Typically, the response is to fight technology with technology: That is, put up so many layers of firewalls, password protection and data encryption that your company becomes a virtual fortress. And, even throw in a “sandbox” that can snag up the hackers within a faux environment.
But, with more and more social networking and Web 2.0 services becoming part of enterprise operations, security gets even more complex. A new survey out of Ponemon Institute finds 80 percent of 2,100 IT security administrators believe social networking, Internet applications and widgets “have significantly lowered the security posture of their organization.” (An executive summary of the survey findings is available.)
There's nothing new about the security threats Web 2.0 presents. The respondents’ fears are about the usual suspects: viruses, malware, botnets and workplace inefficiencies.
So is it time to buy and throw up the next generation of security solutions, some of which may not even be developed enough to handle all the exposures Web 2.0 brings? Is it enough to keep fighting technology with technology?
Or, perhaps, it’s time to fight Web 2.0 with Web 2.0, which means taking user-empowered networking and securing it with user empowerment. In the report, Ponemon recommends putting employees themselves in charge of security issues. More than half of U.S. respondents believe the most responsible party for minimizing Web 2.0 security risk should be the end-user, followed by information security (CISO) and corporate IT (CIO).
Of course, you can't just hand security details to the end users and tell them to deal with it. Training and education are needed to keep users aware of the threats and the consequences. In the survey, the security executives expressed reservations about the abilities of end users to manage this.
But having end-users take more responsibility for the security of their activities makes perfect sense. We can't afford to have police watching every mile of highways for traffic violators—we rely on the common sense of every individual driver to keep themselves in line and driving safely. (And this works most of the time.) Likewise, as end-users become more self-directed, and either engage in online communities or build their widgets, we need to rely on their better judgment to avoid security mistakes. That's where the training comes in.
This article can also be found at InsuranceNetworking.com.
Joe McKendrick is an independent consultant, author, blogger and frequent contributor to Insurance Networking News specializing in information technology. He can be reached at joe@mckendrickresearch.com.
Be the first to comment on this post using the section below.