Information Security in the World of Social Media

Learning to Speak

Imagine a world where people just learned to speak. The populace rejoyces from the sharing of stories and jokes. People exchange opinions and know-how in new and exciting ways. Who is unhappy about the development of vocalized words? The data guardians: information security personnel, corporate compliance officers and risk managers. It is just too hard to control access to sensitive materials when sound travels freely, they complain. Loose lips sink ships, the saying goes.

Learning to Write

Imagine a world where people just learned to write. Information flows at unprecedented rates, with written manuals codifying best practices and poems lauding the world and its people. Infosec and their colleagues are concerned. Its too easy to leak data now. What about compliance with confidentiality agreements and regulations? How will we keep auditors at bay? Written words are for nerds, they proclaim, hoping to rein in the written menace.

Learning to Internet

Imagine a world where people across the world share thoughts instantaneously and cheaply. Ideas flow regardless of geographic boundaries. Keeping in touch with friends is as easy as glancing at a mobile device in the palm of your hand. That is the world of Internet social media and social networking. We’re living in it now. Information security professionals are, of course, concerned. On-line sharing makes enterprises weary.

Making Sense of the New World

Of course, I am unfairly vilifying infosec individuals, among whose ranks I work and play. We operate as part of an IT risk management ecosystem and are paid to be cautious. It is natural for us to worry about data controls. This is especially true when the technological and cultural forces that encourage data sharing are ahead of information protection tools and processes.

Yet, people are social creatures who will continue to interact with each other in novel ways despite corporate policies. Infosec can join the conversation and understand the new communication media. Together with our colleagues we can find a way to exchange data in innovative yet responsible ways. Collaboration is our salvation. Cliché, I know.

For more on this topic, see my other posts that discuss social networking, social media and security.

Lenny Zeltser


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more