Editorial & Analysis
Popular
Technology Categories
- Security (280)
- Desktop Virtualization (235)
- Uncategorised (226)
- Public/Private clouds (222)
- Applications (218)
- Business Continuity (215)
- Server Virtualization (191)
- BYOD (189)
- Network Virtualization (182)
- Storage Virtualization (169)
- Big Data (155)
- Availability (149)
- Network Perfomance Management & Monitoring (145)
- Archiving & Back-Up (136)
- Consolidation (128)
- Wireless LAN (122)
- Performance Management (119)
- Systems Management (119)
- Software as a Service (SaaS) (114)
- Infrastructure as a Service (IaaS) (112)
- Network Capacity Planning & Management (112)
- Hosted solutions / applications (111)
- Network equipment, Repeaters, Hubs, Bridges, Switches, Routers (110)
- Governance, Risk & Compliance (104)
- Data Deduplication (103)
- Servers/Hardware (95)
- Mobile Security (92)
- Capacity Management (90)
- Virtualization Security (90)
- IP Convergence (90)
- Storage as a Service (87)
- Storage Networking – IP storage,Infiniband & iSCSi (86)
- Storage Area Networking (SAN) (86)
- Application Delivery Network (86)
- Disk Storage, Flash, SSD, Optical (85)
- Business Intelligence (82)
- Unified Communications (78)
- Wireless Security (77)
- Automation (77)
- Energy Efficiency (76)
- Enterprise Mobility Management (73)
- Flexible & Smarter Working (70)
- Mobile Device Management (70)
- Risk Management (68)
- Campus Networks (67)
- Recovery (65)
- Design & Build (64)
- Platform as a Service (PaaS) (63)
- Managed Security Services (60)
- Content Monitoring/Filtering (56)
- Risk Analysis (54)
- Identity & Network Access Control/Management (52)
- Managed Network Security Services (50)
- Business Impact Analysis (49)
- Managed Hosting (49)
- Email Archiving & Management (49)
- Smartphones/Tablets (49)
- Enterprise Content & Document Management (46)
- Storage Resource Management (SRM) (46)
- Collaboration Tools/Applications (44)
- Fibre Channel over Ethernet FCoE) (43)
- Mobile Enterprise Applications (43)
- Network Attached Storage / NAS (43)
- Cabling (41)
- Mobile Platforms (41)
- IPv6 (40)
- Penetration Testing/Risk & Vulnerability Assessment (38)
- Information Lifecycle Management (ILM) (38)
- Thin Provisioning (38)
- Workflow & Process (36)
- Load Balancing (36)
- Optical Networks (35)
- Forensics (34)
- E-Discovery (30)
- Regulation & legislation (30)
- IP Telephony (30)
- VPN/SSL (29)
- Unified Threat Management (29)
- Power & Protection (29)
- Communications-Enabled Business Process (27)
- Tape Storage (27)
- ISP's (26)
- Enterprise Search & retrieval (24)
- HPC (23)
- Video/Web Conferencing (22)
- Metropolitan Networks (22)
- Mesh Networks (21)
- Collaborative Communications servers (Exchange etc) (20)
- Encryption/PKI/Digital Certificates (20)
- Field Services (17)
- Audio Conferencing (16)
- IP PBX (16)
- Transparency (15)
- Openflow/Software Defined Networking (14)
- Classification (14)
- Risk frameworks (11)
- Instant Messaging (11)
- Wireless Expense Management (11)
- Fixed Mobile Convergence (10)
- Data Masking (9)
- SIP Trunking (8)
- Social Software (7)
- Data Erasure (6)
- Presence (6)
- BS25999 (5)
- HVAC (5)
Popular Categories
IT security has much to learn from social media use, says Gartner
14 Mar 2012
As companies begin to relax about employee access to social media, rich identity data found online should be used to boost identity and access management (IAM) projects.
| The number of organisations blocking workplace access to social media sites is dropping by around 10 percent a year, according to analysts at IT market research company Gartner. |
Fewer than 30 percent of large organisations will attempt to stop employees from accessing social media by 2014, compared with 50 percent in 2010, they say.
In any case, even where these bans exist today, however, they’re often not complete bans, nor are they always successful in stopping employees, says Gartner analyst Andrew Walls. “Certain departments and processes, such as marketing, require access to external social media, and employee can circumvent blocks by using personal devices such as smartphones,” he points out.
What organisations need to do now, he says, is turn their attention to the impacts of social media on identity and access management (IAM).
Social media environments, he explains, include mechanisms to collect, process, share and store a more complete range of identity data than today’s corporate IAM systems. They enable a more complete view of identity – one that extends beyond the boundaries of organisations.
For IAM specialists, this is both a threat and an opportunity, according to Walls. “Identity data and social media platforms can expose organisations and users to a wide variety of security threats, but organisations can aloes use this identity data to improve support for their own IAM practices and the ambitions of business stakeholders,” he says.
Gartner has identified three significant impacts of social media on IAM:
1. Personal trust misaligned with corporate trust. Employees who participate in online social media continually make judgments about the degree of trust they should place in the platforms and in other participants, and they adjust content, structure and vocabulary to match their risk assessments. These assessments and the fundamental inputs to their assessment process may not align with corporate expectations for risk management. As a result, employees may say and do things on social media platforms that violate corporate policy or are otherwise counter to corporate expectations.
2. Public content supports identity intelligence. The collection of identity data by public social media on a massive scale enables improvements in the production of identity intelligence. This pushes IAM specialists to discover the user profiles accessed by staff and to maintain capabilities for accessing external services in order to harvest identity data.
3. Identity data can be leveraged for IAM. Social media provide a mechanism for verifying the identity of employees, job candidates and customers, and a cloud identity platform for performing IAM for other applications. IAM projects can use social media for identity verification and to extend identity services to internal and external applications, via a semi-trusted social platform.
"Organisations should not ignore social media and social identity," says Walls. "We recommend that they ascertain how they currently use internal and external social media, in both official and unofficial ways, and look for dissonance between IAM practices and the identity needs, opportunities and risks of social media."
