Can Social Networks Foster Security?
It's a departure from the stance that most people are taking these days when it comes to issues of social networking and security, but some industry players are pitching the idea that the ever-more-popular communications applications could someday replace more traditional messaging platforms based on their ability to be more centrally protected from attacks.
Adam O'Donnell, senior research scientist at messaging security specialist Cloudmark, points to his company's recently announced agreement to protect users of the massive MySpace networking site from spam, malware and other threats as proof that such hosted messaging systems could prove useful in addressing the landslide of unwanted content and attacks that have overrun traditional e-mail, IM and publishing systems.
Cloudmark, which has been filtering all user-generated content on the 130 million-member strong MySpace network for attacks for over a year, claims that it can stop threats from emerging both by examining the materials for malicious behavior as they are posted, and via the use of real-time feedback aggregated from the application's users.
O'Donnell admits that it may not be tomorrow that enterprises start chucking their e-mail servers for MySpace accounts, but many different variations of today's social networking platforms will emerge over time, and one of their primary advantages over today's messaging architectures will be their ability to be managed centrally by a single, integrated security provider, the expert contends.
"The best proof of what we've been able to do was the fact that not long after we started working with MySpace, spam went from being a big concern to an afterthought, people just stopped talking about it, and there had been a lot of complaints before that," O'Donnell said. "I think that we'll see something closer to these social networks replacing what we think of today as messaging, in part because with this model for security you can have an integrated technology that pushes the feature set faster and does a better job of keeping up with attackers."
O'Donnell points out that many sales and marketing teams are already using systems like Facebook and LinkedIn for tasks that were traditionally carried out in e-mail client applications, in part because there's less spam and unwanted noise aimed at users of the sites compared to established e-mail platforms. Combined with the success of hosted business applications such as Salesforce.com, it will simply make more sense for enterprise messaging tools to be parceled together with other online communications systems, especially from the standpoint of security, he said.
The success of SaaS tools like Salesforce also illustrate that businesses are willing to offload their applications management and sensitive company information to third party service providers, claims the security researcher, though he recognizes that it will take time for some companies to part with their existing systems, in some cases related to concerns over security. However, for every organization that sees hosted messaging infrastructure and security management as a potential point of risk, there will be others who see the advantages of letting specialists handle many of their problems.
Cloudmark has yet to ink additional social networks to filtering deals, but it is pursuing the business opportunity aggressively along with continuing to offer filtering capabilities to individual organizations. The company has at the very least established talks with all the other major networks, however, and interest in its services is growing, O'Donnell said.
"I think the entire security industry needs to look at where a lot of these applications are going driven by consumer technologies including social networking, it's not going to be about protecting the desktop or the in-box anymore, and those vendors who remain focused merely on protecting traditional assets won't have the reach necessary to keep up with their customers," he said.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.