Putting the “Anti” into Social Media
WAN Security is one of those topics that is often overtaken with latency and optimisation discussions, but as I sit here in Paneton Café, VPN’d across a 3G network, I can see how easy it is to underestimate the risks that we expose our business to when we deliver core business applications to remote users, our branch offices and our partners.Security is built into the process I use to access corporate assets. The VPN secures the network traffic across a public network, my identity is confirmed with two factor authentication, my data is encrypted, both on disk and in transit, I have access to multiple VPN termination points should one fail and I carry multiple 3G network SIMs in case I get a poor signal, or service loss.WANs used to be simple extensions of our network border, where the termination points were controlled and deemed secure. Although we still tend to think this way, the world has moved on and demands being placed on the WAN infrastructure are changing rapidly.A WAN is as unique as the business that deploys it, therefore we need to align the business requirements for the WAN and in turn, the security controls required to reduce potential risks and maintain an effective and quality business network.Today, our WANs terminate on anything from a trusted business partner to the marketing manager’s iPad. Often, we don’t have direct control over the endpoint; in this case, we set up compensating controls, usually in the form of a policy or legal contracts, but it also pays to squeeze as much control into the network itself and scrub the traffic before it gets to our business assets or impacts the endpoints. In a sense, we are moving towards Secure Borderless Networks.By identifying our key threats and examining them against both the impact and likelihood of occurrence, we can start to create strategic and tactical plans to mitigate and/or manage them.Social Media, cloud services, consumerisation of ITMany businesses still see Facebook as personal and LinkedIn as a business tool, but the reality is with an average of 10,000 new websites integrating with Facebook every day and, closer to home, businesses like ASB launching first Facebook-based customer interactions, the lines are seriously blurred.How do you allow people to interact with these sites and share information without exposing your business? How do you ensure the downloads your employees are making are legitimate, not breaching copyright, or bringing hidden viruses into your network? How about the impact on employee productivity if social media is not handled correctly (too much and employees waste time and bandwidth; too little and they complain incessantly)?The fact is, the impact of Social Media on both our WAN and LAN infrastructures is phenomenal:
- Facebook has more than 500 million active users who collectively spend around 700 billion minutes per month engaged with applications on their site. In the next hour, the site will receive five million status updates; some of these will be from your employees.
- YouTube exceeds two billion hits a day. In the next hour, 1440 hours worth of video will be uploaded. The average person will spend 15 minutes everyday on YouTube. Here at Cisco, we predict that by 2013, 90% of the traffic volume on the internet will be video.
- Trade Me, whilst not technically a social media site, has a significant impact for New Zealand employers, with an average 715,301 people visiting the site every day, spending an average of 17 minutes each – that means 23 man years are spent on Trade Me every day. The busiest day of the week is Monday.
- What services are we delivering?
- How do we measure these applications and services?
- What are the risks (threat, impact and likelihood) to our WAN services / endpoints?
- What controls can we implement to mitigate risks?
- Is the cost to mitigate the risk in proportion to the impact?