Richard Turner, CEO of Clearswift, looks at the security challenges being faced as a result of the increasing adoption of Web 2.0 in businesses and how good policy should be the cornerstone of a modern organisation's information security strategy.
Today's IT landscape is an ever-changing one. Chief information officers are expected to manage the latest technology alongside an ever-increasing focus on data security and an increasing array of legislation.
In recent years, Web 2.0 technologies have moved from being seen as emerging tools to now becoming something that most businesses accept they can no longer afford to ignore. Indeed recent research we undertook illustrated this significant mind shift amongst businesses to show that a majority (54 per cent) now feel Web 2.0 and other collaborative technologies are critical to the future success of their company.
Adrian Davis, principal research analyst at ISF, said that ‘social media is an extremely attractive target', especially considering one in 13 people in the world uses Facebook. Some proactive organisations have gone the extra mile and are actively making Web 2.0 a living, breathing part of their businesses.
Whatever their approach, the fact is that companies cannot afford to simply dismiss social media as ‘too much of a risk' when it can in fact be a competitive advantage and a genuine opportunity. However, it is clear that a new approach to security is needed in the new corporate world of Web 2.0 to ensure that an organisation's networks are not compromised and a firm's reputation is not damaged.
All too often companies have a ‘stop and block' approach when it comes to IT security, something that may be dictated by their own policies or a lack of capability in their chosen security solutions. However the traditional ‘stop and block' method is outdated, it does not take into account the varying requirements of departments. The technologies that only allow this approach fail to recognise that different businesses have differing attitudes toward risk.
In order to allow specific individuals and businesses the freedom to communicate in precisely the way they need, a more flexible approach supported by a firm policy is required. For example, a local council might wish to restrict employees' use of Facebook, but at the same, the council's benefit claims department may rely heavily on such sites as a valuable research resource to see where fraudulent claims may be occurring.
Good, clear policies combined with proper education and explanation around such documents should be the cornerstone of an organisation's information security strategy, providing consistency across all channels, whether email or the latest Web 2.0 social media tools.
Good policy should dictate how staff should use email and web technologies to communicate and collaborate and any restrictions that the company wishes to enforce. The most effective policies will also go on to give employees some understanding of the context of such restrictions to allow them to make informed and intelligent decisions about why and how something may be inappropriate online.
The implications of employees not understanding or adhering to IT policy are serious and it is vital that as well as clear policies and education, businesses implement security technology that ensures information which should not be leaving an organisation cannot be allowed to do so; whether that is via email, Instant Messenger, Facebook or LinkedIn.
Social media has had a massive impact on employees and businesses alike, you could almost say we are constantly ‘connected'. The explosion of sites such as Facebook and Twitter is continuing with new sites emerging all the time and quickly becoming a core part of many people's lives.
Whereas once social media was firmly pigeonholed in the ‘private' section of life, it is now widely recognised as a tool which people want to be connected to at all times. Ultimately, whether now for some people, or in a few years' time for others, such tools will be ubiquitous and companies that fail to keep pace will simply be in danger of losing out.
This is a classic case in certain situations at least, of businesses being paralysed by fear of risks they are not fully aware of. With intelligent security solutions and a common sense but comprehensive approach to policy, companies can be empowered to take advantage of new technologies and to reap the rewards of doing so.