Jun 05 2008
When I wrote my “Is Twitter a risk?” post earlier this week, I made some assumptions that obscured my point. Luckily I have people like Joel Esler to tell me that EVERYTHING is a risk to some degree or another. There’s the old joke about the only secure computer is the one you’ve unplugged, buried in the backyard and covered with concrete. Of course, there’s still the risk that someone with a sledge hammer and shovel will come along and dig up the system.
I guess the question I was really asking is this: Is Twitter a risk we’re addressing and should we be? How many security professionals even know what Twitter is, what it’s capable of and what it’s limitations are? And even if we know about it, do we have the tools we’d need to block it if we wanted to? There’s so much going on in the daily life of a security professional that securing the basic network is often a problem, let alone keeping up with the new vulnerabilities and technologies.
Evaluating a technology like Twitter and categorizing the risks it poses are something we have to do. I’m sure many of us do it on a daily basis without consciously thinking about it, but that’s not good enough in my opinion. We need to put some effort into reviewing technologies, understanding them and the risks and rewards of the technology. Quite frankly, in many cases we’re going to say the risks are low, the rewards are whatever they are and that there’s nothing we can do about it in any case. But it’s better to make those judgment calls before senior management calls you on the carpet because there was a breach.
Edit: Lori figured out the cost of twitter to an organization. Not the same as the security risks, but it’s always good to have numbers to attach to the idea.