Monday, April 20, 2009

Twitter Your Security Away

As social networking takes over our lives, much like the Borg, we are freely giving away our personal information. Its information devaluation. Twitter, facebook, MySpace, Flickr, Linkedin, etc are all pretty much conditioning us to be one with the Internet universe. Why shouldnt every person we know have the latest update on what you had for lunch or what your favorite color is or your dogs name or your highschool?

Interesting that these are the same questions your online back account asks you as challenge questions. How long until some really cool tool gets released by the underground that can scan a Profile, and ctageorize data into all the fields a bank usually asks as a challenge question? (I should trademark the concept)

Stop the madness. That includes all these Blogs! Down with Blogs!


Managed Security Services


Gartner have published a document (in PDF format) on their analysis and recommendations on the above subject:

Twitter's recent security issues follow the same arc that many other consumer-grade services have experienced. An innovative idea is quickly turned into a cool Web site that attracts lots of consumer use. Security is, however, not typically part of the cool site's business model. Hype about the potential businesses use of the new technology quickly leads to malware attacks. After a successful attack, security measures that were not built in are "sprinkled on."

This pattern will not change anytime soon. There will always be real reliability and security differences between consumer- and business-grade technologies. But there will also be real business benefits to using consumer-grade technologies before they are "business-strength." Enterprises must consider the cost of integrating or adding security controls to contain the risks of using these technologies before they reach security maturity. Trying to ignore or block them simply will not work.


All enterprises:
Ensure that everyone who accesses enterprise systems is aware of the risks of using consumer-grade technologies such as Twitter.
Update Web security gateways and network intrusion prevention systems to block transmission of the malware used in the Twitter attacks.
Require malware blocking and data loss prevention capabilities in any business plans using Twitter or other consumer-grade technologies
The document can be downloaded from;ref=g_homelink

No comments:

Post a Comment