News Stay informed about the latest enterprise technology news and product updates.

IT exec gets muzzled on use of social media, security

For my story today on how CIOs are balancing the use of social media at their companies and security concerns (with great difficulty, BTW), I discovered something that all of you probably know. The business is touuuchy about talking about its use of social media, especially when coupled with the word security.

As I mention in the article, a number of CIOs I contacted for the story declined to be interviewed. A couple said their organizations were not into social media, or they were too new to the whole phenomenon to speak knowledgably about useful security tools. Fair enough. More startling was what happened to an IT executive I contacted whose HR and marketing departments are using social media. He used gateway security software from Websense as one line of defense and could talk about why he liked it.

Not so fast.

In the space of a few hours, my five innocuous questions got vetted up and down the executive ranks, from the head of communications to the head of marketing and over to the CIO. The communications department sounded the alarm, arguing that really “very few of our employees have access to social media sites.” That fiction fact, “coupled with the fact that our own practices and policies are still in the early stages of development,” made the interview request problematic, according to the marketing executive. “I think these would be very difficult questions to navigate.

“And I certainly would avoid Q.5 ….” he said. Moreover he was “not really sure how much information on this topic we want to share externally at this point in time.” Even an industry trade story could get read by “consumer reporters and bloggers,” and thus out to “other media.” An hour later, yet another higher-up sent out the official kibosh: “We do not wish to participate in this interview.”

To be fair, this organization was not the only business to nix the request. (Motorola was not interested, either.) And I understand that CIOs and CISOs may have to avoid publicity when it comes to security measures. But social media? For business purposes? Who knew.

Here, by the way, is the notorious Q5. (OK, it is a little out there.)

5. Even with education programs, there will always be employees who, through maliciousness or laziness, pose a security threat to the business. Whose job is it to police these people? And are CIOs/CISOs and other technically trained people equipped (or should be expected) to deal with the human dimension in security?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Why are executives so nervous about social networks? Do they think this is something new? Social networking has being in existence before the cloud computing was available. People have always interacted and exchange company and employees information. At business meetings, lunch time, extracurricular activities, and wherever they had a chance to gossip or socialize. Of course that information did not move as fast as today, but it was as powerful. With so much technology available in the IT world, the unstable job market (people don't want to loose their jobs), and more people getting educated in netiquette; I think they should be at ease. I believe the focus should be in education, establishing clear policies, and implementing security safeguards through software. Not condemning something that is natural in humans and impossible to stop. Sincerely, Angel Melendez
If policing is required, then the process will not be effective. The Human dimension will always pose a challenge, the prescription would vary by company. I believe that there is a need to look beyond holistically. You may want to look at
Hi Mike, here are the five questions: 1. Can you give me a couple examples of how employees are using social media for business purposes at your company? 2. Does your company have a formal IT security policy with regard to use of social media? 3. Has that policy changed in the past year? If so, why? 4. What security tools are particularly useful for mitigating the risks related to using social media in business? 5. Even with education programs, there will always be employees who through maliciousness or laziness pose a security threat to the business. Whose job is it to police these people?
Executives re only just getting used to computers - let alone social media. "How could it possibly make good sense to allow its use let alone encourage it" they would say. All they see is the dark side - wasting time on personal trivia, malware, privacy problems and data leakage. we need them to understand the positive values - collaborative tool, customer marketing, recruitment and research tools. It will take another year or two, my guess aided by the need to recruit young people native to social media and who will feel alienated without it.