Social Media and security

Social media incidents cost a typical company $4 million over the past 12 months, according to the results of a Symantec survey published today.

There have been a number of legal actions about social media in recent years, including a Financial Industry Regulation Authority (FINRA) regulatory notice, the Romano vs Steelcase Inc and Bass vs Ms. Porter’s School cases (where both plaintiffs were granted discovery of the defendant’s Facebook Profile), and the sexual harassment case EEOC vs Simple Storage Management LLC (where a US District Court held that social networking sites — or SNS for short — were discoverable).  This means that what your employees do on their personal time on SNSs can open your company to embarassment and litigation.  The survey, then, sought to find out how big this problem is in the enterprise. They hired Applied Research to interview IT professionals from 1200+ enterprises with 1000+ employees.

45% of respondents use SNSs for personal use, and 42% use them for company use.  IT folks are worried about employees sharing too much information (46%), the loss or exposure of confidential information (41%), damage to the brand (40%), exposure to litigation (37%), malware (37%), and violating regulatory rules (36%). 

The respondents to the survey listed 9 social media “incidents” in the past 12 months, with 94% of those incidents having consequences, including damage to the brand (28%), loss of data (27%), or lost revenue (25%).  The average cost of a social media incident was listed as $4.3M!

Most of the companies are discussing creating a social media policy, training their employees, putting processes to capture confidential information, and putting technology in place to stop these things from happening as well.  However, what was suprising was that — while almost 90% of respondents felt they  needed to have these things in place, only 24% had a social media policy, 22% were training their employees on social media, and about 20% were using technology to control this process.

Folks, it’s happening and it isn’t going away.  The very least you can do is to create a social media policy and train your employees why it is important.  Those employees who are allowed to blog about company matters need to be continually reminded that their actions are discoverable.  Even if their personal site may not be demonstrated to be official company policy, it surely states the opinion of one of its employees — and those employees make up the company.  And if it can be shown that one of its employees was continually doing something damaging on a publicly accessible social site and the company did nothing to stop it, that can be actionable.

Just remember: It’s really easy to be a jerk on the Internet where you’re not facing the person you’re talking to.  You might want to dial it down a notch or two.  Just a thought.

Update 25 Jul 2011: I was given a briefing about this survey and didn’t read the press release until today. During the briefing, Symantec seemed to be playing down the role that technology had to play in helping to solve this problem.  However, in the press release, it seems as if they’re saying that Enterprise Vault is going to handle this by archiving social media content.  First, I have no idea why anyone who is not required to archive any content — be it email or twitter — would do such a thing.  If you’re not required to keep something and keeping it adds no value to your business — don’t keep it!  Second, even if you did archive it, I’m trying to understand how that would help you in a discovery situation.  If someone wants to see your Facebook logs, they’re going to subpoena Facebook.  That’s what happened in the cases listed in this article.  So if you did archive it, now you’re required to produce it.  So why would you do this if you weren’t being forced?  And how would doing this help you in a trial?

Continue reading

Is Holographic Storage the future of archive & backup?

And now for something completely different.  GE researchers have announced that they have successfully demonstrated a micro-holographic material that can support 500 GB in a DVD-style disc.  That's 20 times greater than most Blu-Ray discs (there is a Blu-Ray 100 in the works), and 100 times greater than DVDs.  So does this have backup and archive potential?  Let's look into that.

The first question is how fast this thing will be.  The article said that it supports "data recording at the same speed as Blu-ray discs."  The fastest a Blu-Ray disc can currently write is 12x, which translates into 54 MB/s.  That's slow in comparison to modern tape drives, but still not too shabby.  It's way faster than any of the Magneto-Optical formats. Although it's not stated anywhere, I'm assuming this is a random-access format, so it's access time during restores or retrievals would be very nice when compared to tape.  Due to the load/unload process, it's still not going to be as fast as a hard drive unless we're talking about leaving the disc in the drive all the time.  In a robotic setup, you'd have to add robotic time and load/unload time.  But this would all be similar to, if not better than, the speeds we have with tape.

The next question is cost, and there's nothing on that yet.  Traditionally, other optical formats have lost this race in a big way.  Only time will tell whether or not this format will change that pattern.

Finally, there's the question of long-term stability of the media itself.  I previously posted about the differences of tape vs disk in this area, and how tape is actually more stable for longer periods of time than disk is.  However, this is holographic storage and I honestly have no idea what the long term viability of data stored on such a medium would be.   I'm leaning towards the idea that it would actually be very stable, but I know that other optical formats are not as stable as one might think they would be, so…  Only time and more research will answer that question, too.

Assuming that they address the cost concerns and my hunches are right about its long term stability, I'm really leaning towards this as a long-term archival medium — as opposed to a backup and recovery medium.  While 54 MB/s may sound like a lot, it's just not enough for today's large data centers.  Throughput doesn't matter much in archival situations, but random access does, making this really well suited to archive.

For those of you ready to dump tape or disk for anything that gives you the portability and cost of tape with the random-access nature of disk, it looks like you're going to have to wait a bit.

Continue reading