There is a phenomenon called "the hyperconnected" which
describes a growing number of people who have intertwined and
blurred their private lives with their working lives - we should
investigate the phenomenon and understand the hyperconnected
because they carry vulnerabilities and increased threats into our
organisations.
We should work to modify or extend our present "architectures"
so they support the hyperconnected, and at the same time provide
appropriate protection to the business. We cannot ignore the
hyperconnected they are the information workforce of the
near-future.
If you have prevented the use of all social networking tools and
internet services in your company then congratulations, but beware,
you are now very much basking in the twilight of this success.
Tomorrow you will discover the hard reality that prospective
employees are placing an increasing importance on the ability to
connect to their social networks and internet services from the
workplace, in fact from any place they choose to be. Because you
have denied the use of social networks and services at your company
this may be enough to make them take a job with your
competitor.
If we persist with our current defence in depth, and protective
architecture models, then we are missing a vital strategic
sea-change. We are denying the need for a more forward thinking and
"participative architecture" - the architecture of participation
should embrace and support the hyperconnected providing some very
real business benefits.
According to IDG, 16% of today's global information workforce is
hyperconnected: they make heavy use of the internet, broadband
access, camera phones, voice over IP, instant messaging, social
networking, and video uploading. A further 36% of the workforce is
"increasingly connected", and they will soon join the
hyperconnected community - it is just a matter of time before the
information workforce is populated by a significant hyperconnected
majority.
If we bury our collective heads in the sand, then our
organisations will become more vulnerable through the presentation
of enlarged attack surfaces, and this will be driven simply by the
naive trust of the employee.
Increase in the pervasiveness of vulnerabilities due to
unfettered hyperconnected trust is challenging the traditional
defence in depth security strategies.
Network-to-network bridgeheads can develop creating attack
points passing through traditional defence layers and into the
heart of your corporate network.
Trust can present real risks to your business.
The new generation is much more comfortable with openness and
they are happy to share their lives publicly, with internet
services such as Twitter and Facebook. There are also an increasing
number of applications that have been launched that take advantage
of the "always on connections", either over the net or on mobile
devices.
The majority of Acceptable Use Policies (AUP) are becoming less
and less effective: today you have employees that are using the
internet services and social networking tools across the corporate
network, and unless you work for a very forward thinking employer,
this will be in direct violation of your AUP. Employees will
continue to violate the AUP in this way because they see it as a
minor misdemeanour, worthy of no particular concern, and in their
minds the benefits far outweigh the consequences.
King Canute the Great, seated on the seashore with the waves
lapping around his feet was not attempting to prevent the tide but
merely demonstrating the futility of such an act. We should not
resist the hyperconnected, we should embrace, adapt, and support
them.
Mark Henshaw is global manager for information security
strategy and planning at General Motors