This week is the NATO Information Assurance Symposium. I spoke at this event last year, and I am still struck by how relevant some of the discussions I had there to all enterprises. Like many organizations, military organizations have an executive mandate to use social networks, but also have information security officers that understand that these applications are some of the top threat vectors in the world today. I recall discussing the importance of safe enablement of social applications, and the Supreme Allied Commander Europe (SACEUR) stating the importance of Facebook. In fact, the US Department of Defense has a Directive (DTM 09-026) that outlines the importance to the DoD, both for official and acceptable personal use. It also specifically states that while access is allowed and appropriate, DoD networks should be defended against the threats using these applications for transit. Many other NATO members are moving to similar policies.
Basically, some of the most traditionally conservative organizations in the world have stated the importance of social applications to their “business,” and that safe enablement, not blocking, is the appropriate policy and enforcement stance. I think that recognition of the value, and the desire to allow use, yet mitigate risk, is the model for security going forward. Our businesses operate in an analog world, despite reliance on more and more digital systems. Our security policies should be more sophisticated than binary on/off switches. Especially when it comes to high-risk, high-reward applications like social networks.