Tweets on Twitter, statuses on Facebook, and videos on YouTube ... social media's impact is significant upon the enterprise. IT sits in the middle of the whirlwind. This article will explore:
* The role of IT in securing and making available the social media galaxy
* Social media when made available as an enterprise's official presence, when utilized personally by employees or customers, and when utilized within the enterprise
As of January 10,2011:
* Facebook had more than 500 million active users emphasizing that its draw is hard to resist for most enterprises.
* Twitter claimed 175 million users and 95 million daily tweets.
* YouTube had 2 billion views a day.
These statistics represent the thousand-pound gorillas of social media sites. Many organizations are placing significant value upon these types of social media sites as a means to connect to customers and deliver content to employees and shareholders. Most are gravitating to these major players, placing their own presence in the social media world with the largest communities. Some organizations find social media so valuable, they bring variants of the more popular sites into their own intranets.
The shift of social media to the mainstream means that IT must adapt. In the past, social media sites were often blocked as attractive nuisances and time wasters, but for the many enterprises now embracing social media for marketing purposes and for distribution of content, access to these sites must be provided to employees. This creates two major concerns for IT: 1 ) protecting the organization from external and internal information security threats and 2) controlling bandwidth usage to maintain quality of service.
Providing Information Security
The role of IT, relative to information security is two-fold:
1. Defending the organization from threats outside the organization
2. Preventing the deliberate or inadvertent release of confidential information from within the organization
Protecting the organization from an external threat is a standard part of the mission of information security. The tools the organization uses to monitor threats and counter malware will generally be applied to threats originating from social media. Intrusion detection systems, antivirus software, and firewall logging can be utilized to counter any threats from social media sites.
Organizations can also utilize web filtering tools to limit or block access to social media sites or elements of those sites. Generally, mainstream social media sites have comprehensive security controls and robust security infrastructures. However, the scale of these sites increases the threat surface and opportunities for attackers to compromise the site or elements of the site, including content and applications associated with the site.
The threat from an organization's employees is focused on the release of confidential information, although information posted by employees about themselves can be utilized by an adversary to identify key employees to target with phishing or social engineering attacks. Employees can unknowingly release confidential information. It may be commonplace for them to discuss confidential information in the office and, as a result, casually post information about their work to Facebook or Linkedln.
In 2009, several bloggers mined public profiles on the Linkedln social networking site and pulled together a feature set for the then-unreleased Windows Mobile 7 operating system for smart phones. The feature set was based upon information that employees of several companies had posted to their profiles. In several cases, the information was not public, and one employee posted an internal code name for an unreleased product on his public profile.
Systems that monitor network traffic for keywords, product code words, or security classification phrases can assist in identifying inappropriate postings being made from within the organization to social media sites. …