Social Networking: Been There, Done That, But Something Is Different

Why are we so excited and concerned about social networking?

A Brief History of Social Networking

In an earlier note I proposed defining social networking as communicating while being mindful of relationships among people.

From this perspective, humans have been social networking for a long time—probably as long as we’ve been able to converse with each other. Eventually we learned how to write, and social networking incorporated the practice of sending letters and publishing articles. At some point we learned how to send text by telegraph and how to transmit voice by phone, and social networking took on additional forms.

Were businesses as concerned about data security of social networking when each of these communications methods appeared? I suspect that because businesses relied less on data than they do now, there were fewer infosec concerns, though I’d love to hear from those more familiar with history than I am.

In the more recent times we’ve been using email to social network with the help of computers. From the information security perspective, this turned out to be a big deal. Email has been an formidable threat vector through which attackers have been sneaking malware past companies’ perimeter defenses. The good news is that email has been around for a while, and the security tools and practices are relatively mature for curtailing email threats.

Characteristics of Modern Social Networking

Social media, in the form of blogs and social networking sites such as Facebook and Twitter is the more recent phenomenon. As the result, we’re still trying to understand the risks associated with social networking practices. The technologies and approaches for dealing with the risks are relatively immature as well. This is partially why social network security is a big deal today.

Today’s social networking possesses traits that make it stand out from the earlier forms of social networking:

  • It allows instant communications for both one-to-one and group interactions
  • It increases the communication circle to incorporate both strong and weak links
  • It provides equivalent access communications from all walks of life, with little regard to geography, race, income, etc.
  • It occurs over communication channels (i.e., the web) that are hard to control, because they are also used for other business communications
  • It maintains an archive of communications, which is often accessible to the public
  • It works by having the participants make outbound connections from the protected environment, rather than sending traffic into the environment
  • It supports and encourages the use of rich media messages, in addition to pure text
  • It can be accessed when the participants are on the move (i.e., through mobile devices)
  • It allows conversations to occur both in real time and in a delayed fashion

A combination of these factors creates a novel way of social networking—one that we are still trying to understand. Information security needs to understand the ways in which modern social networking is used and what makes it different from the past forms of communications. The good news is that we’re getting better at this, though we still have ways to go.

For more on this topic, see my other posts that discuss social networking, social media and security.

Lenny Zeltser

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more