Live blogged from the Enterprise 2.0 conference in Boston
From the program – "It’s IM all over again!" as public services such as Google Docs, Twitter, Facebook, and MySpace increasingly cross from consumer into enterprise. As these tools become legitimate business services for marketing and collaboration, IT must determine how to move from blocking to supporting their use in a manner that’s consistent with requirements for data loss prevention, security, compliance, and management. During this session we’ll explore the challenges in bridging private and public worlds, as well as mitigation strategies to enable use of public services while minimizing potential threats.
Irwin Lazar, Vice President, Communications Research, Nemertes Research
Kailash Ambwani, President and CEO, FaceTime
Mani Gill, Vice President, OnDemand, SAP Business Objects
Sam Curry, Vice President, Product Management, RSA, The Security Division of EMC
In the past a large number of companies, when asked about instant messaging, claimed that they block it. Today, with a new generation coming into the workforce completely used to using many social sites, most companies have given up trying to block and have instead moved into moderating behaviour rather than outright blocking.
IT managers positioning towards Web 2.0 is much more open than many people think contends Ambwani – he reports that across a couple of hundred thousand enterprise end users the average worksite had 95 different social networking sites used. They track over 900 social network platforms. On Facebook alone the average enterprise site will have 98 different Facebook applications within its site. People are looking for a free unimpeded flow of information and are going to the place where they feel they can get that – increasingly that’s not email or IM, it’s instead Twitter and Facebook.
Two things are going on here – regulations are getting more strict while at the same time generational and technological change are making the separation of work and home somewhat artificial. Gen Y blurs the distinction between at work and at leisure – trying to force them into one way of working is impossible. Don’t look for a panacea to this problem, understand how things ebb and flow – work on mitigating risk.
There is no longer one single repository – data is stored in myriad different places and people realise that – data storing and logging is increasingly difficult or even impossible.
Separate accidental loss from intentional loss from external access loss. Accidental loss is more readily mitigated against. Intentional loss is more difficult. The mission should be to raise the cost of access for malicious parties to such a point that the risk is mitigated to a reasonable level – it’s a cost vs return discussion. Security/compliance done right should be transparent to end-users
Everyone wants to know: How can you help me safeguard the data regardless of the platform? A comment at the height of “oh really?”, a large financial services firm announced this morning that Facebook, Twitter, MySpace etc are all electronic communications and must therefore be monitored.
A survey asked if the social generation “is networking or not working” – content leakage was the biggest issue followed by brand image. Surprisingly enough productivity was a very low concern within enterprise. Every action and inaction has a risk and a reward – organisations need to balance that when looking at security. Choosing not to adopt a social tool may have a negative impact on the business.
Like all things this is a risk versus return decision and knee jerk reactions are unhelpful and potentially detrimental.