. Even then, however, people who were raised with technology often find ways to break through work-imposed barriers, tunneling through Web proxies or getting to Facebook using Google.
Not surprisingly, this puts security people in a tough place. They're under pressure from employees, business managers and, sometimes, upper management to find a way to bring social networking in securely. Even for security mangers who understand risk assessment in a world in which business is often powered by access to a global network, social networking is still risky business.
"We spent so many years locking things down," said Frank Waszmer, information security architect at Florida-based Health First. Waszmer was part of a panel discussing "How CIOs Protect Their Data in A Web 2.0 World."
"It took a long time to convince management to tighten things up," he said. "You have to make sure management is on board to the risk of opening up."
- Security execs express surprise over CISO's firing following RSA talk
- Security industry faces attacks it cannot stop
- Pennsylvania fires CISO over RSA talk
- Google attacks, Web 2.0 fuel FUD at RSA
- Analysis: Does the storm over cloud security mean opportunity?
- Microsoft's tax-for-hacks 'horrible' idea, say security experts
- FBI Director: Hackers have corrupted valuable data
- CISOs rain on cloud-computing parade at RSA
- FBI embeds cyber-investigators in Ukraine, Estonia
- Tweet this: Social network security is risky business
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts