The number of organisations blocking access to all social media is dropping by around 10 percent a year. “Even in those organisations that block all access to social media, blocks tend not to be complete,” said Andrew Walls, research vice president at Gartner.
“Certain departments and processes, such as marketing, require access to external social media, and employees can circumvent blocks by using personal devices such as smartphones.
Organisations need now to turn their attention to the impacts of social media on identity and access management (IAM).” Gartner said that social media environments include mechanisms to collect, process, share and store a more complete range of identity data than do corporate IAM systems. They enable a more complete view of identity, one that extends beyond the bounds of organisations. For IAM managers, this is both a threat and an opportunity.
Identity data and social media platforms can expose organisations and users to a wide variety of security threats, but organisations can also use this identity data to improve support for their own IAM practices and the ambitions of business stakeholders. Gartner identified three significant impacts of social media on IAM: Personal trust misaligned with corporate trust: Employees who participate in online social media continually make judgments about the degree of trust they should place in the platforms and in other participants, and they adjust content, structure and vocabulary to match their risk assessments. These assessments and the fundamental inputs to their assessment process may not align with corporate expectations for risk management.
As a result, employees may say and do things on social media platforms that violate corporate policy or are otherwise counter to corporate expectations. Public content supports identity intelligence: The collection of identity data by public social media on a massive scale enables improvements in the production of identity intelligence. This pushes IAM programs to discover the user profiles accessed by staff and to maintain capabilities for accessing external services in order to harvest identity data.
Identity data can be leveraged for IAM: Social media provide a mechanism for verifying the identity of employees, job candidates and customers, and a cloud identity platform for performing IAM for other applications. IAM programs can use social media for identity verification and to extend identity services to internal and external applications via a semi-trusted social platform.
“Organisations should not ignore social media and social identity,” said Mr. Walls. “We recommend that organisations ascertain how they currently use internal and external social media in both official and unofficial ways, and look for dissonance between IAM practices and the identity needs, opportunities and risks of social media.”
To read the full story, go tohttp://www.australiansecuritymagazine.com.au/subscribe/ and purchase a subscription today!