Security Around Social Initiatives
Read Write Web has a great digest of the entire last round of social applications, from open social to Facebook, android, Bebo and box.net.
Understanding these applications from a security viewpoint is important because not only are people coding around these application frameworks, but no programmer is perfect, errors and coding bugs are going to happen, and users on the corporate network are going to use them.
Not only are they going to use them, they will use them long before corporate security comes in and officially blesses or condemns the applications.
Platforms here, platforms there - everyone's launching a platform it seems. Today's newest platforms, a content storage platform from Box.net and a content publishing platform from social network Bebo, are just the latest. Facebook, OpenSocial, Android - who can tell them all apart? What is a platform? It's a technical welcome mat that allows developers from outside of a company tie their software to the software offering the platform. How's that for an explanation? Feel free to share your one-line explanation, too. Source RRW Following the think evil act good viewpoint here is a quick image from RRW to put the whole thing into context.
Where security needs to be worried about is cross-site portability and identity. If someone can do a cross-site scripting involving any one of the open platforms, then the entire content or identity tree for that user can be compromised.
A coding error, buffer over/under run or other problem can also provide an entry point into the corporate network if they are tied not just to the browser, but also to a hybrid application like can be made with Adobe Air or SilverLight.
Looking at how the applications and platforms interact to secure data, identity, corporate data, and privacy information is important in working through the risk management process that any company has to go though when evaluating the newer applications and systems.
There is a lot of very good information at RRW to start working on how the company is going to use the new platforms to bring customers closer.
View All Articles by Dan Morrill
Our Daily Email of Breaking eBusiness News
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
WebProNews RSS Feed
More Expert Articles Articles