How to meld the Web 2.0 world into your corporate world without taking excessive risk.
Here's the background. A hacker apparently was able to access
the Google account of a Twitter employee.
Twitter uses Google Docs as a method to create and share information.
The hacker apparently got at the docs and sent them to TechCrunch,
decided to publish much of the information
. The entire event sent the Web world into a frenzy. How smart was
Twitter to rely on Google applications? How can Google build up
business-to-business trust when one hack opens the gates on corporate
secrets? Can you define journalism as TechCrunch simply deciding to
publish stolen documents? Whatever happened to journalists using
documents as a starting point for a story rather than the end point
story in itself?
There are also some lessons for business execs and
information technology professionals in the Twitter/TechCrunch episode.
Here are 10 lessons.
1. Don't confuse the cloud with secure, locked-down environments.
Cloud computing is all the rage. It makes it easy to
scale up applications, design around flexible demand and make content
widely accessible. But the same attributes that make the cloud easy
to access for everyone makes it, well, easy to access for everyone.
2. Cloud computing requires more, not less,
stringent security procedures.
In your own network would you defend
your most vital corporate information with only a username and user-created password? I don't think so.
3. Putting security procedures in place after a
hack is dumb.
Security should be a tiered approach. Non-vital
information requires less security than, say, your company's five-year
plan, financials or salaries. If you don't think about this stuff in
advance you will pay for it when it appears on the evening news.
4. Don't rely on the good will of others to
build your security.
Take the initiative. I like the ease and access of
Google applications, but I would never include those capabilities in a
corporate security framework without a lengthy discussion about rights,
procedures and responsibilities. I'd also think about having a white
hat hacker take a look at what I was planning.
5. The older IT generation has something to
teach the youngsters.
The world of business 2.0 is cool, exciting and
full of holes. Those gray hairs in the server room grew up with
procedures that might seem antiquated, but were designed to protect a
company's most important assets.
6. Consider compliance.
to be considered whether you are going to keep your information on a
local server you keep in a safe or a cloud computing platform.
Finger-pointing will not satisfy corporate stakeholders or government
7. Who do you trust?
The emerging computing
model of melding private and public clouds makes the most sense. Again,
you need to have tight control over vital information. If you are going
with a cloud vendor, how much control can you exert over the vendor's
IT infrastructure? Can you tweak it to your specs or do you have to
take what is offered?
8. Don't confuse consumer with corporate
Google applications are great for sharing the little
league roster and schedule or a list of your favorite BBQ joints. Those
applications are not so good for sharing your corporate financial
projections. Use the right tool for the job.
9. Learn from the mistakes of others.
company is not Twitter, but that doesn't mean you are not a target of
the hacking community. Your most important corporate information may
be being shared right now on Web-based services. Do you know, have you
asked the execs in your company if they are using Google and other
shared cloud applications? I'll bet you'd be surprised by the amount of
information going around the cloud.
10. Use strong passwords and change them
Maybe you can't stop corporate information from leaking to
the cloud, but at least give your co-workers some good advice in using
strong passwords that are difficult to hack. Google has some tools to
help in this and has sensible limits on the number of access attempts
you can make before you are shut out. Use the capabilities that are
present in the cloud community even if they are not up to your