Back to news & views

Data protection: social networks show the right direction

This is perhaps a provocative assertion given the mixed record on the protection of personal data in social networks.  On one hand companies that operate these social media vehicles have regularly been laissez-faire with the privacy of their users.  Frequently changing the terms and conditions of use, bringing new features that “open” sharing information for commercial purposes are just two recent examples. “It’s not the way forward.” – so says Gerome Billois head of the Information Security practice in DMW’s strategic partner Solucom

But on the other hand, social networks have implemented innovative mechanisms for information protection and sharing. These we argue, are precursors of the future. While these innovations are perhaps not obvious at first, they are practical and they are available today.

First, take the example of sharing information between applications. In today’s business world, each application exchanges with others often without putting in place mechanisms for authentication and authorization.  In contrast, platforms, such as Twitter, allow for managing access rights to applications in a simple and effective way. The user, with a Twitter account, can control the level at which third party applications can access their data. Read messages; Add users; Write messages. All of these can be managed in a clear and transparent way with a dashboard that summarizes the rights granted. In addition, access may be limited in time.

Second, simplifying and enhancing user authentication. More and more web applications can authenticate using the Twitter and Facebook user account details. For many, this is a simple way to limit the number of accounts and passwords they use.  Some, even set up a free strong authentication (e.g. Google) or re-authentication mechanisms, for the most sensitive operations. These applications will generate alerts when suspicious behaviour is detected. For example, use from another country or use at unlikely times of day. These advanced mechanisms are implemented in consumer applications protecting simple holiday snaps. They or similar mechanisms should be used to protect business applications and data today.

Another example is the management of user access rights. In Google Docs a native feature is that the user can decide to grant access in a simple (read, modify) to other users they know. Coupled with the ability to track and monitor changes over time, these features are light years ahead of the common corporate practices of file sharing by email, or even worse on memory sticks. Google+ and its management “circles” of contact also provide a simple and understandable means through which users can manage access.

Yes these mechanisms are in the “connected” ecosystem of a provider (Google, Twitter, LinkedIn …). The big web players have substantial resources and experienced staff to manage these ecosystems. But companies could learn from these innovations, even in some cases rely on them!  For example, there is no need to create user accounts on an external recruitment web-site. LinkedIn or Facebook accounts could be used to simplify access to potential hires.  This can also be true in B2C campaigns.

It will be interesting to follow social network innovation, in protecting data and how these can be replicated or even used in the information systems of enterprises.