Enterprise 2.0: securing the un-securable

Social tools in the enterprise environment can basically be divided into two categories: internal and external.

Socially-enabled intranets bring organizations a plethora of advantages for unleashing the power of creative communities, capitalizing on the social dimension of employees and as a result improve their market position, offering products which better reflect market demand.

By using external social media tools like Twitter, Facebook and LinkedIn, the Two-Point-0ed enterprise enjoys better interaction with opinion leaders, prospects and the entire community, increasing sales and getting valuable feedback.

There will always be the difficulty of finding a balance between business opportunities and the accompanying threats that arise with each step in making the enterprise more social. Intranet security issues are normally solved in the process of software implementation. The case with external social media tools is much different.

The cornerstone of an effective security strategy is based on a simple approach: disable everything and then enable selected services. Each service should be carefully evaluated as an integral part of the enterprise-wide security policy. In other words, the service must be evaluated in connection with other available services to understand the possible drawbacks which could later to be introduced in general security. In fact, this process reminds me of combinatorial analysis with generic summary and development of a general security policy.

Each new social media opportunity entails a plethora of security issues that can lead to serious threat to enterprise security. The nature of social media-borne viruses, hacker attacks, spam, application vulnerabilities and malicious social engineering is a bit different and requires a major adjustment of the security policy. The most important points include:

• Web filtering
  Adopt social media traffic filtering to block specific malware and hacking techniques
• Patch management
  Track social media-specific vulnerabilities and update the patch management policy with appropriate measures to keep external social applications free from security drawbacks
• Service compliance
  Carefully evaluate the weak points of external social media tools with other web services used in the company to avoid blended attacks
• Code of behavior
  Develop an enterprisewide social media policy to avoid unintended data disclosure or damage to the organizations reputation
• Training
  Educate employees about the common security threats they can encounter with when using social media.

In his recent blog post, Joe McKendrick analyzed the Enterprise 2.0 security challenges and concluded: "Enterprise Web 2.0 adoption is so widespread and end-user driven that only end-users themselves can keep security in check."

I admit that user education is very important as the human factor is the weakest link in the security chain. However, I doubt that an average user can be that professional in tackling the security issues effectively. On the contrary, the enterprise should be the driver of implementing proper security measures and conduct a comprehensive social media security policy. Specifically, the policy must bring together new marketing opportunities and protection of digital assets to capitalize on the social effect and minimize the threat.

Well, the surest way to solve the social media security problems is just to block this tool. But following this logic, wed end up sacrificing all other IT and return to the Stone Age. Enterprises shouldnt neglect the evident advantages of social media but rather update their security policies with proper tools and policies.