Well, it’s been an interesting couple of weeks in the world of social media and IT security. We’ve seen the return of the Koobface virus, the Marines have banned social networking sites (*UPDATED: No, they haven’t), and both Twitter and Facebook were overcome by denial-of-service attacks. This coverage has provided prime fodder for the IT security professionals of the world, whom I get the feeling would be much happier if nobody had access to the eminently dangerous and risky world of the Internet. Now, don’t get me wrong, I believe information security is a very real and valid concern when it comes to social media. I’ve always thought that for social media to succeed, IT security and social media champions have to be partners, rather than adversaries. However, the recent events, combined with the traditionally conservative nature of a majority of IT security professionals, have resulted in many calling for total blocks on social media to “maintain the integrity of the network.” However, in banning social media because it’s “safer,” are we effectively burning the town to stop the plague? Joshua Salmons stated it best in a recent blog post –
“If the president left his travel agenda scheduling up to the Secret Service, he’d never leave the White House bunker (”Safer” is easier.). If an aircraft’s flight status was left up to the mechanic, it would never leave the hanger (Why risk the wear and tear? More work). Likewise, IT shouldn’t just say why we can’t do something, but should do more working with leadership to figure out how to balance risk and operation.”
The IT security professional is assessed on his or her ability to protect the organization’s infrastructure, ensure its reliability, and anticipate potential threats. The IT security professional isn’t assessed on the happiness or unhappiness of the employees’ access to Twitter or Facebook. They don’t receive a bonus if customer service improves or public awareness increases because of increased social media activity. They are paid to protect the network – given the choice between allowing access to social media and blocking access, what would you choose? The IT security professional has no incentive to provide this access or even to work with the public affairs staff to come to a compromise. If it was up to them, we wouldn’t have access to anything outside the organizational firewall, lest we chance exposing our network to a virus. But at what cost? Wouldn’t the organization be better served if IT security became a partner and a resource for others throughout the organization?
Take a look at the comments in this post by Aaron Brazzell – they can be summed up in one theme: public affairs professionals and social media champions aren’t nearly as frustrated by the bans on social media, but by the communications abyss that often exists between them and IT. When was the last time an IT security professional followed up a “No!” with something like, “but here’s what we can do?” This communications gap can and must be filled if social media is to succeed. And, this isn’t solely an IT security communications problem, it’s an organizational problem. Public affairs and IT cannot continue to be adversaries; we must learn how to communicate and compromise better. The future of Government 2.0 and social media depends on the both of you putting aside your differences and working together.