From the PlayStation Network outage where 77 million accounts were stolen to the recent attack forcing Apple to suspend over-the-phone password resets, indubitably organizations must demand the highest level of security in a product. You need to be confident in the solutions you choose and that all of your intellectual property is secured and protected from unwanted visitors.
This of course, applies to social software as well. An AIIM survey on social business showed that 22% of respondents say security leaks are still a concern impeding the implementation of social software.
Security is important whether the social solution is behind your firewall or in the cloud. Both deployment models offer a unique set of challenges. Security areas that need to be addressed include authentication, authorization, data at rest, data in transit, and mobile interactions. Let’s look at each in turn.
- Authentication – With everything becoming digital, a person’s digital identity is becoming more rich and diverse across a number of applications. The common problem in an enterprise is that any given person has multiple identities and passwords to manage. What is the solution to the above problem? It’s simple, use a single identity management tool. Various models of authentication include LDAP (Active Directory), SSO (Kerberos, NTML) and SSO via SAML v2.
- Authorization –Employees don’t need to follow everything; they need to follow what’s relevant to their work. For certain conversations, such as a discussing the strategy for the upcoming investor call, you need the ability to manage privacy levels and access to that information. It’s important to have access controls that can be applied to conversations and subjects to limit the visibility of sensitive data to only those users who need access.
- Data in transit – All messages, files and data transferred, regardless of where it is accessed, must be encrypted and protected from unwanted viewers. It should only be terminated when at the destination.
- Data at rest – All messages, files and data at rest, no matter where it’s stored, should be encrypted. The option to encrypt data at rest is sometimes equally as important as the data in transit.
- Mobile – Mobile interactions must be secured using SSL and there must be the option to limit data stored on the mobile device in the event the mobile device is lost or stolen.
