Enterprise Social Networks And Security Risks
June 28, 2011
While attending UBM TechWeb's Enterprise 2.0 Conference in Boston last week, I heard lots of conversations about the benefits and potential pitfalls of enterprise social networking. One theme that I heard repeated more than a few times was that enterprise social networks can create a greater security risk.
Of course, my first response to this kind of question is, greater than what? There are certainly risks associated with using enterprise social networking tools, but are they any different, or greater, than those associated with enterprise applications like customer relationship management (CRM), document management or any cloud-based application?
Like any of these applications, there are standard security issues surrounding secure user access, data loss prevention and regulatory compliance. And, for the most part, the same practices and procedures will serve to protect these enterprise social networks. For example, using single sign-on or even two-factor authentication, integrating the social network with your LDAP directory, utilizing VPN and all HTTPS connections to secure communications, and choosing to install the enterprise social network inside your company firewall can all go a long way toward making enterprise social networking more secure.
The belief that enterprise social networking can cause additional security risks probably comes from its better-known cousin, public social networking. From a security standpoint, using a public social network like Facebook for business-related communications does cause some unique risks.
When it comes to regulatory compliance, use of Facebook for messaging or chatting can easily result in a compliance violation. And the ease with which information can be inadvertently exposed to the entire Internet can easily put sensitive company data at risk. Add in the growing use of malware and phishing in networks like Facebook, and there are certainly risks for business use.
Not surprisingly, this is where the true problems for enterprise social networking come in. A popular feature found in many enterprise social networks is tight integration with networks like Facebook and Twitter. In many of these applications, it has been made very easy to bring information from public networks into the company social network and also to share information from the company network out to public networks.
Still, this is not a problem that is unique to enterprise social networks. Lots of other enterprise applications--including email, collaboration systems and Salesforce applications--have similar deep integration with Facebook and Twitter.
In the end, there aren't really many special new security risks that come with enterprise social networking. As is the case with most enterprise applications, follow security best practices and you'll go a long way toward making sure that your company's social connections are secure.