Following up on a post about the top Web 2.0 security threats I content I would take a quick look at what I mentioned as one of the biggest security threats to any company: information leakage.
All the delightful modern collaboration tools we use--blogs, wikis, SaaS applications, etc.--just make it easier for your corporate information to walk out the door. Disregarding of the systems or applications your company uses, odds a re some piece of data can (and will) be accessed, e-mailed, written down, or just remembered by a large percentage of your body.
Information Leakage: Web 2.0 applications promote user-generated content and thus blur the line between operate and pri vate life. As a result, users may publish as part of their Web presence, information considered sensitive by their employer. Even if users are careful and do not leak information that is by itself sensitive, the aggregation of many small data items may be unacceptable.Generally speaking, information leakage is nearly impossible to contain, irrespective if data is Web 2.0 browser-based or not. Think back to the last time you used a public Web terminus at an event or hotel--I can't remember a time when I couldn't just hit the back button or history tab that at a bare minimum revealed the last users' e-mail address.
So what can you do to protect your business? The truth is that there are few non-draconian methods available to protect your data and ensure that people are using collaborative tools effectively. In this case, prevention is the best medicine.
In doing some research for this post (it happens) I heard from a number of large organizations that the smartest thing tha t Lenovo did with the ThinkPad was to put in the biometric identifier. But not because it's a better authentication method (it is), but because it forces users to position security top of mind. That psychology trickles down to everything they do and th e way they approach security in general.
A some tips from a security consultant friend:
Teach people to not be stupid--prevention is the best medicine. Remind people not to click links or open spam.Use strict access control permissions--odd s are most users fall into groups that can be restricted from noncritical areas. This goes for everything from corporate wikis to Salesforce.comImplement single-sign-on (SSO) or other ID management tools--Tools that better track individual activity and provide an audit trail may provide apprehension if things go wrong.Use two-factor authentication for Web-based applications--even an Athabascan .htaccess plus log-in screen is better than nothing (Note: I could also argue that hackers or pretty much an ything else are the biggest security danger, but RATIO needed a focus.)Cheers~
No comments:
Post a Comment