Facebook, Twitter, LinkedIn: Security Pros Warm to Web 2.0 Access
The view of many popular Web 2.0 web sites has morphed from work no-no to job necessity. Now more security pros are allowing employees to use them in the office
By Joan Goodchild , Senior Editor
March 04, 2009 — CSO —
Clearwater, Florida- Facebook, LinkedIn and Twitter, once viewed as high-risk, productivity-sucking applications, seem to have wiggled their way into the hearts of security teams nationwide. In fact, most organizations no longer block the popular web sites and allow employees to access these Web 2.0 applications at work, according to a new survey from the Security Executive Council.
The research, which was released this week at the CSO Perspectives conference, reveals 86 percent of organizations who responded to an open poll on the council's web site said they do allow workers to use Web 2.0 applications, such as Facebook, LinkedIn and Twitter, while on the job and/or with a company-issued computer (See also: 3 Ways Twitter Security Falls Short).
The topic of social networking and work access was the subject of a spirited discussion among professionals who attended CSOP, a three-day event in Clearwater, Florida. Some in attendance pointed to Web 2.0 access as a necessary recruiting and retention tool.
"We talk about Web 2.0, but there is also a concept I call Employee 2.0," said Mark Small, vice president of enterprise sales with Websense, a security software provider based in San Diego."If you go out and try to hire some kids now, they ask: 'Can I have access to Facebook at work?' If you say no, they will go and work for someone else."
Small, in a presentation on Web 2.0 applications, noted among major employers in the United States, IBM currently estimates the company has 33,000 Facebook accounts among employees (See also: Slapped in the Face: Social Networking Dangers Exposed).
CSOs and CISOs that allow access to Facebook, LinkedIn, Twitter and other social networking sites were the majority voice in a panel discussion on the topic. Leslie Lambert, CISO of Sun Microsystems, said social networking sites have become a standard part of her hiring process.
"How many of you have hired someone recently without looking them up first on LinkedIn?" she asked the audience. Very few hands went up in response.
Those who restrict access in their organizations were also vocal on their reasons for holding out. Chief concerns included a potential hack or breach of company information because social engineering scams have become common on Facebook, Twitter, MySpace and other similar sites (See also: Dirty Tricks: Social Engineers' Favorite Pick-up Lines).
Derek Benz, CISO of Honeywell, said another concern is potential damage to the company's reputation.
"Many people form groups associated with their company on these sites and the company can not necessarily control what is said in those groups."