Comments
By Pat Romanski
Matt McLarty wrote: For more info... Follow me on Twitter See our website
May. 2, 2012 03:40 PM EDT
Cloud Expo on Google News
Did you read today's front page stories & breaking news?

SYS-CON.TV: How Do You Minimize Unpleasant Surprises in Your Java Code? Guest Nigel Cheshire

SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Social Applications
The Values Proposition for Allowing Users Access to Social Networks
How does the risks compare to the benefits?

By: William McBorrough
Jun. 25, 2010 04:00 PM

What is the values proposition for allowing employees access to web 2.0 resources such as social networks?

Every other day, we hear about the risks. Compromised Twitter accounts, phishing via LinkedIN,  malicious Facebook apps were only a sample of an every growing landscape. Most enterprises, appreciating the threats these pose to an environment, simply deny access to social networks from company systems and networks.

Even within such organizations, there are user who need to access social networks to perform their job functions. LinkedIn has become a great tool for recruiting prospective new hires. More companies are using Twitter, Facebook, Myspace and others to promote their business an connect with customers.

But outside of that, is there a value in allowing employees, whose job function do not require it, access to social networks on company systems?

I’m prompted to ask this because last week I was at a meeting of the Northern Virginia chapter of the  Information Systems Security Association (ISSA-NOVA) and the speaker was the deputy CISO of the IRS, Devon Bryan. He spoke about how the IRS was dealing with the security challenges posed by Web 2.0, particularly social networking, Their current stance is to block all access except for those employees who job function required it. Most security  professionals would agree this is probably wise. However, he also added that they are looking at technology that would allow users to “view” social networking sites, but not allow them to “update” them. As he explained, or tried to, read vs. write/execute.

As this was an audience full of security professionals, it was quickly pointed out that drive-by malware downloads only require the user to browse the infected web page or one that is linked to an infected web page. To view is to infect, so to speak. There was then talk of how to mitigate that using virtual machines or proxies.

I have no doubt the technical challenges can be overcome. The hackers who now treat social networks as the new frontier will probably change tact to react as well. Besides wanting to keep employees happy, what’s the policy rationale for allow users to follow their subscribed tweets or friends updates? Never mind, the adverse effect this with have on productivity. Really, why bother?

Published Jun. 25, 2010— Reads 3,102
Copyright © 2010 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
Related Stories
▪ Largest Study to Date of Social Media Use by Business Professionals Reveals Inner Workings of Key Medium
▪ ClickInsights: What is the ideal length of a white paper?
▪ AOL Launches Access to Social Networks from New AOL.com
About William McBorrough
William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to multi-state financial sector organizations. He is also on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security risk management. His core competancies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Risk Management, IT Governance, Security Organization Development, Information Security and Assurance

Latest Cloud Developer Stories
By Roger Strukhoff
Yahoo Sunday finally cut a deal with Alibaba Group Holdings Ltd. It’s agreed to sell half its 40% stake back to the Chinese e-commerce company for at least $6.3 billion in cash and $800 million in preferred stock. Alibaba will also pay Yahoo $550 million up-front and royaltie...
By Patrick Burke
Cloud computing is creating the new Wall Street boom, according to NIA. The only industry that is as bright as cloud computing on Wall Street is social networking, NIA said in a recent report. 2012 will be known as the year cloud computing became widely adopted worldwide. Cloud ...
By Elizabeth White
Whatever your course, meet Cloud complexity head on with a unified approach to handle extreme performance, reliability, availability, and simplicity. In her session at the 10th International Cloud Expo, Ayalla Goldschmidt, Senior Director of Product Marketing at Oracle, will re...
By Marilyn Moux
As a Bronze Sponsor of Cloud Expo New York, Appcore is offering special passes to SYS-CON's 10th International Cloud Expo, which will take place on June 11–14, 2012, at the Javits Center in New York City, New York. Appcore manufactures the business of cloud computing. Appcore de...
By Steve Weisfeldt
Assuming you haven’t spent the last couple of years living under a rock, you’re bound to have been bombarded with all sorts of propaganda about “The Cloud.” “The Cloud,” according to the marketing types, is the greatest thing since the invention of bread, surely able to solve all...
MORE »
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
SYS-CON Featured Whitepapers
Most Read This Week
By Elizabeth White
By Jeremy Geelan
By Jeremy Geelan
By Jeremy Geelan
By Jeremy Geelan
By Jeremy Geelan
By Srinivasan Sundara Rajan
By Jeremy Geelan
By Jeremy Geelan
By Jeremy Geelan
By Pat Romanski
By Liz McMillan
ADS BY GOOGLE

Breaking Cloud Computing News
Wyse Technology, the global leader in cloud client computing, today announced that the Wyse P20 PCoI...
May. 21, 2012 05:06 PM EDT
MORE »