Gartner Blog Network


Facebook Insecurity as a Microcosm of All The World’s Security Problems

by John Pescatore  |  October 25, 2010  |  Submit a Comment

I mentioned last week that the hot security topics at Gartner Symposium were (1) securely  supporting devices like the iPhone, iPad or Droid phones and (2) securely using public cloud. I don’t think I got a single question about how to securely allow use of Facebook, or securely using social network sites for business gain. Yet, the movie “Social Network” about Facebook’s beginnings has been one of the top ten grossing movies for the last month.

This is the hype cycle at work – devices and cloud are at the peak of overhype, while social networking  slid past that peak. While social networks are getting less hype, there is no shortage of security failings coming to light:

  • Facebook and MySpace apps continue to send user data flying out the door. No surprise, really – advertising supported IT exists to supply advertisers with detailed user information to advertisers but…
  • Facebook’s response: we will encrypt the user’s data we leak out to advertisers.  Well, if my TV set was sending details of my viewing habits out to TV networks, encrypting that path does not address my security issues. But not to worry, Facebook is on the case with…
  • Facebook is suing scammers who take advantage of lax Facebook security to trick Facebook users into giving away their information to non-Facebook advertisers or  generate traffic at sites where Facebook gets no revenue advantage.

Basically, what you see is Facebook taking several steps to protect its customers – advertisers. If they were trying to protect Facebook users, they would have taken very different steps. Because what you don’t see is any real attention to actually addressing the real vulnerabilities.

So, the key takeaway: make sure that you are the actual customer when you trust your data or your customers’ data to a social network or cloud service provider, or any other 3rd party for that matter. A cloud provider can claim they are better at running a data center than you are, but if they are focusing on protecting their advertising revenue, not your data, that claim is meaningless.

Additional Resources

Category: 

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.