LinkedIn « SecureThinking

Posts tagged LinkedIn

Tuesday, July 27, 2010

The Perfect Night Out

By Jill Knesek, Chief Security Officer, BT Global Services

Before I became a CSO, I thought the perfect night out was dinner and a movie. Now, while I still like to see a good movie, the opportunity to get together with my peers and talk about issues at work — the ones that keep me up at night — beats any Hollywood blockbuster.

This Wednesday evening, July 28^th, I will be hosting a dinner for Chicago-area CSOs to talk about these very issues. I know that I’m looking forward to finding out how others are dealing with risk management issues, success you are having with getting a seat at the boardroom table, how cloud computing is changing how you allocate security resources, and sharing my experiences and successes in protecting data and managing risk at a global level.

To register for the event, please contact Kurt Luporini, BT’s security specialist in the Chicago area. If you’re not able to join me for dinner on Wednesday, why not connect with me on LinkedIn either directly or through the Security Leaders Group.

Thursday, January 21, 2010

Is Free really Free in the online world?

By Sushila Nair, Product Manager, Managed Security Solutions Group, BT Global Services, CISSP, CISM, CISA, PCI QSA

One of the challenges for Internet companies is to make a profit by providing content and services to a community that largely expects those services or content to be free. There was a time when organizations charged for providing email. Remember MSN and AOL? Fast forward a few years to an unlimited number of free email services. Not only is the expectation that the service be free but users moved to other e-mail providers when storage limits or functionality was restrictive. Free and unlimited is just what our community expects.

Last year, Rupert Murdoch announced News Corp. will start charging for online access to its news services. It will be interesting to watch how this fares for consumers who are used to receiving free services. News Corp. is also suggesting it will charge search engines for the ability to crawl through its sites. Services that are not free need to distinguish themselves as being remarkable to ensure a community that is used to no charge will be willing to pick up a tab.

Similarly, there has also been a shift by almost all of the free online services to start charging for premium services to reduce dependence on online ad revenue. For example:

LinkedIn has introduced a paid tool that can be used by recruitment companies
Skype is now started charging for voice mail
Panadora has introduced a paid online radio service with no advertisements

There is no doubt during the next two years, we will see many more companies actively moving towards a paid model with earnings supported by advertising revenue. However, even as companies look for ways to earn direct revenue for some aspect of service, the question becomes, “What should we expect for the free services that are used to reel consumers in?”

The loss of our SecureThinking blog this past month, which was being hosted for free, brought forward these questions of what our right to availability really is. What does our loyalty and presence entitle us to? What are fair expectations for free services? It appears that free entitles us to a service without support.

Organizations that provide services like blogging, social networking and online applications are all mostly free. Consumers expect these services to be reliable, secure and constantly available. But is this expectation too high? Are we losing high value services because we do not want to pay for Internet services and content?

Certainly our desire for free services and content is negatively impacting notable TV, entertainment and newspaper companies. When we have no more credentialed journalists because we did not want to pay for their time, I wonder if the value of the content we will be accessing will decline. Is our lack of desire to pay actually killing the golden egg? After all, there is an intrinsic cost in supplying a product.

If you are providing a product and building a business model around charging for additional services, I believe the service you are supplying must be indicative of the quality of the product you paid for. The product must provide its users with confidentiality, integrity and availability. How will we know that the paid product has these qualities? Organizations that provide a multi-level service model, service levels for paid services and no service level for free are at risk of alienating the community they initially attracted by providing the service in the first place.

In our situation, our response has been to move the SecureThinking blog to a new platform that we host and pay a small fee to use. There was a misalignment between our expectations and the supplier’s product, but that is often the case when a product is free.

I’d be interested to hear your feedback on whether you think free services should be held to the expectation of secure and reliable. What do you think?

http://www.btsecurethinking.com/2009/11/integrating-web-2-0-tools-securely-into-the-business-environment/

Monday, November 16, 2009

Integrating Web 2.0 Tools Securely into the Business Environment

Pete Russo, Senior Marketing Manager, BT Global Services

How would you solve this problem? As a network security expert, you understand that your company’s employees need to access Web 2.0 tools to build new business relationships, collaborate with partners and reach prospective customers. But how do you ensure not only their online safety but the company’s overall network security?

Ray Stanton, Global Head of BT’s Business Continuity, Security, and Governance Practice, discusses BT’s approach in a recent Computerworld article (Computerworld, “BT’s Web 2.0 security strategy,” October 19, 2009).

BT was an early adopter of Web 2.0 tools and has a strong social media presence including:

SecureThinking Community Blog and Twitter
Bigger Thinking on Facebook
BT Conferencing on Twitter
BT CloudApps on Twitter
Partnership with the XPrize Foundation on YouTube

Mr. Stanton identified data leakage as his number one concern when employees are allowed to access social media tools at work. Data Leakage not only exposes the company to security risks, such as the inadvertent sharing of proprietary information, but it also can lead to an employee becoming a victim of personal crime. In addition, companies should be mindful of these other top Web 2.0 threats:

Cross Site Request Forgery
Cross Site Scripting
Information Integrity Violations

BT uses a combination of policy and technology to ensure that employees and the company are secure online. By setting acceptable use policies and conducting regular awareness training, users are knowledgeable about their responsibilities and the vulnerabilities their actions could introduce into the network. Acceptable use policies are reinforced by software, hardware and managed solutions which, in addition to providing physical barriers to access, enable flexible access policies. For example, BT works with BlueCoat, using their Proxy SG Appliance to categorize URLs of web pages. Web sites can be identified by their purpose – e.g., “business productivity sites,” such as LinkedIn – or segmented by who needs to access a type of site – such as permitting the marketing department to have access to YouTube, but not the rest of the company.

While no single solution will provide absolute protection for the employee, the company or the network, taking a multi-pronged approach sets up checks and balances throughout the business environment. Let us know what you think of this strategy in the comments or by sending us a tweet @SecureThinking.