As Companies Get Social, Network Security Grows

Posted on by David Wallace

"As long as it happens to someone else" is a key part of data protection and network security. Deter the bad guys long enough and they'll go looking for a weaker target.

Social and personal connections can help immensely with daily work but make for scary nightmares. The IT department can "MacGyver" systems to guard against technical leaks or intrusion, but then they have to hope that humans don't mess it all up.

The toolkit has improved for security monitoring and protecting sensitive data—even while allowing leading-edge approaches like those which make it possible for people to query databases on-the-fly using personal devices and sharing those files in real-time.

At an MIT/Sloan conference on February 22, 2014, that explored disruptive technologies, John J. Sviokla, a director at PwC, said the phenomenon is not new, but the speed and possibilities are changing the status quo faster than ever.

During the 1600s, the Dutch created a company that drew investments and shared risks and rewards that made it possible for them to foster more colonization abroad. The Dutch had no single wealthy crown monarch comparable to those of powerful Spain or Great Britain, so a different model emerged.

And Canadian banking cooperatives flourished when Alphonse Desjardins introduced a shared-risk banking collective as an alternative to high interest rates by predatory lenders. His community financing model in the 1900s was a self-organizing model that could be easily replicated, Sviokla says. He added that when networks move decisions to the edges and let people self-organize, productivity can dramatically improve.

But network security also needs to be personalized, portable, and open to public view. So companies need innovative, flexible policies and current technologies for managing. Some workplaces have absolute software blocks on company networks, disallowing access to personal email, networks, or messaging.

Social doesn't mean tweets and likes. File-sharing and access control gives administrators a fingerprint-like unique pattern of each user's habits, says Tsahy Shapsa, a co-founder of cloud security vendor Cloudlock. Risk-based models mean the company decides what activities set off red flags.

It is then possible to change behaviors for safer practices before there's a crisis. If a pattern emerges that is way outside the norm—remote access from a country when a worker is surely not traveling or an excessive number of sensitive files shared—administrators can be notified before a problem arises.

Networks themselves are getting smarter, along with the collaborative efforts of people worldwide. Putting more security into a place, like a particular data center, is not as effective as people-based efforts that can add location, behavior, device, and other information, Shapsa relayed in a personal interview.

Juniper Networks introduced a federated security model that shares information about intrusions to its customers. The company's new Junos model "fingerprints" hacker attempts, identifies certain characteristics, and then shares that data to protect others. That means shared security is getting social—instead of just hoping an intruder or attacker simply moves on to another easier target.

Are you sharing reports of security threats or advice with your network? That level of caring and concern goes a long way toward building trust and showing that business is about more than transactions. Unfortunately, it also means choosing from lots of events selectively—recent examples include the Apple OS vulnerabilities to zero-day attacks on building control software systems.

So, whether it's your people or your network, more interaction gives you deeper insights.

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs