- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
Web 2.0-inspired communities and social-networking tools are migrating into the enterprise and bringing with them risks that many organizations are unprepared to address. The challenge is to balance the business value of the new tools with the reality of risk management and compliance.
The market for enterprise collaboration tools will increase as organizations continue to seek the associated benefits of improved communication, content management and context-driven information sharing. However, without the proper framework to enforce procedures, the resulting shared workspaces can quickly become unmanageable, increasing the risk of sensitive content being disseminated outside of its intended audience.
From a compliance perspective, much of the technology focus has been on ensuring that users can get access to data and resources, with less thought about whether or not users should have that access. Organizations must establish risk-based governance and controls to ensure sensitive corporate or consumer data is not getting into the wrong hands, thus ensuring long-term security and compliance with security policy and industry regulations.
The responsibility is even greater as business managers assume more accountability for compliance with business policy and regulations such as Basel II, the Health Insurance Portability and Accountability Act, Payment Card Industry standards and the Sarbanes-Oxley Act. They need to be able to answer questions associated with what data is being shared, who has access, who needs access, and who is ultimately responsible for managing the information.
For example, popular collaboration tools such as Microsoft SharePoint bring new levels of exposure that have yet to be addressed by regulations or best practice company policies. Given the viral nature of SharePoint environments, organizations can be faced with responsibility for thousands of employee portals — all operating without any formal checks and balances, and virtually no oversight in terms of compliance or security exposure.
With sensitive documents being posted and shared, companies need controls that ensure only employees with proper access can view certain information. Improved levels of access control will allow better management over who is collaborating with potentially sensitive data, and whether or not they should be.
Comment