FRAMINGHAM, 13 DECEMBER 2010 - The recent news of government secrets posted to WikiLeaks is startling because of its size and scale. It is also symptomatic of a problem that practically every enterprise is also facing. Thanks to advent of Web 2.0, employees are demanding the benefits and openness of their social networking experience inside the enterprise. And with that newfound sharing and openness come significant security risks. Here's my take:
1. People's notion of privacy is changing quickly, and the enterprise is not immune.
In the consumer world, the boundaries of what's considered private are continually being lowered. Facebook, Twitter and Zynga have clearly re-defined how we interact with each other and how much we're willing to share. Governments are asking people to sacrifice privacy in the name of security. As a result, people are expecting and demanding the same level of openness from their government and employers. Enterprises and governments, however, don't have the luxury of uniformly being open. Not only are they concerned about trade secrets and confidential information, they must operate in a highly regulated world. Employees often don't understand and often don't care. So, it's up to the company or agency to put the right security and compliance processes in place to ensure that it does not run afoul of regulations or compromise its sensitive information. And they need to be able to keep these processes current with evolving norms and regulation.
2. IT can't use traditional tools to lock the environment up.
Every day people at work are revolting against closed systems, hard to use technology and siloed process. The contrast between their consumer experience and work experience is massive and growing. People are pushing for new ways to communicate, collaborate, and share information. Enterprises are discovering that employees demand new social, Web 2.0 tools. And if they doesn't deliver, their people will just go around them. Employees will post work information on Twitter, FaceBook, and LinkedIn. They figure out how to get their corporate email on their personal iPhones. They will go outside corporate networks to set up their own social networks for collaborating with each other. They are using consumer Web services for email, instant messaging, shipping files to each other, sharing documents, and storage. These services are cheap, easy to get to and too legion to block.
3. IT can't just ignore this.
Last week, a publishing exec told me that a junior person in the organization had used an external file sharing service to deliver the 2011 marketing budget to the CFO. Employees are spewing confidential and propriety business data and communication all around the consumer Web. This is scary stuff for anyone charged with compliance and governance. Even their colleagues are not their allies. At a recent conference, one CIO said, "Let's face the facts, we're just one email away from supporting this stuff, where a VP or President demands use/support for the iPad, iPhone, or some social app."
Sign up for CIO Asia eNewsletters.