Post image for Securing the Social Network – How to embrace emerging technologies without putting critical data at risk

Securing the Social Network – How to embrace emerging technologies without putting critical data at risk

by tapangarg on June 2, 2011

(Excerpts from a Websense whitepaper)

 

Summary

Social media isn’t coming to banking institutions—it’s here. For banks and their customers, social networks such as Facebook, LinkedIn, and Twitter have become an integral part of everyday life.

This paper details the risks, the rewards of social networking; and the emerging solutions to enable secure, controlled activity.

Social networking sites are the 21st Century phenomena. Facebook alone touts over 500 million active users that spend in excess of 700 billion minutes per month on the site and share 30 billion pieces of content—from web links and blog posts to notes and photo albums. What’s more, the Facebook platform houses over 5,50,000 active applications and is integrated with more than one million websites.

And it’s not just for friends and family anymore. Banking institutions have their own corporate presence on sites
like Facebook. It’s certainly no wonder with social networking promises new levels of productivity for employees, infinite marketing opportunities for institutions and a favorable way for customers to engage their financial services partners.

“Banking is a trust relationship,” says one IT executive at a top 20 U.S. bank (that prefers to stay anonymous in this discussion). “Social media is an incredible opportunity to deepen the relationship.” And the trust.

New media, new opportunity

“Web 2.0” is a topic at every water cooler these days—especially in financial institutions. The term is commonly associated with web applications that facilitate active information sharing and collaboration over the Internet in a virtual community. This differs from traditional websites for which users are limited to passive viewing. In addition to blogs, wikis, and video-sharing sites, social networking sites are arguably among the most popular of Web 2.0 applications.

Social media offer an intuitive new way for people to interact from the convenience of their computers and mobile devices. They can connect from virtually anywhere, at anytime. In so doing, they are able to touch base and share ideas. The most visited sites include Facebook, MySpace, LinkedIn, and, of course, Twitter.

Social media adoption has surged to staggering heights. While Facebook has over 500 million users (July 2010), MySpace has nearly 70 million in the U.S. (June 2010) and LinkedIn has around 75 million worldwide (August 2010). As for Twitter, 105,779,710 registered users (April 2010) account for approximately 750 tweets each second, according to Twitter.

Many see social networking as a huge business opportunity and have readily embraced both Facebook and Twitter as prime avenues of outreach and interaction.

Indeed, social media represent a target-rich environment to engage new and existing customers. Business units are eager to embrace the innovation. Employees want to use it for communication and collaboration. But more importantly, public relations, marketing, sales programs now hinge on this creative media to convey key messages.

In fact, social networking represents not just a competitive edge, but rather a competitive necessity.

The risks

Some of the most prominent challenges include:

Lack of visibility and control
Many institutions are limited in their control of social networking. They use URL filters to either allow complete access to a site and every bit of content therein—or fully restrict access. The problem lies in identifying and controlling what users access once they get onto the site, including inappropriate material and compromised documents.

Widening attack surface
Malicious code is not just coming from the dark corners of the web, like pornography, gaming and pharmaceutical sites.

Advanced persistent threats, web exploits and drive-by attacks can slip through gaps in traditional security mechanisms, like antivirus and URL filters. This may lead to malware-infected applications being downloaded or trade secrets being disclosed to fake identities.

Data loss potential
Social networking sites are all about collaboration and sharing—potentially even of sensitive data. Today, there is little control over data loss in social media arenas because policies do not typically cover what users contribute. So confidential or regulated data could very well be uploaded, taking an institution out of its compliance state at a time when oversight is so strong.

 

 

Unified approach to risk management

Institutions need to find new ways to leverage the power of Web 2.0 without worrying about malware, inappropriate content or disclosure of sensitive information.

Web defense
Today’s malware is purposely built to avoid legacy controls. New appropriate use policies must be in place to block access to sites and content associated with spyware, phishing and key logging, as well as unwanted applications like P2P and IM. And real time security scanning to protect against legacy file based attacks, web scripts, and dynamic threats that evade traditional antivirus is key, as is content classification to remove inappropriate content.

Email protection
Email protection is also important because of the increased number of blended email and Web 2.0 threats. Indeed, traditional antispam and antivirus technology is critical, but institutions need to increase email protection with real-time inspection that goes beyond virus and reputation analysis. Granular policy control and content filtering can help institutions secure confidential data within email and its attachments.

Data security
Institutions need to enhance data loss prevention strategies with the right controls to enable outbound communications to destinations like social networks while meeting compliance mandates that govern disclosure of sensitive data. Providing visibility into where data resides, where it is sent and by whom, such strategies can secure sensitive information and intellectual property, as well as manage and enforce regulatory requirements.

A unified approach to security is the best way to ensure 360-degree protection against everything social networking can throw at an institution from preventing downloads of malicious content to blocking leakage of private data. With traditional point solutions that rely on redundant multi-vendor management tools, institutions are often saddled with three or more separate systems to manage. By controlling web, email, and data security through the same interface, organizations can reduce the number of appliances and management systems and thus cut both capital and operational expenses.

Related Posts:

  • Hongwen Zhang

    I am truly pleased to see organizations such as CIO Research writing about the seriousness of malware intrusion via social media and the necessity to address these concerns in the corporat security strategy. This only proves the validity of ensuring network layer Data Leakeage Prevention (DLP) for corporations and global enterprises. The CIO’s of today are fast becoming aware of the need to protect corporate networks from the social media-born malware that is quickly reaching epidemic levels. Our company, Wedge Networks has focused on building such solutions for years including the ability to scan and secure sensitive information coming in and out of Web 2.0 and social media networks, to protect against malware transmissions, data loss and blended threats.

Previous post:

Next post: