Thursday, August 19, 2010
Monday, August 16, 2010
Social Networking and Security Compliance
Social-networking application like Facebook, MySpace, Twitter, Flickr, Wikipedia and LinkedIn has turned the very old sociological phrase into the hot buzzword of the recent times. Long crossed are the silly questions like, what is social networking? How popular are social-networking application? Does social networking site bring value to an organization and individuals? There are plenty of studies and reports which talks about the popularity and usefulness of such applications. It was even reported that the top 20 most visited Web sites in the world are social-networking sites.
It has been a while; the world has accepted that the social networking as an extremely important tool both for personal and professional-relationship building. These applications are capable of delivering significant business value in the form of increased employee productivity, faster time to market, reduced customer support cost etc. But the downside is that the same applications can also introduce substantial risks to any organization, including data leakage, identify theft, malware and other threats.
With studies finding more and more number of people using sites like Facebook and others at work increasing, the companies have also long started worrying about the loss of employee productivity, loss of business data, loss of personal identities, which in turn can allow intruder to exploit corporate network or inject malware. Finding the right security solutions became a paramount importance to corporate IT departments. And with more and more of IT work force using laptops and using internet outside the company network it becomes even more challenging. To spice even further, lot of organization are ISO 27001 and BS7799 certified, which mandates the organization not only to put security policies in place but also demonstrate their effectiveness. It all boils to the fundamental question, how secure and controlled are the organizations which allows their people to cope with the technology advancement.
With many corporate IT departments going and/or exploring the quick-fix route “Use Firewall/Web filtering service to block social networking site”, I think it is the high time for the organization to take the right step which is Enablement and Governance than choosing to close the eyes and wishing these issues will go away in the near feature.
Enablement is all about educating the end users as well as the IT departments about the benefits of the right social networking application (No application add value to everyone in the same proposition) & its usage. Enablement is also about the increasing the awareness about the risk associated with these applications.
Governance is not only about defining smart social networking policies for one time, but continuously following what various established model like CMMI preaches - define-implement-monitor-improve. The policies centered around managing risk rather than avoiding risk.
With the executive managment buy-in and with awareness and governance in place, IT department can effectively play the role of moderator/enabler between tech savvy user and security concerned senior management by continuously monitoring and customizing the policies while providing their user optimum web access and their business the ablity to reap technology benefit in a secure way.
Question to the think about:
What level do you think, your organization is committed to social networking? When it comes to security compliance, which side do they fall: one which bans everything or one which has policies tailored towards social networking or one which bet on their people and their common sense? If you are on the liberal side, what measures does your organization take to make you environment secure.
It has been a while; the world has accepted that the social networking as an extremely important tool both for personal and professional-relationship building. These applications are capable of delivering significant business value in the form of increased employee productivity, faster time to market, reduced customer support cost etc. But the downside is that the same applications can also introduce substantial risks to any organization, including data leakage, identify theft, malware and other threats.
With studies finding more and more number of people using sites like Facebook and others at work increasing, the companies have also long started worrying about the loss of employee productivity, loss of business data, loss of personal identities, which in turn can allow intruder to exploit corporate network or inject malware. Finding the right security solutions became a paramount importance to corporate IT departments. And with more and more of IT work force using laptops and using internet outside the company network it becomes even more challenging. To spice even further, lot of organization are ISO 27001 and BS7799 certified, which mandates the organization not only to put security policies in place but also demonstrate their effectiveness. It all boils to the fundamental question, how secure and controlled are the organizations which allows their people to cope with the technology advancement.
With many corporate IT departments going and/or exploring the quick-fix route “Use Firewall/Web filtering service to block social networking site”, I think it is the high time for the organization to take the right step which is Enablement and Governance than choosing to close the eyes and wishing these issues will go away in the near feature.
Enablement is all about educating the end users as well as the IT departments about the benefits of the right social networking application (No application add value to everyone in the same proposition) & its usage. Enablement is also about the increasing the awareness about the risk associated with these applications.
Governance is not only about defining smart social networking policies for one time, but continuously following what various established model like CMMI preaches - define-implement-monitor-improve. The policies centered around managing risk rather than avoiding risk.
With the executive managment buy-in and with awareness and governance in place, IT department can effectively play the role of moderator/enabler between tech savvy user and security concerned senior management by continuously monitoring and customizing the policies while providing their user optimum web access and their business the ablity to reap technology benefit in a secure way.
Question to the think about:
What level do you think, your organization is committed to social networking? When it comes to security compliance, which side do they fall: one which bans everything or one which has policies tailored towards social networking or one which bet on their people and their common sense? If you are on the liberal side, what measures does your organization take to make you environment secure.
Subscribe to:
Posts (Atom)