{"id":242,"date":"2009-06-26T10:39:03","date_gmt":"2009-06-26T18:39:03","guid":{"rendered":"http:\/\/blog.paloaltonetworks.com\/?p=242"},"modified":"2010-03-24T07:29:45","modified_gmt":"2010-03-24T15:29:45","slug":"social-networking-for-business-reasonswhat-about-the-risks","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2009\/06\/social-networking-for-business-reasonswhat-about-the-risks\/","title":{"rendered":"Social Networking for Business Reasons...What About The Risks?"},"content":{"rendered":"<p>Matt blogged earlier about <a href=\"http:\/\/blog.paloaltonetworks.com\/?p=224\">Haworth adopting various and sundry social networking applications<\/a>.\u00a0 Haworth is a perfect example of an organization that is a bit ahead of the curve - adopting these applications for business reasons, yet managing the inherent risks.\u00a0 More thoughts on that:<\/p>\n<p>Any organizations that are not yet diving into social networks headfirst will be doing so shortly.\u00a0 There are lots of legitimate business reasons to embrace social networking applications - seems like lists of why you should engage are cropping up weekly - <a href=\"http:\/\/www.examiner.com\/x-8160-San-Diego-Social-Media-Marketing-Examiner~y2009m6d25-The-Top-20-Business-Reasons-To-Use-Social-Media-Marketing\" rel=\"nofollow,noopener\" >here<\/a> most recently, but marketers also salivate over the sheer size of the audience - <a href=\"http:\/\/www.zooped.com\/2009\/06\/20\/43-of-internet-users-now-on-social-networks\/\" rel=\"nofollow,noopener\" >here<\/a>.\u00a0 <!--more-->Mostly, organizations are interested in new, fast, cost-effective marketing channels, customer intimacy, and reaching a new generation of consumers (although social networking adoption is rapid among the over 55 set - with 19% of over 55 Internet users participating).\u00a0 Some organizations embrace these apps for purely employee culture reasons.\u00a0 It is worth noting that many organizations don't quite know what they're going to get out of the experience - so there is a tremendous amount of experimentation.<\/p>\n<p>In most organizations, information security professionals cannot (and should not) stand in front of the social networking steamroller, but instead help their organizations manage the risks associated with social networking applications?\u00a0 But what are they?\u00a0 And how does one manage it?<\/p>\n<p><strong>Step 1:\u00a0 Understand the Risks.<\/strong>\u00a0 Worms like Koobface have been discussed extensively.\u00a0 Obscured or shortened links leading to phishing scams or malware are the current darling of the press.\u00a0 Legitimate accounts are being hacked to <a href=\"http:\/\/www.darknet.org.uk\/2009\/06\/twitter-hack-spreads-porn-trojan\/\" rel=\"nofollow,noopener\" >spread trojans to followers<\/a>.\u00a0 Some organizations have concerns about employee productivity drain, compliance issues, or the potential for data loss.\u00a0 The most interesting (and dangerous) piece though is summed up nicely in this <a href=\"http:\/\/www.securityfocus.com\/brief\/977?ref=rss\" rel=\"nofollow,noopener\" >SecurityFocus piece<\/a>, and is historically consistent with the dynamics associated with other types of communication technologies upon initial adoption (e.g., email, IM) - that the hundreds of millions of users of social networking applications are far too trusting of interactions that they have within the medium.<\/p>\n<p><strong>Step 2:\u00a0 Manage Risks.\u00a0<\/strong> So given that information security professionals can't\/shouldn't stand in the way of this steamroller (<a href=\"http:\/\/www.youtube.com\/watch?v=qLlUgilKqms\" rel=\"nofollow,noopener\" >that scene in <em>Austin Powers<\/em> comes to mind<\/a>), and that enterprises will be experimenting heavily, what can be done?\u00a0 First, understand what's going on.\u00a0 Most organizations guess, try to glean bits of information from various security components, but don't REALLY know what <a href=\"http:\/\/blog.paloaltonetworks.com\/?p=153\">applications are running on their networks<\/a>.\u00a0 Second, work with the business to create policies that enable the business to experiment, innovate, and realize the benefits of social networking applications - but limit the exposure to the aforementioned risks.\u00a0 In other words, don't ban the apps unilaterally, but limit use by user, group, application function, time, or content (threat, confidential data, etc.) - to ensure benefit without taking on undue risk.\u00a0 By the way, because we're still in the experimentation phase, these policies are going to be pretty dynamic for a while.\u00a0 Third - get control over which applications are running on your network (enforce those policies).<\/p>\n<p>Social networking applications are here to stay, and will be part of various business initiatives (we just don't fully understand how yet).\u00a0 Don't get hit by the steamroller.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lots of marketing pundits are pushing their constituents to social networking - potentially accelerating a wave of enterprise social networking adoption.  What about the risks associated with these applications?<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[33],"tags":[31,25],"coauthors":[],"class_list":["post-242","post","type-post","status-publish","format-standard","hentry","category-application-advisoryanalysis","tag-application-control","tag-social-networking"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=242"}],"version-history":[{"count":3,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/242\/revisions"}],"predecessor-version":[{"id":940,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/242\/revisions\/940"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=242"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}