Rise in social media in workplace poses risks, report says

Tuesday, April 13, 2010 @ 06:04 PM gHale


Social media is the talk of the town these days, whether it is at home or in the office and with the increasing use of the technology has enterprise administrators sitting on pins and needles.

A new report is now urging security professionals to take measured steps to reduce social media risks, rather than outright ban employees from visiting social websites.

The adoption of social media in enterprises has doubled in the past year from 11% in 2008 to 22% in 2009, said Khalid Kark, vice president and principal analyst at Cambridge, Mass.-based Forrester Research Inc., which just completed the survey. Kark said those numbers will continue to climb.

“There is adoption of social media going on, and it is getting slightly more acceptable to use some of the social media sites at work,” Kark said. “The rate of this change is very significant. We’re not talking about a 5% or 20% increase; we’re talking about this total doubling in one year.”

The Forrester report, entitled “Twelve Recommendations For Your 2010 Information Security Strategy,” shows how taking a careful and measured approach toward planning an information security strategy could help address skyrocketing social networking use and insulate enterprises against the threats they pose.

The expanded use of social media within organizations may be causing some chief information security officers (CISOs) to rethink the way they protect sensitive data, including intellectual property. Kark said one CISO likened the increase of social media to a “freight train coming, and we have to figure out what our defenses are going to be, or else we’re going to be crushed.”

“If you allow social media in your environment without any defenses or controls, than yes, that is going to increase your risk,” Kark said. “There’s a fine balance at play here.”

Kark breaks down his recommendations into three subsets: change in technology, change in business expectations, and change in (security data) ownership. IT teams can no longer say they “own” data, especially with the increased use of outsourcing operations to third parties, Kark said. He added security operations are also outsourced and organizations need to set expectations to ensure they are properly protecting data.



Leave a Reply

You must be logged in to post a comment.