Well, it’s been an interesting couple of weeks in the world of social media and IT security. We’ve seen the return of the Koobface virus, the Marines have banned social networking sites (*UPDATED: No, they haven’t), and both Twitter and Facebook were overcome by denial-of-service attacks. This coverage has provided prime fodder for the IT security professionals of the world, whom I get the feeling would be much happier if nobody had access to the eminently dangerous and risky world of the Internet. Now, don’t get me wrong, I believe information security is a very real and valid concern when it comes to social media. I’ve always thought that for social media to succeed, IT security and social media champions have to be partners, rather than adversaries. However, the recent events, combined with the traditionally conservative nature of a majority of IT security professionals, have resulted in many calling for total blocks on social media to “maintain the integrity of the network.” However, in banning social media because it’s “safer,” are we effectively burning the town to stop the plague? Joshua Salmons stated it best in a recent blog post –
“If the president left his travel agenda scheduling up to the Secret Service, he’d never leave the White House bunker (”Safer” is easier.). If an aircraft’s flight status was left up to the mechanic, it would never leave the hanger (Why risk the wear and tear? More work). Likewise, IT shouldn’t just say why we can’t do something, but should do more working with leadership to figure out how to balance risk and operation.”
The IT security professional is assessed on his or her ability to protect the organization’s infrastructure, ensure its reliability, and anticipate potential threats. The IT security professional isn’t assessed on the happiness or unhappiness of the employees’ access to Twitter or Facebook. They don’t receive a bonus if customer service improves or public awareness increases because of increased social media activity. They are paid to protect the network – given the choice between allowing access to social media and blocking access, what would you choose? The IT security professional has no incentive to provide this access or even to work with the public affairs staff to come to a compromise. If it was up to them, we wouldn’t have access to anything outside the organizational firewall, lest we chance exposing our network to a virus. But at what cost? Wouldn’t the organization be better served if IT security became a partner and a resource for others throughout the organization?
Take a look at the comments in this post by Aaron Brazzell – they can be summed up in one theme: public affairs professionals and social media champions aren’t nearly as frustrated by the bans on social media, but by the communications abyss that often exists between them and IT. When was the last time an IT security professional followed up a “No!” with something like, “but here’s what we can do?” This communications gap can and must be filled if social media is to succeed. And, this isn’t solely an IT security communications problem, it’s an organizational problem. Public affairs and IT cannot continue to be adversaries; we must learn how to communicate and compromise better. The future of Government 2.0 and social media depends on the both of you putting aside your differences and working together.
August 10th, 2009 at 6:16 am
Twitter Comment
Social Media and IT Security: Adversaries or Partners? | Social … [link to post]
– Posted using Chat Catcher
Reply
August 10th, 2009 at 3:55 pm
Twitter Comment
Great post by @sradick about soc med and IT security relations. Here’s to building relationships. [link to post]
– Posted using Chat Catcher
Reply
August 10th, 2009 at 9:50 pm
Great post overall, but I think it’s incredibly important not to establish an “us vs. them” mentality. I know many IT professionals who are huge social media evangelists, and I know communicators who are terrified of losing control of the conversation. There are very real privacy, security, and policy barriers to social media implementation, and we must actively work with our IT counterparts to develop collaborative solutions. In my opinion, the best place to start is by developing a shared vision of what social media means to an organization and agreeing on goals/objectives.
Reply
sradick Reply:
August 11th, 2009 at 3:47 pm
Jacque – I definitely didn’t want to establish an “us vs. them” mentality. In fact, this is the exact mentality I wanted to dispel here. I’m a huge advocate of teamwork and cooperation among both IT and communications. We can’t get anywhere unless we work together.
Reply
Jacque Brown Reply:
August 11th, 2009 at 4:23 pm
That’s what I figured – especially since I’ve personally seen you reach across functions to make things work!
Reply
August 11th, 2009 at 1:37 am
Twitter Comment
Social Media and IT Security: Adversaries or Partners? [link to post]
– Posted using Chat Catcher
Reply
August 11th, 2009 at 5:08 am
Twitter Comment
RT @TrendTracker: Social Media and IT Security: Adversaries or Partners? [link to post]
– Posted using Chat Catcher
Reply
August 12th, 2009 at 8:42 pm
Twitter Comment
Social Media and IT Security: Adversaries or Partners? My favorite subject! #e20 #socialmedia – [link to post]
– Posted using Chat Catcher
Reply
August 13th, 2009 at 4:59 pm
I’d just like to mention that the Marine Corps did not place a ‘total’ ban on social media sites. The message that the Marine Corps released blocks the usage of twitter, facebook, myspace, etc, for a number of reasons, none of which is to be construed as a total ‘ban’ for all Marines at all times. The restrictions are in place to conserve DoD resources (bandwidth, etc) and to provide a more productive and secure work environment. When the mainstream media caught wind of the ‘ban,’ many thought that the intent was to block Marines (even off duty, in their own homes) from using social media. That is just not the case. In fact, the Marine Corps (and military in general) has blocked their networks from myspace, facebook, gmail, ebay, yahoo mail, and many other sites for years now, it just wasn’t accentuated by the media.
Reply
sradick Reply:
August 13th, 2009 at 6:02 pm
Jay – you’re absolutely right, and I should have updated my post with a link to this article from NextGov (http://whatsbrewin.nextgov.com/2009/08/marines_and_social_nets_we_goo.php).
Reply
August 21st, 2009 at 2:43 am
Twitter Comment
RT @sradick Social Media and IT Security: Adversaries or Partners? | Social Media Strategery [link to post] (can’t we all get along)
– Posted using Chat Catcher
Reply
August 21st, 2009 at 3:31 am
Twitter Comment
New post from @sradick “Social Media and IT Security: Adversaries or Partners?” I say definitely partners! [link to post]
– Posted using Chat Catcher
Reply
August 24th, 2009 at 11:19 am
Twitter Comment
@jomami RT @chrisdpotts “Future of Gov2 & social media depends on … putting aside your differences & working together.” [link to post]
– Posted using Chat Catcher
Reply
August 31st, 2009 at 2:59 am
Twitter Comment
Social Media and IT Security: Adversaries or Partners? – [link to post]
– Posted using Chat Catcher
Reply
September 3rd, 2009 at 1:43 am
Twitter Comment
RT @sradick Social Media and IT Security: Adversaries or Partners? | Social Media Strategery [link to post]
– Posted using Chat Catcher
Reply
September 14th, 2009 at 2:31 pm
IT doesn’t support social media because they have no incentive to do so. There are ways to incent them…by connecting their work to overall employee productivity.
http://sociallymediated.wordpress.com/2009/05/04/why-it-needs-to-think-like-hr/
Reply