Social networks, virtual worlds and real-time mapping services offer enormous potential for improved collaboration, customer interaction and information processing, but this potential can only be realised when appropriate... |
Social networks, virtual worlds and real-time mapping services offer enormous potential for improved collaboration, customer interaction and information processing, but this potential can only be realised when appropriate security measures are in check.
Speaking at a Gartner IT Security Summit in Singapore today, Gartner research director Andrew Walls said that organisations, staff and vendors must develop tools and practices that prevent the inappropriate exposure and exploitation of personal and corporate data.
“Improved security in virtual environments should be a joint responsibility between individuals, companies and service providers. There are some steps that users themselves must take, some things their employers can do, and some that the providers of virtual environments could do to reduce the risks,” said Mr Walls.
“Social software services currently provide very few user-controlled security features and do not provide users with complete control of the life cycle of uploaded data, for example, the ability to delete old information, and the establishment of user-defined access groups and multilayered profiles with varying levels of information presentation.”
According to Gartner, the security risks currently posed by virtual environments range from traditional problems like spam and malware to business issues like privacy and intellectual property management, as users upload and create information that is stored – and traded –remotely.
“The ownership of content placed in a virtual environment is often in doubt,” said Mr Walls. “The end-user license agreements offered by social software are between the user and the vendor, not the company and the vendor, so the company may have no legal standing to negotiate to protect their intellectual property.”
Emerging threats from virtual environments include new social network analysis tools that allow easy integration of data from a variety of sources and potential flaws in user interfaces and media formats such as QuickTime, AVI and MP4.
“These threats are exacerbated by the speed at which new features are developed and implemented by the providers of virtual environments, without a long-term testing process to identity security flaws,” said Mr Walls.
Gartner recommends that organisations:
• Start by monitoring and using virtual environments to gain familiarity
• Define a policy for virtual environments
• Ask corporate legal counsel to review license agreements of sites used by staff
• Ensure that security infrastructure controls are in place
• Implement an education program for staff to help them protect themselves
• Monitor use and assess compliance
According to Gartner, virtual worlds, social networks and mapping environments will merge into highly integrated online environments over the next ten years.
“Organisations cannot block social networks and virtual worlds, because they will become the base infrastructure for business and personal interaction in the future,” said Mr Walls.
“Now is the time to build security tools and infrastructure that enable the organisation to benefit from them." |
