Policy MattersBy Samuel Greengard | Posted 2010-10-12 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Web 2.0 ratchets up capabilities and opportunities, but the open and interactive nature of the technology also creates risks. Security is the foundation of any successful Web 2.0 initiative.
Security is more than the sum of tools and technologies. As PricewaterhouseCoopers’ Loveland puts it, “At a certain point, it becomes a policy issue. It’s important to develop focused rules—while educating and training employees about the dangers of security breaches. This is particularly true for social media, where privacy settings and a momentary lapse in judgment can have dire consequences.” He also recommends establishing an audit committee and using it to better frame questions and issues.
Accenture’s Phelps says that it’s imperative for organizations to have a well-defined social media policy to complement security systems and software. What’s more, the policy must reflect the needs of different departments and stakeholders within the organization. These rules and guidelines should appear in written form, and employees should have easy access to them. No less important: They must be updated regularly in order to reflect today’s fast-changing business environment.
Of course, developing workable policies is easier said than done—particularly when competing interests are involved. “It’s important to create realistic and practical policies,” Phelps explains. He cites this example: “A rule that stipulates that employees cannot post anything about work is unrealistic and counterproductive. You want them to post in a positive way and say the right things. You have to keep the big picture in mind.”
Make no mistake, organizations that put the right mix of tools and policies in place are able to connect people with information in ways that business and IT executives couldn’t have imagined only a few years ago. But in order to take advantage of the full potential of Web 2.0, it’s essential to address security in a proactive way.
“You have to put controls in place, but they have to be the right controls,” PricewaterhouseCoopers’ Loveland concludes. “We’ve entered a new and challenging era, and there must be recognition that there’s no simple or single way to address these challenges.”