New Technologies vs Business Security

It’s a diffcult balance to achieve, especially in the current economic climate, implementing technologies such as social networking sites and cloud computing, plus at the same time sustaining IT security and providing flexibility.

At a panel held at the SOURCEBoston Conference on 11 March, leaders from the security and business communities recognised the challenges facing organisations in giving their workers all the tools that they seek to communicate and take advantage of emerging applications such as social networking, while at the same time protecting their IT operations from all the potential attacks lurking on today’s computing landscape.

In a conversation aimed at defining the biggest issues facing organisations to that end, properties like Facebook became one of the central elements of the debate as panelists and attendees discussed the merits of allowing users to embrace such applications, versus all of the security risks that they might introduce.

Beyond social networking, emerging IT movements including cloud computing were also scrutinised heavily for the benefits they provide, compared with the potential problems they could eventually foster.

As always, businesses must in the end decide whether or not they are willing to accept the risks related to every IT system and application that they allow their users to access, the experts agreed. However, the reality of trying to account for every use case and control the behaviour of every employee to maintain optimal security – while allowing for the adoption of newer technologies – remains a daunting task, especially as users beg for the ability to utilise tools like social networking sites to ramp up their productivity, they said.

“If you allow your employees to advertise their place of employment on Facebook, you’re opening yourself up to potential attacks,” said Adriel Desautels, a senior partner and co-founder at security consulting specialist Netragard. “An application like Facebook enables potential criminals who want to get into your business to use your employees to do so via social engineering; there will never be a solution to social engineering, but you have to have boundaries.”

Forbidding workers from naming their employer on places like Facebook and MySpace is one step companies should take to lower their risk to targeted attacks, but those organisations who seek a maximum level of security should also try to keep as many productivity applications as possible under their own control, using internal messaging systems versus commercial tools, the consultant said.

While affirming the interesting new challenges posed by such popular applications, one of the biggest problems in containing security risk these days is a much more traditional quandary, that being, trying to prevent unwanted access to your systems in the midst of layoffs and the sporadic economy, business leader countered.