Enterprise network security strategies in Web2.0 context.
I found an excellent article that addresses some of the issues surrounding network security in the age of social media and collaborative online spaces. Almeida (2012) describes how Web 2.0’s characteristics create great opportunities, but also some vulnerabilities, specifically how some protocols are harder to detect and how some content can be delivered in different ways. Sites with dynamic content creation (non-static) may be safe one time, but not another.
Consequences and Strategies
He goes on to outline possible legal and financial impacts from such content highlighting the need to create an effective security strategy. The strategy, he suggests, should be based in policy but supported with technology. Policies created after broad consultation should reflect enterprise philosophies but address particulars in enough detail so as to be actionable.
Almeida identifies eight approaches that together allow access to social media and minimises exposure to malicious content:
A. Application control list: examines network activity for signs of traffic from disallowed destinations.
B. Application traffic shaping: limits available bandwidth for particular applications
C. Monitoring and review: analysis of network traffic logs can reveal usage patterns
D. Browser settings: should be set to maximize security (https)
E. Anti-malware software: deep scans for both inbound and outbound traffic
F. Authentication: password management, two-step verification, token-based or biometric passwords
G. Avoid clickjacking: logging out of applications and minimising cookie longevity
H. Data loss protection: software solution that monitors data use and patterns to reveal suspicious actions
What I appreciate about Alemeida’s approach is that it recognizes the value of social media and it’s potential for positive contributions to an enterprise seeking to make it a safe experience. One thing that is explicitly missing from his list but is implied elsewhere in the article is the importance of education and training. Controlling the technology puts interventions in place, but controlling for the human element offers preventative protection.
Almeida, F. (2012). Web 2.0 Technologies and Social Networking Security Fears in Enterprises. International Journal of Advanced Computer Science and Applications, 3(2), 152–156. Retrieved from http://search.arxiv.org:8081/paper.jsp?r=1204.1824&qid=1415955980764mix_nCnN_-677970468&qs=%22social+media%22+security