I mentioned last week that the hot security topics at Gartner Symposium were (1) securely supporting devices like the iPhone, iPad or Droid phones and (2) securely using public cloud. I don’t think I got a single question about how to securely allow use of Facebook, or securely using social network sites for business gain. Yet, the movie “Social Network” about Facebook’s beginnings has been one of the top ten grossing movies for the last month.
This is the hype cycle at work – devices and cloud are at the peak of overhype, while social networking slid past that peak. While social networks are getting less hype, there is no shortage of security failings coming to light:
- Facebook and MySpace apps continue to send user data flying out the door. No surprise, really – advertising supported IT exists to supply advertisers with detailed user information to advertisers but…
- Facebook’s response: we will encrypt the user’s data we leak out to advertisers. Well, if my TV set was sending details of my viewing habits out to TV networks, encrypting that path does not address my security issues. But not to worry, Facebook is on the case with…
- Facebook is suing scammers who take advantage of lax Facebook security to trick Facebook users into giving away their information to non-Facebook advertisers or generate traffic at sites where Facebook gets no revenue advantage.
Basically, what you see is Facebook taking several steps to protect its customers – advertisers. If they were trying to protect Facebook users, they would have taken very different steps. Because what you don’t see is any real attention to actually addressing the real vulnerabilities.
So, the key takeaway: make sure that you are the actual customer when you trust your data or your customers’ data to a social network or cloud service provider, or any other 3rd party for that matter. A cloud provider can claim they are better at running a data center than you are, but if they are focusing on protecting their advertising revenue, not your data, that claim is meaningless.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.