Aujas US

An IDG Ventures Company

Right to Internet Use

social networkingThe United Nations advocates making “Right to Internet Access” a human right, one which countries such as Estonia, France, Finland, Greece and Spain have already implemented. This got me thinking about how we would look at “Right to Internet Use”, e.g., social networking.

We all know the power of social networking, its adaption and growth. According to Facebook, more than 500 million users spend over 700 billion minutes per month on the site. However, not many of us could have imagined its impact on reshaping the political landscape of countries. Perhaps the most talked about example is that of a 26-year-old woman, worried about the state of her country, who wrote on Facebook, “People, I am going to Tahrir Square”. The message soon snowballed into a movement to oust Egyptian President Hosni Mubarak. As another example, China’s reaction to what is called the “Jasmine Revolution” was swift, with filtering and monitoring on popular social media websites and services.

The buzz is about the CSM (Cloud, Social Media, Mobile) phenomenon which is reshaping the Internet world. It’s already established that social networking has overtaken search as the primary reason for users to access the Internet. Facebook has more than 200 million active users who use mobile for access, and these users are twice as active as non-mobile users.

Consumerization of the Enterprise, combined with the CSM phenomenon and recent political events, make me feel that this is not just about adaption of new technologies but more about changes and impact on the history of mankind. It’s not just about using new technologies and models to provide better services at lower cost to a larger user base. It’s about a medium to communicate, participate and influence changes in the world.

One can think of several positive and negative uses of this phenomenon. If used well, it can bring about necessary changes and revolutions. But it can also be used to spread panic and lead to concepts like “social networking terrorism”.

The CSM phenomenon is too strong and important to be ignored. Would censoring of this medium be possible? Like the Internet, CSM could be considered as a human right, leading to positions on “Right to Internet Use”.

At an Enterprise level, blocking and not adopting CSM is a risk management control which is not sustainable. Users and business would not accept this posture. We need to find answers for the two main reasons why some Enterprises are staying away from adoption of CSM, which are “Confusion and Fear”.

Advertisements

February 23, 2011 Posted by | Cloud Security, Enterprise Security, Social networking | , , , , , , , | Leave a comment

5 Hot Topics in Information Security for 2011

Hot topics in information securityAccording to the Aujas information security experts, these are the five crucial security topics that should be on the radar for business executives in 2011:

Data Governance and Data Leakage Prevention (DLP) – Some executives believe their employees know exactly what data should be protected and what data can be shared via website, conversation or social media.  These executives have a false sense of security. Many companies still do not have a strong data classification program or policy in place to educate employees on what is critical to an organization and what is not.  Some execs may also think that having a DLP tool and plugging it in is the answer. That’s like plugging in a power saw and saying you can build a house! Having a tool and knowing how to use it effectively are two different things.

Tip: Find a champion to drive your data governance and loss prevention initiative.  If your company has a CISO, this person is the most logical one to take on this role. If not, you can assemble a small team of stakeholders to work with guidance from a third party who specializes in information risk management.

Application Security – With so many applications being developed and used in companies of all sizes, some are being created without security in mind.  Some technology companies have a need to be the first on the street with a new application and are bypassing Security Development Lifecycle (SDL) protocol. They are thinking about security after the application is released and, sadly, are finding that they are spending more money to fix the application.

Tip: First perform a penetration assessment on your company’s critical applications to identify vulnerabilities. Then be proactive!  Create a framework in which security is part of the SDL.

 Social Media – The intentional and unintentional release of sensitive information via Facebook, Twitter, etc. can affect your company’s bottom line.  Your intellectual property may wind up on an underground website or, if your secrets are shared with the world, you may not be first to market with your new product or service. 

Tip: You don’t need to declare social media off limits to your employees. It is an important business tool that is not going away.  You do, however, need to understand the risks of social media, and make users aware.

 Cyber Security – Over the past year, more organizations have come to understand that there is a very real cyber security threat in the US and that the US Government cannot take care of every threat-related issue. Your company needs to develop a strong internal and external security programs to protect it.

Tip: Putting in place a robust information risk management (IRM) program is essential so that your stakeholders understand the people, process and technology risks and how they can affect your access, availability, and agility to conduct business.

Phishing – Hackers continue to use phishing, a type of social engineering, to solicit information from individuals.  Though the incidents of phishing were down in the second half of 2010, the attacks continue to get more and more sophisticated. 

 Tip: Perform a phishing diagnostic so that you are aware of the threat, specifically who in your organization is susceptible to this type of attack.

Aujas can help your company manage risk from these threats. Contact Karl Kispert, our Vice President of Sales, to learn more. He can be reached at karl.kispert@aujas.com or 201.633.4745.

January 24, 2011 Posted by | Data Leak Prevention, IT security, Phishing, Risk management, SDL, Social Engineering | , , , , , , | Leave a comment