Recently I spoke with an IT Executive within the U.S. armed forces who was discussing the importance for new recruits and younger soldiers to stay connected with friends and family using the tools they’ve grown up with, namely Facebook. He is concerned with denying access to technology that is ubiquitous among Generation Y and Z but has to weigh the security and other risks that come with loosening restrictions to the Internet.
This is a common issue even among private sector businesses trying to strike the right balance between security, employee productivity and access to the Internet and web-based applications. It will only get more challenging.
According to a Pew Internet & American Life Project survey, 73 percent of U.S. teens aged 12-17 use social networks, and a whopping 93 percent use a computer to go online. As the so-called iGeneration enters the workforce, the pressure to remove barriers to the Internet and web-based apps at work will increase. In addition, social media is increasingly becoming the way businesses market themselves, and engage with employees, customers and partners, and this trend will continue to escalate. Look at the Gap logo controversy, and the power of Internet users to influence a corporate decision.
It’s time to eliminate the security constraint from the equation so organizations can enable the apps and tools employees need to be successful in 2010 and beyond.
Rethinking the Security Question
Cybercriminals have invaded Facebook, Twitter and other social networks, and they will continue to use social engineering attacks to mine data. These exploits have been well documented. Employees — or soldiers for that matter — accessing such sites from work or with a laptop that connects to the corporate network do present serious security challenges.
But there’s a gap in how most organizations are approaching IT security that limits their ability to support today’s baseline web resources. Each year, nearly three million malware signatures are created in this never-ending cycle of the good guys chasing the bad guys. And it doesn’t work.
The recent ‘Here you have’ virus used a 10-year-old technique to compromise computers, illustrating the futility of negative security models that pit vendors against hackers in a race to combat each new attack variant. On the other hand, positive security models define what is allowed and rejects everything else. Advanced malware protection such as whitelisting technology stopped ‘Here you have’ and will prevent custom attacks that defy malware signatures.
The reality is that social media has changed the world and the workplace. Today 80 percent of companies use LinkedIn to find employees. Facebook reached 200 million users in less than a year, leapfrogging the adoption of the Internet, which achieved 50 million users in four years.
One recent customer came to Bit9 after disabling website browsing because they could not manage the risk of malicious software being introduced. After realizing this approach was untenable, the company deployed Bit9’s application whitelisting technology to define the sites users were allowed to visit and blocked all other by default. They have now restored user’s ability to openly browse websites, including social media sites, and have eliminated the risk of malicious payloads being dropped when browsing.
The Social Network generation is here, and they want their Facebook, Twitter and iPhones. Keeping this group engaged and productive at work means providing access to the tools that are ubiquitous to them as the telephone and fax machine are to Boomers. Anything less is shortsighted.
Security done right can allow more free access to online tools from work, without opening companies up to undue risks.