Social network providers should enhance security controls
available to users and businesses, says analyst firm Gartner.
Speaking ahead of a
Gartner IT
Security Summit in London, Gartner analyst Andrew Walls said
that organisations must develop tools and practices that prevent
the inappropriate exposure and exploitation of personal and
corporate data.
He said, "Improved security in virtual environments should be a
joint responsibility between individuals, companies and service
providers. There are some steps that users themselves must take,
some things their employers can do, and some that the providers of
virtual environments could do to reduce the risks.
"Social software services provide very few user-controlled
security features and do not provide users with complete control of
the lifecycle of uploaded data, like the ability to delete old
information and the establishment of user-defined access groups and
multi-layered profiles with varying levels of information
presentation."
Gartner said the
security risks posed by virtual environments range from spam
and malware to business issues such as privacy and intellectual
property management as users upload and create information that is
stored and traded remotely.
"The ownership of content placed in a virtual environment is
often in doubt," said Walls. "The end-user licence agreements
offered by social software are between the user and the vendor, not
the company and the vendor, so the company may have no legal
standing to negotiate to protect their intellectual property."
Emerging threats from virtual environments include social
network analysis tools that allow easy integration of data from a
variety of sources, and potential flaws in user interfaces and
media formats such as QuickTime, AVI and MP4.
"These threats are exacerbated by the speed at which new
features are developed and implemented by the providers of virtual
environments, without a long-term testing process to identity
security flaws," said Walls.
Gartner recommends that organisations should:
• Monitor and use virtual environments to gain familiarity
• Define a policy for virtual environments
• Ask the corporate legal counsel to review licence agreements
of sites used by staff
• Ensure that security infrastructure controls are in place
• Implement an education programme for staff to help them
protect themselves
• Monitor use and assess compliance.
Gartner said virtual worlds, social networks and mapping
environments will merge into highly integrated online environments
over the next 10 years.
"Organisations cannot block social networks and virtual worlds
because they will become the base infrastructure for business and
personal interaction in the future," said Walls. "Now is the time
to build security tools and infrastructure that enable the
organisation to benefit from them."
Social Networking: The seven deadliest hacks >>