Gartner suggest social media monitoring will increase to counter security risks

David Bicknell

about 1 year ago 0 Comments

The Gartner research group is usually ahead of the curve when it comes to predicting what IT managers should be concentrating their attention on.

In an era of austerity, that is likely to still be cost-cutting, efficiencies and getting value for money. Bring your own device (BYOD) and enterprise mobility won't be far behind.

Security will always be on the agenda too. Indeed, one of Gartner's latest thoughts is on the threat to business security from social media.

Gartner argues that monitoring employee behaviour in digital environments is on the rise, with 60 percent of corporations expected to implement formal programmes for monitoring social media for security breaches and incidents by 2015.

It argues that although many organisations already engage in social media monitoring as part of their brand management and marketing focus, less than 10 percent of organisations currently use the same measures as part of their security monitoring programme.

Gartner says that to prevent, detect and remediate security incidents, IT security organisations have traditionally focused their attention on the monitoring of internal infrastructure. However, the impact of IT consumerisation (BYOD), cloud services and social media renders such a traditional approach inadequate for guiding decisions regarding the security of enterprise information and work processes. 

Andrew Walls, Gartner's research vice president says: “Security monitoring and surveillance must follow enterprise information assets and work processes into whichever technical environments are used by employees to execute work. Given that employees with legitimate access to enterprise information assets are involved in most security violations, security monitoring must focus on employee actions and behaviour wherever the employees pursue business-related interactions on digital systems. In other words, the development of effective security intelligence and control depends on the ability to capture and analyse user actions that take place inside and outside of the enterprise IT environment."

Gartner says that the popularity of consumer cloud services, such as Facebook, YouTube and LinkedIn, provides new targets for security monitoring, but admits that surveillance of user activity in such services generates additional ethical and legal risks. Although there are times when the information available can assist in mitigating risk for an organisation, such as employees posting videos of inappropriate activities within corporate facilities, equally there are other times when accessing the information can create serious liabilities, such as a manager reviewing an employee's Facebook profile to determine the employee's religion or sexual orientation, which would usually be in violation of equal employment opportunity and privacy regulations. 

Gartner concludes that security organisations are beginning to see value in the capture and analysis of social media content, not just for internal security surveillance, but also to enable detection of shifting threats that may impinge on the organisation. This might be physical threats to facilities and personnel revealed through postings concerning civil unrest or it may be threats of logical attacks by so-called hacktivists. Early detection of shifting risks, it says, enables the organisation to vary its security posture to match and minimise negative impacts. 

Comments