Comment: Perfect Partners – Secure, Social, and the Cloud

Does social networking + the cloud = insecurity? Not necessarily says Stuart Barr
Does social networking + the cloud = insecurity? Not necessarily says Stuart Barr

Over the last five or so years, enterprise social software and cloud computing have both transitioned from the fringes of corporate IT policy to become serious business priorities.

The benefits of cloud computing, and software-as-a-service in particular, are generally well accepted and represent an effective way for organizations to reduce the costs associated with running their own data centers and developing applications in-house.

In addition, the adoption of enterprise social tools is increasingly seen as an effective way of improving workforce productivity, communication and knowledge sharing – both internally and externally. This is often characterized simplistically as “Facebook for the enterprise” and usually involves some combination of file sharing, blogs, wikis, microblogs, task management, people profiles and activity streams.

Software-as-a-service providers, including Salesforce and Google, have paved the way for organizations to embrace the cloud as an alternative to developing and hosting traditional enterprise software on-premise.

In theory, then, enterprise social software hosted in the cloud should be the perfect combination of two of the hottest technology trends and give organizations immediate access to the latest wave of innovative software with no development resources or necessary capital outlay.

But is the Cloud Secure?

In reality, the problem for many organizations comes when it’s time to actually move their software and data to the cloud. There is often resistance at senior levels and a concern around the security of data hosted outside of their network.

Much of the concern around security is born out of misconceptions about the cloud and software-as-a-service in general. The assumption is often made that cloud providers are less secure than hosting in-house in your own data center. There are, of course, various types of cloud services, and not all of them are targeted at the enterprise.

Consumer-grade services, such as Dropbox or iCloud, are probably not the best places to store your sensitive corporate data. But at the other end of the spectrum there are specialist providers that build enterprise-grade services specifically for those industries where security and control are paramount, such as the legal, banking, life sciences and government sectors.

These specialist providers often have their own private clouds and do not rely on public cloud providers like Amazon or Microsoft for hosting. They are advanced technology companies, and their businesses depend on running secure and dependable services for high-value clients. Their clients will audit them and require proof that their services are secure via software penetration tests and adherence to information security standards, such as SAS 70 Type II or ISO 27001.

A law firm, bank or corporation does not focus on providing a state-of-the-art technology platform. Conversely, a cloud provider is only able to stay in business if it has the trust of its clients, and it can only do that by maintaining a robust, reliable and secure service. So it stands to reason that to win clients and then keep them, a specialist cloud provider must have superior security measures in place than the vast majority of organizations.

Does Social Mean Insecure?

The second thread of resistance to the implementation of cloud-based social software is the very concept of “social” itself. There is a common belief that “social” cannot be secure because it is based on the concepts of openness and sharing. It is also often perceived as a time-wasting activity with no business benefit.

This couldn’t be further from the truth. The best enterprise-grade social tools have robust and advanced controls that enable you to securely share information and collaborate with other specified users inside and outside of the organization. You choose exactly who to share your information with and it can be as open or as closed as you like, depending on what you are sharing and who you are collaborating with. Users can be given various privilege levels, from full administrator rights to a read-only view on an individual item.

What “social” really means is emphasizing people and connections rather than just data. Being able to see who authored or shared a piece of content can be as valuable as the content itself. Enterprise social software is about enhancing communication, collaboration, and knowledge sharing. It enables users to make the connections and have a peripheral vision of the work going on around them.

Can I Have My Cake, and Eat It Too?

Yes you can. Cloud-based social software is no less secure than a document management system, email or talking to someone by the water cooler. But it can be a lot more effective at capturing, storing and then quickly redistributing information to the parts of the business where it is needed the most. Not all information in an organization can be shared openly, but in an enterprise-grade social system you have the opportunity to do so when it’s appropriate, and keep it locked down and secure when it isn’t.

Social software and the cloud are like anything else – you need to look at all of the options and choose wisely. Do your due diligence, ask the difficult questions, speak to existing clients of the provider, and ask them why they chose that solution. If you’re not comfortable with hosting your data in one of the big, public cloud platforms, look for a smaller, more specialist provider. You will probably get more personalized service and solutions tailored to your industry or use case.

But remember, while there is nothing inherently insecure or risky about software-as-a-service or social tools when compared to traditional solutions, they can still be poorly implemented, abused and suffer from a lack of governance. If you choose the right cloud solution and implement it well, however, it can lead to significant cost reductions, gains in efficiency, much more flexibility, and access to cutting-edge technology that would otherwise take years to implement.

Secure, social, cloud – perfect partners.


HighQ is exhibiting at Infosecurity Europe 2012, the No. 1 industry event in Europe held on 24–26 April 2012 at Earl’s Court, London. The event provides an unrivalled free education program, exhibitors showcasing new and emerging technologies, and offers practical and professional expertise. Visit the Infosecurity Europe website for further information.


Stuart Barr, director, leads product strategy at HighQ and has over 12 years of experience in web and e-business development, strategy and management. Barr joined HighQ from leading social computing consultancy Headshift, where he was head of operations. Previously, Barr was online services manager at leading international law firm Freshfields Bruckhaus Deringer, where he was responsible for the firm’s various online activities. Prior to that, he held a similar position at Hays plc.

Barr has a business degree from Cardiff University and a keen interest in the web and technology in general, in particular how it can be used inside the enterprise to enhance communication and collaboration.

What’s hot on Infosecurity Magazine?