printer friendly version

New infrastructure rules required

New rules for IT infrastructure security.

The need for organisations to closely guard private information has been highlighted by the recent exposures of classified information by WikiLeaks, says Martin May, regional director (Africa) of Enterasys Networks.

Martin May, regional director (Africa) of Enterasys Networks

“With so much money and intellectual capital tied up in information today, WikiLeaks has underlined the need for improved IT infrastructure security,” he says. While the concept of IT infrastructure security includes physical aspects such as protection from fire, natural disasters and the guarding against unauthorised access, there are few aspects more disconcerting than classified data theft, according to May, who says the ready acceptance by most companies of social networks such as Facebook, LinkedIn, Twitter and many others for business applications has opened the door to information thieves.

“The benefits of social business systems include faster ways to foster interactive relationships with customers and prospects and better means of building brand identity and product awareness. But these are clouded by IT infrastructure security risks associated with the casual attitude towards privacy prevalent in the social networking communities,” he says. “The uncontrolled use of unapproved freeware and applications designed to persuade social network users to reveal and share confidential information – be it private or corporate in nature – serves to heighten the risks.”

Despite this, May believes enterprise social networks can be deployed safely provided the correct rules are followed by those responsible for IT infrastructure security.

Three rules

“Rule one is the need to modernise the current methods used to verify approved corporate network users’ identities. This can be achieved by integrating existing single sign-on systems into the new social systems. Merging the regular username and password directory with social applications facilitates more secure validation and authentication processes.

“The second rule is to update the authorisation processes that define or specify the amount and nature of information held by any one individual in an organisation. A good example of lax authorisation processes can be found in the bulk of the data published on WikiLeaks. Obviously, the individuals responsible for supplying content to WikiLeaks should have been denied access to this level and volume of confidential information in the first place.”

Rule three centres on the need for regular audits. “Undoubtedly, regular system and security audits help boost strong governance and – should the worst happen – assist with post-event reviews, root cause analysis and future remedial action. The key to effective, simplified auditing of security systems lies in the initial placement of efficient controls.”

He points to a slew of new e-discovery solutions designed to facilitate forensic investigations. “We are moving towards an era when social networks will be a vital source of new revenue and marketing value for the organisations adopting them as business tools,” he stresses. “Implementing these security rules will give organisations the ability to provide their staff members with enough creative licence to explore and innovate using the significant potential associated with social networking within the boundaries of a secure IT infrastructure.”

Share this article:

Further reading: