Social Media Impact on Enterprise Security


For some reason, the image of King Canute keeps popping up time and time again as I think about the corporate adoption of technology.

If you don’t know who Canute was, he was the monarch whose advisors thought he was so great that he could command the waves of the sea to stop in their tracks.  He seated himself by the water’s edge, and proved that he could not.

Canute’s advisors would be right at home in many corporate IT departments.  You know them:  the ones who, over the last 15 years, said that they didn’t want end-users to access the Internet at work, or that mobile devices such as laptops or smartphones should not have access to the network.  In each case, Canute proved them wrong.  The end-users realized that the adoption of that technology made them more productive, which made them and their companies more profitable.  And they found ways to make it work, turning those who railed against the technology into de facto Luddites.

Well, they’re at it again.  A new survey shows that one-quarter of all workers access social networks while they’re on the job.  The survey reports, however, that “laptop users who can connect to the Internet outside of the company network are more likely to share confidential information via instant messenger, webmail, and social media applications than those who are always connected to a company's network.”

Inevitably, there will be those well-meaning IT personnel who argue that networks like Facebook, instant messaging, Twitter and more should be blocked within the corporate firewall, and that applications enabling them should be banned from all corporate devices.

As Canute…and untold thousands of workers…have proved, that won’t work.  The survey recommends that organizations create security policies governing the on-the-job use of social networking by its employees, and then monitor and enforce those polices to safeguard employees as well as sensitive data.  The survey concludes, “trying to just prevent users accessing social networks from work could potentially increase the risk to an organization, as users look for ways around computer security, possibly increasing the chance of exposure to security threats."

So, if you’re in IT security, your challenge is clear: you now have one more thing on your plate to monitor.  If you outsource your infosec infrastructure, make sure your service provider has the means to do so as well.  And actively communicate with your provider as well as throughout your organization, letting people know what your game plan is to enable the responsible use of social networking as a business tool.   As you have figured out, this needs buy-in from all segments of the company.

But don’t merely say “no.” Doing that will have you end up looking like one of Canute’s advisors.  Or a Luddite.  Or an ostrich.