WikiLeaks teaches enterprises five hard truths

The recent news of government secrets posted to WikiLeaks is startling because of its size and scale. It is also symptomatic of a problem that practically every enterprise is also facing. Thanks to advent of Web 2.0, employees are demanding the benefits and openness of their social networking experience inside the enterprise. And with that newfound sharing and openness come significant security risks. Here's my take:

1. People's notion of privacy is changing quickly, and the enterprise is not immune.

In the consumer world, the boundaries of what's considered private are continually being lowered. Facebook, Twitter and Zynga have clearly re-defined how we interact with each other and how much we're willing to share. Governments are asking people to sacrifice privacy in the name of security. As a result, people are expecting and demanding the same level of openness from their government and employers. Enterprises and governments, however, don't have the luxury of uniformly being open. Not only are they concerned about trade secrets and confidential information, they must operate in a highly regulated world. Employees often don't understand and often don't care. So, it's up to the company or agency to put the right security and compliance processes in place to ensure that it does not run afoul of regulations or compromise its sensitive information. And they need to be able to keep these processes current with evolving norms and regulation.

2. IT can't use traditional tools to lock the environment up.

Every day people at work are revolting against closed systems, hard to use technology and siloed process. The contrast between their consumer experience and work experience is massive and growing. People are pushing for new ways to communicate, collaborate, and share information. Enterprises are discovering that employees demand new social, Web 2.0 tools. And if they doesn't deliver, their people will just go around them. Employees will post work information on Twitter, FaceBook, and LinkedIn. They figure out how to get their corporate email on their personal iPhones. They will go outside corporate networks to set up their own social networks for collaborating with each other. They are using consumer Web services for email, instant messaging, shipping files to each other, sharing documents, and storage. These services are cheap, easy to get to and too legion to block.

3. IT can't just ignore this.

Last week, a publishing exec told me that a junior person in the organization had used an external file sharing service to deliver the 2011 marketing budget to the CFO. Employees are spewing confidential and propriety business data and communication all around the consumer Web. This is scary stuff for anyone charged with compliance and governance. Even their colleagues are not their allies. At a recent conference, one CIO said, "Let's face the facts, we're just one email away from supporting this stuff, where a VP or President demands use/support for the iPad, iPhone, or some social app."

4. This is core to how business is changing and presents a massive opportunity.

When social is done correctly, there are massive benefits, which can address not only the social revolution but address compliance and governance issues. There are some powerful enterprise implementations that have yielded strong return on investment. Take McAfee for example who achieved a 25 per cent decrease in monthly Technical Support calls. Or CSC, who now has over 90 per cent of its entire employee base on its collaboration platform and leverage it to significantly decrease customer acquisition costs. Yum! is another example, as they are saving critical time with "24-hour-a-day innovation" initiative channeled through their social collaboration platform.

5. Make a careful and informed decision when investing in this stuff.

What characterizes successful solutions is not only the ease of collaboration and sharing, but also requirements around privacy, identity, governance, record keeping and eDiscovery. The right implementations have not only the social and collaborative benefits, but give IT the control they require. I believe that the social wave has the capability to truly transform the way work gets done and make it more creative, fun and personal. But it also represents something so deep and fundamental to companies that the right technology choice is critical. There's a huge return on investment when done right, but it should be investigated thoroughly, to understand the requirements and to be social and secure.

Brian Roddy is the Senior Vice President of Engineering for Jive Software.

Follow everything from on Twitter @CIOonline.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitywikileaksprivacy

More about CSC AustraliaFacebookJive SoftwareMcAfee AustraliaZynga

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brian Roddy

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place