Alarmed

A Contrarian View of Social Networking

Sure, LinkedIn and Facebook present security, privacy and productivity challenges. But if the sites are so bad, then why have so many security and privacy leaders joined them?

By Sarah D. Scalet

January 30, 2008CSO — More doom and gloom news about social networking on the wires this week: The sites are allegedly costing nearly 6.5 billion pounds a year in lost productivity in the United Kingdom, says security consultancy Global Secure Systems and Infosecurity Europe. According to a press release, 776 office workers admitted spending at least 30 minutes a day visiting social networking sites at work. This comes on the heels of a report from Sophos that we covered last week, tracking how much time employees supposedly waste on Facebook.

Funny, though, CSO also just published an article about how a couple of the U.S.'s top security leaders have found sites such as LinkedIn and Facebook to be a useful tool for doing their jobs. Bill Boni of Motorola says LinkedIn makes him a more effective security leader, and CISO-turned-consultant Howard Schmidtwho seems to spend more time networking than anyone else I knowsays the personal information he has learned about business contacts through Facebook has helped him forge stronger ties. (They offer advice on mitigating the security risks in "Social Networking Tips from Security Leaders" by Kate Walsh.)

Right before I went on maternity leave last spring, I was debating whether these sites were worth it. I even wrote a blog entry, "Poll: Is the Security World LinkedIn?", in which I asked the security community whether I ought to join. The results were mixed. A majority of people who answered the poll said LinkedIn was valuable, but some people posted very valid concerns about how the site, for instance, uses names from your address book to help you build a network, or about how the information you provide could be used as a profiling tool. True, all true, and at the time I decided to take a pass.

I came back from leave last fall to a new world. My boss actually asked me to join not one but two social networks as part of my job staying in touch with industry leaders and promoting our content. Since then, Iâ¬"ve become fairly comfortable with LinkedIn, which is basically just an online resume. Facebook Iâ¬"m not so sure about, but itâ¬"s an interesting place to experiment with gathering opinions and sharing news.

My knee-jerk reaction is still that these sites are a bad idea, security-wise and privacy-wise. They also tend to suck timeit takes a whole lot of self-restraint to log on just long enough to do something work-related, then log out and move onto the next thing. But the reality is that every time I poke around in the connections of my connections, Iâ¬"m surprised at the number and quality of security and privacy professionals who have decided the sites are worth it. For whatever reasons, the security world seems to have embraced LinkedIn, while the privacy world has gravitated to Facebookbut leaders from both areas are definitely embracing social networking.

Despite all the morose headlines about social networking as a killer of privacy and security, Iâ¬"m inclined to start thinking that if the leaders in these industries are using the sites, they must not be such a bad idea. As for the naysayers? As Howard Schmidt put it to CSOâ¬"s Kate Walsh: â¬SMy response to those in the security business lamenting the existence of Facebook and MySpace is to ask them if theyâ¬"ve ever been on it.⬝

So I ask you now: When can we stop assuming that social networks are just a waste of time thatâ¬"s not worth the risk? Or perhaps a more forward-looking question: How can we tell when social networking is actually helping an employee do her job, versus keeping her from her job or even making her employer vulnerable? This morning I posted a link to a CSO story on Facebook; that's work, about public information. A game of Scrabulous on Facebookwell not so much work, right? Unless, of course, Howard Schmidt challenges me to a game.

Other stories by Sarah D. Scalet

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era