Security Implications of the “Web” Becoming the “Social Web”

People are excited about social media. Except security people, because we are paid to worry, and new technologies make us nervous. Many of us, including me, have written about the dangers of social media. Yet, it’s becoming less practical to treat this form of communications as its own entity. Social media is getting infused into all interactions.

The web as we knew it is ceasing to exist and is turning into the social web. As the result, the manner of online interactions combines many characteristics that until recently haven’t coexisted in a single communication platform. These include:

  • Instant one-to-one and group communications
  • Hard-to-control channel (HTTP and HTTPS)
  • Public archives of interactions
  • Real-time and delayed conversations
  • Video and audio, not just text
  • Support for strong and weak relationships
  • Accessible on the move (mobile)

The web’s metamorphosis, marked by these attributes, has information security implications, such as:

  • Electronic business interactions increasingly occur outside the protected boundary of the corporate network
  • Information is shared and archived almost instantaneously, making accidental data leaks hard, if not impossible, to contain
  • People communicate with many individuals whom they don’t know well, making reliance on trust impractical
  • Potentially sensitive data resides on systems outside of the company’s direct control, introducing numerous security challenges
  • Communications take non-textual multimedia form, which is hard to scan for keywords to detect data leakage
  • People interact with each other and data while on the move, in a hurry and multitasking, making mistakes that may have security repercussions
  • Clicking on links to take action or access content is common and is used as part of social engineering

These risks aren’t solely associated with social media per se. Rather, these attributes are present in routine web-based interactions. They are becoming the norm, not the exception. If we take the time to better understand the characteristics and implications social web, we might find more practical ways to safeguard personal and corporate data online.

Related:

Lenny Zeltser

Updated

About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more