Security pros get social networking under control

TORONTO – Senior Canadian IT executives say they are beginning to strike a healthy balance between allowing employees to use social networking technologies and also minimizing the potential security risks of services like Twitter and Facebook.

Speaking as part of a panel discussion at the SC World Congress Canada 2010, sponsored by IT World Canada, security experts from the Canadian Imperial Bank of Commerce (CIBC), the government of Alberta and GoDaddy agreed that perpetually blocking access can have negative repercussions around employee morale, corporate reputations and even customer support. While all three organizations work hard at guiding usage, no one has a complete document that covers everything.

“We didn’t really create a new policy (for social networking),” said Joe Lobianco, senior director, information security and risk management, CIBC. “The thing when you create another new policy is the danger that it sits there and nobody reads it. It was more about looking at existing usage policies we had and bring to bear what was necessary to deal with the way these other channels are used.”

CIBC started out forbidding all access to Facebook, Twitter and the like when those services started to become popular, Lobianco admitted. “We locked everything down . . . that gave us an opportunity to evaluate it,” he said, adding that some services are now permitted and that CIBC recognizes that employees desire to use such services for their personal lives. 

Tim McCreight, chief information security officer for the government of Alberta, noted that social media has changed the kind of conversation that happens between those responsible for protecting organization data and those who push the limits of what’s allowed.

“There was a time when you could say no and it actually meant something,” he said, “but I can’t say no to social media when my minister has a Facebook page she updates and a YouTube account.”

Instead, McCreight and his team have focused on ensuring the Alberta government presents a consistent image across social networking sites, rather than engage in mud-slinging in online comments on forums. Similarly, CIBC’s communications staff has played a critical role in taking on responsibilities around social networking, Lobianco added.

At GoDaddy, an Internet registrar that allows users to secure domain names based in Scottsdale, Ariz., social networking has been less of a security threat than a business enabler, according to CIO Neil Warner. The company has a specific social networking staff of approximately 10 people who constantly scan online services for problems, questions and issues from customers. “If you want to get a fast response from us, go on Twitter,” he said, acknowledging later that it was important to move customers off public services before personal identifiable information like a credit card number is requested.

All three men said they spend considerable time and energy watching out for and responding to potential malware that might make its way through a Facebook link or an unsolicited tweet, though many of the biggest security risks around social networking have yet to be determined. “Did you hear about the new Facebook e-mail service that’s coming to Canada eventually?” McCreighton asked. “Just wait for that one.”

SC World Congress Canada 2010 continues on Wednesday.



Related Download
Addressing Advanced Email Threats: Protect Your Data and Brand Sponsor: Cisco
Addressing Advanced Email Threats: Protect Your Data and Brand
Email has evolved from a tool used primarily by technical and research professionals to become the backbone of corporate communications.
Register Now