Re: Allowing access to social networking... securely?

[krymson () gmail com]

It's absolutely ok to disagree! :) That's why security has few slam dunk answers, because so much of it has good points 
on either side.

I agree, there are few *really* sound business uses of many of these sites, but there are plenty of groups that will 
talk about it at least enough to want to try it out.

Also, let's face it, email is broken (to IT) and boring (to marketing and business). I think there is a lot of interest 
in trying some of the new mediums.
 
My example of hosting videos wasn't framed at all properly, and that's my fault. I meant hosting videos for clients 
that are not internal, which means a front end much akin to YouTube. That's a pretty big investment when the technology 
is already there and maintained by someone else. But otherwise internally, you're absolutely right!

Likewise, I apologize about disagreeing, but I do so respectfully. :)



<- snip ->
Michael S

Sure you make good points. But none of them are business needs to justify going to SN sites. I understand about the 
treatment of employees, and what not. But that's not a business need to go to FB, so someone can 'blow off steam'. I 
guess my example of 'i hate my boss' wasn't so great, but that was my point. It's just random personal blather. I 
understand the ability for communications and what not that FB and other SN site offer, but do companies need to have 
that for internal users when all that already exists in their infrastructure???

Krymson

Why would we have a group on FB to let employees know about an event, or send out a tweet, when we have 100's of 
distribution lists in exchange? Why would we send internal users out to the web to view a video on someone else's site, 
when we have a server farm and a san? Now if you're talking about a small company that may farm those services out 
because they don't have the infrastructure, then sure maybe.

Our HR dept has mandated that FB, Myspace, and similar sites be blocked. We do have exceptions to this, for certain 
personnel (IE marketing dept) who have an actual business need to communicate with outside users through unique 
channels.

Myself, I love FB and use the heck out of it. But in all the time i've been on there, I cannot think of one single 
reason why I "need" it at work. I don't think it's a matter of letting adults make their own decisions. What if that 
decision lets in the next big worm? Even if it was accident, was it worth it so that your users could diddle around a 
little bit during the day?

Our jobs in security require us to evaluate risk vs benefit. To me SN loses. Sorry to disagree.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------