Back office
What's going on in networking, operating systems, servers, storage and data centres?
Wednesday 7 October 2009, 12:41 PM
Banks use Facebook despite security concerns
But it's not as simple as that. To start with, should CIOs be the people who make that decision? They have the authority to argue that social networking can open the company to security risks but it's not in their purview to determine what people should be doing with their time - unless it's their own staff they're worried about.
What's at stake is company policy about how people do their jobs, and whether it's sensible to lock down how they do it, rather than set outcomes and allow people achieve those outcomes as best they might. Of course, this still means learning from the experience of others and operating within company rules but a code based on the general principles of English common law rather than those of the Napoleonic code makes the workplace a nicer environment to spend half your waking hours.
Additionally, people are increasingly using social networking to keep in touch with colleagues, their opposite numbers, partners and suppliers, and for many, that's a good use of their time from a commercial point of view.
That this is increasingly recognised even in the most locked down workplaces is evidenced by the way that the banks are using such techniques. Talking to Palo Alto Networks' CTO and founder Nir Zuk recently, I was surprised to hear that many banks are restructuring their security systems in order to allow them to open their networks for many purposes, including social networking.
Given all this, it's not up to the CIO to decide whether social networking should or should not be allowed. It's up to them to make it happen if the business finds it gives it an advantage.
PreviousComments on this post
Isn't instant messaging more of a security risk than Facebook, in so far as a hacker can gain access to a network via an insecure port/IM application? (I heard that MSN was the worst offender, though this was a few years ago).
Surely, re. your earlier post about dumbass wetware, the security risk is more about posting sensitive information than about hackers gaining access to a network. As if anyone in a security minded position would post such details (name, address, swimwear http://bit.ly/hHoqJ )
And on the efficiency front, I used web-based google instant messaging a whole heap at my last contract -- very useful for asking about nitty bitty not worthy of an email.
Suppose it all comes down to where you work and what you do for your day job, some one working in an office not unlike zduk or such i don't see an issue, but on the other hand someone working in a call centre or alike thats where I'm a bit unsure.
Maybe designated area's or systems in certain work places could be setup for when staff are on their breaks, purposely for such use rather than the actual work terminal.
@Jake I think this issue is at least as much about perception as reality. Banks expect to be able to say that they've got the latest and greatest security, your money is safe with us (hah!!) etc etc.
The fact that their firewalls are (allegedly - I only report, I can't say for sure whether the allegation is true) redundant is something most people would be able to understand. And it's all the more damaging to the banks for that.
