COLUMN

Corporate world takes kinder view of social networks

By Ron Condon 01 Feb 2008 | SearchSecurity.co.UK Security UK Tips and Expert Advice Digg This!     StumbleUpon     Del.icio.us

Reasons for banning social networking range from the waste of productive work time and also the potential for leaking confidential information. Recent security breaches at popular social networking sites such as Facebook only underline the dangers.

We are assessing the risks of social networking sites Brian Barber Head of Information Security, Standard Life

But in the opposite camp, there is a growing band of companies that feel social networking technology, and the use of other tools such as wikis, could actually help boost productivity, rather than reduce it. Their only question is how to do it in a secure way that does not expose the company.

One company considering lifting its ban is the insurance and pension company Standard Life. Speaking at a conference this week, the company's head of information security Brian Barber said the company was reviewing its current ban and "assessing the risks of social networking sites." He acknowledged there are potential benefits to be had from their use, but that it would need to be done carefully.

The change of heart at Standard Life is symptomatic of the wider mood. At another unrelated event in London, 20 companies got together to sign up for a new organisation, the Secure Enterprise 2.20 Forum, whose goal is to raise awareness, define best practices, and encourage the secure use of Web 2.0 technologies in the enterprise.

The Forum is the idea of WorkLight Inc, an Israeli-owned company formerly known as Serendipity Technologies, which produces software to deliver Web2.0 applications within the organisation. The company's head of marketing David Lavenda said his aim was purely to get the group started and 'turn it over to the user community."

The first meeting attracted security chiefs from some large companies in financial services, such as Standard Chartered Bank, Credit Suisse and Reuters.

"I was surprised at how open they were to the idea of letting staff use Web 2.0. One guy said we can only keep our finger in the dyke for so long. So they're really interested in exploiting new opportunities."

Simon Riggs, the head of IT security with Reuters, summed up the mood of the group in a written statement: "Web 2.0 solutions not only increase internal employee productivity and collaboration, but also enhance the interaction with clients using widgets and gadgets and other innovative solutions. This added-value cannot come blindly at the expense of security; you've got to consciously trade off the relative risks and benefits."

A second meeting takes place in the US in six weeks time, probably in New York, where 20 or more companies are already signed up to attend.

WorkLight's Lavenda said future funding and organisation of the group was yet to be decided, although one likely organisation to take charge of administration is the Open Group, which also runs the Jericho Forum and was present at the London meeting. The Secure Enterprise Forum is open to users and manufacturers.

BT partners with Blue Coat for secure Web 2.0

In a separate announcement, BT unveiled its own vision of how to make (secure) use of Web 2.0 by revealing a global deal with Blue Coat Software that will allow it to deploy and enforce fine-grained policies across its network to reflect local tastes and sensitivities.

"We see this part of our corporate social responsibility programme to be as flexible as we can be with staff," said Ray Stanton, who heads BT's global security practice. "It used to be that you either allowed all access or blocked all access. But customs and practice vary around the world so we have to reflect that." For instance, staff in the Middle East might need to be protected from some Western sites they might find offensive.

BT has completed 75% of a global roll-out of Blue Coat's ProxySG appliances to manage web usage, accelerate content and help manage bandwidth consumption. Stanton said the Blue Coat products give BT the ability to set policies down to a fine level of granularity, and to monitor web usage at a fine level.

"We want to encourage our staff to be innovative so we need to give them the right tools, and to trust them to use them properly," said Stanton. "The Blue Coat product will save us a huge amount of management time in managing policies around the world."

Tags: Web Application Security,  Data Protection Solutions and Strategy,  Virtual Private Network Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Adobe fixes critical Shockwave Flash Player flaw Web application firewall's value depends on what the effort you put in Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list Buying botnets: Underground network marks ominous 'milestone' How to tackle buffer overflow vulnerabilities and attacks A look at new SQL injection attacks Botnet platform helps cybercriminals bid for zombie PCs Security researchers develop browser-based darknet Month of Twitter Bugs project to document Twitter flaws Microsoft cracks down on click fraud ring Data Protection Solutions and Strategy Sourcefire to ignite new offerings for virtualisation security USB drive security project protects endpoints, aids CoCo compliance How to enforce an enterprise data leak prevention policy Companies underestimate Web 2.0, social networking threat, says survey RSA council addresses growing security risks in the cloud Attackers use ATM malware to steal track data, PINs CSA, Jericho Forum unite on cloud computing security message How to create a data classification policy Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert Organizations struggle with data leakage prevention, rights management Virtual Private Network Security How to integrate the security of both physical and virtual machines Companies tackle iPhone security with remote access features Q&A: Paul Dorey on DLP, deperimeterisation How to patch Kaminsky's DNS vulnerability Network telescopes: a vital tool in beating threats Covert channels could be funneling data out of your company Network access control will save public money in Nottingham Jericho Forum discusses deperimeterisation, COA guidelines Reading FC keeps email under control Healthcare org eases compliance with network monitoring

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary