Currently, less than 10% have a security monitoring plan in place for social media use, although many monitor social media for brand management and marketing purposes, the survey found.
The impact of IT consumerization, cloud services, and social media renders the traditional approach to IT security, which focuses on monitoring internal infrastructure, inadequate for guiding decisions regarding the security of enterprise information and work processes, Gartner analyst Andrew Walls observed in a new report, Conduct Digital Surveillance Ethically and Legally: 2012 Update.
“Security monitoring and surveillance must follow enterprise information assets and work processes into whichever technical environments are used by employees to execute work”, Walls said.
“Given that employees with legitimate access to enterprise information assets are involved in most security violations, security monitoring must focus on employee actions and behavior wherever the employees pursue business-related interactions on digital systems. In other words, the development of effective security intelligence and control depends on the ability to capture and analyze user actions that take place inside and outside of the enterprise IT environment”, he observed.
The popularity of social media services, such as Facebook, YouTube, and LinkedIn, provides new targets for security monitoring, but surveillance of user activity in these services generates ethical and legal risks, Walls cautioned.
There are times when the information available can assist in risk mitigation for an organization, such as employees posting videos of inappropriate activities within corporate facilities. However, there are other times when accessing the information can generate serious liabilities, such as a manager reviewing an employee's Facebook profile to determine the employee's religion or sexual orientation in violation of equal employment opportunity and privacy regulations, he added.
“The conflicts involved were highlighted through recent examples of a small number of organizations requesting Facebook login information from job candidates”, said Walls. “Although that particular practice will gradually fade, employers will continue to pursue greater visibility of social media conversations held by employees, customers and the general public when the topics are of interest to the corporation”, he noted.