- MEMBERS RECEIVE ACCESS TO:
- CIO Leadership Group
  CIO Leadership Task Force provides a unique forum for Chief Information Officers from the largest cities and counties in the U.S. to privately interact, both through an online collaboration site and in regular face-to-face meetings. It offers these leaders an on-going opportunity to share information and experiences, and to discussing IT challenges facing larger community jurisdictions.
- Digital Infrastructure
  Task Force
  The Digital Infrastructure Task Force is a collaborative networking group for government IT professionals. Through timely exchange of information and experiences, both online and through regular face to face meetings, municipal and regional government members help each other to make smarter technology decisions for their communities.
- Law Enforcement
  IT Task Force
  The Law Enforcement Task Force is a collaborative networking group for local law enforcement officials from across the nation. In online and regular face to face meetings, both sworn and civilian law enforcement officials come here to discuss technology trends, collaboration and information sharing opportunities within the local law enforcement community.
- Private Events
  and Webinars
- Exclusive White Papers
- JOIN:
- Public Sector
- Private Sector
Digital Communities Home
Introduction
Feature Articles
Local Government Events
Contact
Digital Communities Blogs
Digital Citizen Pulse
Broadband Nation
Web 2.0 Convergence
In the Trenches
International Beat
Notes from a City CIO
Intelligent Communities
MuniGov 2.0
Surveys and Awards
Digital Cities Survey
Digital Counties Survey
DGAA Awards
Best of the Web Awards
Reference and
Resource Library
White Papers
Exclusives
Webinars
Best Practices
Digital Communities
Special Focus
Current Issue
Past Issues
Subscribe

Digital Communities
Industry Members

Click sponsor logos for whitepapers, case studies, and best practices.

Information Security Professionals Struggle with Rise of Facebook and Other Web 2.0 Tools

August 23, 2009 By Andy Opsahl

The predictable tension between information security officers and early adopters in state and local IT is brewing again. This time it pits proponents of social networking sites against security officials who see fast-growing tools, like Facebook and Twitter, as conduits for malware and data breaches.

Supporters say public agencies must learn how to use social networks effectively to reach younger citizens and support an incoming government work force that considers e-mail obsolete. But security officials - accustomed to being an afterthought in the rush to deploy the latest must-have applications - worry that cool new Web 2.0 tools will expose government networks and sensitive information to dangerous cyber-threats.

'; var html5Player = 'false' ; var androidPlayer = 'false'; var br = getBrowserType(); if(br == 'Android' ) {thePlayer = androidPlayer;} else if(br =='iPhone' || br == 'iPad') {thePlayer = html5Player;} else {thePlayer = flashPlayer; } document.write(thePlayer);

Video: California CISO Mark Weatherford discusses social networks and other security challenges.

Social networks are merely the latest technical evolution to give security officials heartburn, said John Pescatore, a vice president of Gartner.

"It wasn't that long ago when government agencies weren't allowing wireless [local area networks] LANs in either. Now they support wireless LANs. It wasn't that long before that when they were doing war dialing to find Internet connections and turn them off too," Pescatore said.

The security community's knee-jerk reaction against many new technologies is understandable, he said. Early adopters tend to deploy first and worry about security and privacy later - creating serious challenges for those charged with protecting government information and computing assets. Still, Pescatore contends that security officials would be more effective if they said "yes" from the beginning, but with a caveat.

"Security people need to say, 'If we're going to do this, here's what we need to put into place to manage the risk,' instead of building a case for saying no," he said.

That's the approach being taken in several states, including California, where state Chief Information Security Officer (CISO) Mark Weatherford is developing an employee policy for using social networking sites.

"I am going to do everything I can do to help this thing be successful and not be the roadblock that stops progress," he said. "We've had concerns every time some new technology pops up over the years. We addressed them, we worked through them and came out better in the long run."

Photo: Mark Weatherford, Chief Information Security Officer, California

Social Networking Sieves

The gravest concern regarding usage of social networking sites by government employees appears to be that it increases opportunities for data leakage. One common complaint is that security offices already have difficulty policing e-mail without adding social networking sites that aren't even part of the government's network. Observers see added potential for both malicious and accidental data breaches.

For example, Pescatore offered the hypothetical scenario of a state park ranger using Facebook for updating the availability of open campsites. Such a project could be useful to citizens who want to avoid a long drive only to find the park full.

Imagine that to save time the ranger simply posted the spreadsheet showing which campsites were taken and which remained open. What if he didn't notice that a second tab of the spreadsheet had the credit card numbers campers used to hold their spots? That's just one of countless potential scenarios.

Lawsuits could result from one innocent mistake. At the same time, Pescatore points out that solutions do exist. Products designed to catch various types of information before they leave a network are on the market. Governments could program data-loss prevention programs to filter for credit card numbers, Social Security numbers and any other data they needed to protect.

California's strategy for using social networking

PREV 1 | 2 | 3 NEXT

| More

Comments

Add Your Comment

Name *

Comment *

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies

Are You Sure You Are Maximizing the Value of Your Microsoft SharePoint Investment?: The Microsoft SharePoint platform provides a wealth of opportunities for any organization to streamline business processes and expand knowledge sharing; however most government organizations struggle to take advantage of these opportunities.
Hurricane Preparedness: Make sure you are prepared for hurricane season before it is here. Join in this Digital Communities teleconference and gain insight on how to prepare from experts who have been on the ground during major hurricanes.
Kofax Analytics for Capture: Does your agency struggle to add Business Intelligence to your capture operations?

Latest From Digital Communities Features

Follow @dcommunities

Government Best Practices

Digital Cities & Digital Counties Survey: Best Practice Guide

Real Time for McAfee ePolicy Orchestrator

Public Safety Guide: From Call to Car to Crisis

Public Safety Mobile Apps for 4G Networks

10 Requirements for a Successful Oracle R12 Upgrade

Kofax Analytics for Capture

Business Intelligence Roadmap

Featured White Papers & Reports

Government-to-Government IT Services: What Works and What's Left to Work Out

This Digital Communities white paper highlights discussions with IT officials in four counties that have adopted shared services models. Our aim was to learn about the obstacles these governments have faced when it comes to shared services and what it takes to overcome those roadblocks. We also spoke with several members of the IT industry who have thought long and hard about these issues. The paper offers some best practices for shared government-to-government services, but also points out challenges that government and industry still must overcome before this model gains widespread adoption.

View Full Library

Events

GTC East

Don't miss this opportunity to see the latest in digital government solutions, keep abreast of current policy issues and network with key government executives, technologists and industry specialists.

View All Events

Digital CommunitiesIndustry Members