Social networks must improve security controls, says Gartner

Social network providers should enhance security controls available to users and businesses, says analyst firm Gartner.

Social network providers should enhance security controls available to users and businesses, says analyst firm Gartner.

Speaking ahead of a Gartner IT Security Summit in London, Gartner analyst Andrew Walls said that organisations must develop tools and practices that prevent the inappropriate exposure and exploitation of personal and corporate data.

He said, "Improved security in virtual environments should be a joint responsibility between individuals, companies and service providers. There are some steps that users themselves must take, some things their employers can do, and some that the providers of virtual environments could do to reduce the risks.

"Social software services provide very few user-controlled security features and do not provide users with complete control of the lifecycle of uploaded data, like the ability to delete old information and the establishment of user-defined access groups and multi-layered profiles with varying levels of information presentation."

Gartner said the security risks posed by virtual environments range from spam and malware to business issues such as privacy and intellectual property management as users upload and create information that is stored and traded ­remotely.

"The ownership of content placed in a virtual environment is often in doubt," said Walls. "The end-user licence agreements offered by social software are between the user and the vendor, not the company and the vendor, so the company may have no legal standing to negotiate to protect their intellectual property."

Emerging threats from virtual environments include social network analysis tools that allow easy integration of data from a variety of sources, and potential flaws in user interfaces and media formats such as QuickTime, AVI and MP4.

"These threats are exacerbated by the speed at which new features are developed and implemented by the providers of virtual environments, without a long-term testing process to identity security flaws," said Walls.

Gartner recommends that organisations should:

• Monitor and use virtual environments to gain familiarity

• Define a policy for virtual environments

• Ask the corporate legal counsel to review licence agreements of sites used by staff

• Ensure that security infrastructure controls are in place

• Implement an education programme for staff to help them protect themselves

• Monitor use and assess compliance.

Gartner said virtual worlds, social networks and mapping environments will merge into highly integrated online environments over the next 10 years.

"Organisations cannot block social networks and virtual worlds because they will become the base infrastructure for business and personal interaction in the future," said Walls. "Now is the time to build security tools and infrastructure that enable the organisation to benefit from them."

Social Networking: The seven deadliest hacks >>

Read more on IT risk management