In a recent post for ReadWriteWeb (3 Ways Social Media Can Put Enterprises at Risk), I outlined a few IT security \u201cblind spots\u201d that many companies are currently trying to address when dealing with social media applications. As last week's blog post on our Application Usage and Risk Report findings pointed out, I am convinced that social media is here to stay in the enterprise. To expand upon the points I made in that article, I\u2019d like to add a few additional details to expound on my opinions around approaching these \u201cblind spots\u201d.<\/p>\n
On basic user education: It helps, but we\u2019ve seen time and again that hackers can always count on user behavior to provide the openings they need to penetrate network defenses. <\/p>\n
On SSL, being a double-edged sword: On the one hand, as an end user, SSL encryption is often the only thing protecting your connection to web applications and services, which is particularly important if you\u2019re using a public or poorly-secured Wi-Fi network. Several high-profile social media account hacks, advocacy by consumer-protection groups and the introduction of freely-available packet sniffing tools (such as Firesheep) drove home the importance of encryption for all kinds of web services. However, on the other hand, ongoing problems with certificate authorities themselves only emphasize the point that just because traffic is encrypted doesn\u2019t mean that it\u2019s safe. In addition, SSL can actually increase the risks to your organization because this same encryption hides your users\u2019 traffic from all the (expensive) hardware and software in which your company has invested to protect users on the company network \u2013 unless they\u2019re using a next generation firewall. Here\u2019s where IT can take the lead role by ensuring that their network defenses have deep visibility into all network traffic, including SSL.<\/p>\n