- Category: January 2011
Twitter is a popular micro-blogging tool that enables users to communicate to an audience of “followers” using a combination of characters, images and URLs (tiny URLS) – all of which must fit into a 140 character limit.
Like email or IM from years ago, and more recently Social Networking, end-users are rapidly making Twitter an integral part of the corporate application infrastructure. The benefit of using Twitter is that it enables users to interact bi-directionally with a wide audience. Marketing can “tweet” about the latest press release or success story; engineers can solicit answers to a perplexing question; and corporate bloggers can tweet about the latest blog post.
There are, however, several challenges that the rapid adoption of Twitter has introduced. Many Malaysian organizations for instance are unaware of who is using Twitter and for what purpose - and as is the case with social networking applications, policies governing specific usage are non-existent. Many users tend to be too trusting and blindly download images or access shortened, and effectively obfuscated, URLs which can introduce malware into their network. IT is therefore tasked with keeping the network secure while enabling the use of Twitter.
Blindly blocking tweets is an inappropriate response because it may be detrimental to organizational productivity and may force users to find alternative means of using Twitter (proxies, circumvention tools, etc). Blindly allowing tweets is also an inappropriate response, as it may result in propagation of threats, as well as potential data leakage.
Enterprises should therefore follow a systematic process to develop, enable and enforce policies that allow the use of Twitter in a secure manner.
1. Find out who’s using Twitter
There are many cases where there may already be a “corporate” Twitter account established by marketing or sales, so it is critical that IT determines if these accounts exist, who is using them and what are the associated business objectives – if for no other reason than to be prepared from a public exposure perspective. By meeting with the business groups and discussing the common company goals, IT can use this step to move past the image of “always saying no” toward the role of being a key business enabler.
2. Develop a corporate Twitter policy
Once visibility into Twitter usage patterns is determined, enterprises should engage in discussions around what should and should not be said or posted about the company, the competition as well as the appropriate form and style of language. In some cases, determining who can and cannot post may be an appropriate first step to take. Educating users on the security risks associated with Twitter is another important facet to encourage usage for business purposes. With a “click first, think later” mentality, Twitter users tend to place too much trust in what is being posted, inadvertently introducing malware while placing both personal and corporate data at risk.
3. Use Technology to Monitor and Enforce Policy
The outcome of each of these discussions should be documented with an explanation of how IT will apply security policies to enable the secure use of Twitter within enterprise environments. Documenting and enforcing a policy around Twitter can help enterprises improve communications, productivity, and their bottom line while boosting employee morale.
By Eric Chong, Regional Marketing Director of Palo Alto Networks, Asia Pacific