I'd like to know: What security measures does your company have in place to protect its supply chain information, and could those measures be adapted to social networks and search engines?
Security for Facebook and security in an enterprise setting are two completely different things. I'm not really too sure if you could adapt any practices from one thing to the other, either way.
Facebook makes money via advertising and sharing user information. Facebook is not designed to be secure, it's designed to be easily accessible by a mainstream audience. It is not even remotely designed with the enterprise in mind and should not be used as such.
Anyhow, to answer the question on security... obviously we have many of the standard procedures in place, VPN, etc., and since none of our security initiatives on the desktop-side are particularly unusual, I'll instead talk more about mobile security.
As popular as the iPhone is, due to the security concerns we have (particularly with the iPad user information leak), it has never been seriously considered as an official, supported platform. RIM does a much better job providing solutions for mobile security. Thanks to BlackBerry Enterprise Server, encryption, remote device wiping/lock-down, specification of what apps can be run on the device, etc. is all taken care of. As a result, I don't spend a lot of my time worrying about mobile security.
I think RIM is a little bit ahead of the curve in the enterprise and security space and eventually their competitors will follow suit.
DennisQ makes some good points. I would see that mobile security measures are going to be a must for businesses to implement in the near future, especially those used to access and interact with the supply chain.The mobile security market is expected to reach approximately $1 billion in 2011 and surpass $4 billion in 2011.Every year mobile users are accessing more sensitive data than the previous, which is a huge concern for corporations to manage.To enhance security and to attempt to protect privacy, future mobile devices will most likely come pre-loaded with some sort of security bundle, such as anti-virus, mobile VPN, One-Time Password (OTP), two-factor authentication, etc.Corporations will need to purchase additional security appliances and remote device management software and services.
These measures will certainly help, but there will always be a way to hack.Currently, it is very easy to infiltrate a wireless network or snoop mobile data traffic, but fortunately so far, little to no damage has occurred from breaches in mobile security.This is surely going to change and companies, wireless carriers and users must be more prepared to handle the threats.
There is security as in firewalls ,passwords , VPN, anti-virus etc. This is security we all know about.... then there is the 'dark-side', which relates to 'meta-data' security.
OK lets look at this from two perspectives(supply chain implications here folks!!):
1.you walk into a bar go over to a complete stranger, then you precede to give them all the details about the clothes you are wearing, your credit rating, where you browse on the internet, your interests, sexual or otherwise and the details of your passport.
would you do this? ... possibly not.
2. you go into a bar, a stranger sitting with a laptop , scans any RFID tags in your clothes, they scan the RFID tag in your passport, as you open you mobile phone/computer/ipad , they 'grab' the wireless traffic as you work, noting down , the sites you browse, your interests, you blog etc.
Would you allow this?.... no, so why do you let google/face-book perform a variation of it?
In reality number two happends all the time.
for any smart alic who 'think' they are safe (you use wire less security, WPA/WPA2, RSA cos u heard it is cool......!!)
I just configure my computer to look like a wireless router...... you communicate 'securely' with 'MY' computer and i forward your unencoded requests onto the 'real' router', yep you are still using WPA/WPA2 for your link to my computer..... or maybe its a public hotspot you are using.
Both google and face book , know exactly what they are doing, this is not about technology 'catching up'. This is about 'theft' of personal data pure and simple. Unfortunately the people in power are easy to have the wool pulled over their 'eyes'.
Google should be seriously shafted for this, and the board held financially accountable.
The 'excuse' that an engineer put the code in by mistake, just does not wash, why?
Did the engineer also authorize the cars to be fitted with the special antennas and equipment needed for the code to perform its work, did the engineer authorize the budget for this equipment then ensure it was included in all the blueprints for the cars?
Meta-data security has massive implications for both the 'supply chain ' industries and personal freedom.
consider that it is already possible to track a person round a shopping arcade by the RFID tags in the cloths they have bought/wear.
I will give you a final example from google, that would make people think 'hay thats really kind.. wow i like google'
Google provide a 'dns service':
So that 'you' can find what you want without being blocked (wow google that is really really kind)
now the sinister side.......
Every single site on the internet has an identifying ip-address, to resolve that address you use a DNS server, which takes the URL name E.G" google.com" and converts it to an ip-address
Normally you use your ISP DNS server, so all your web brousing is anonamised with the thousands of other people using the same DNS system.
Once you use googles DNS server, you become an individual that is identifible, every single site you look at on the web, requires communication with the google DNS server.. they 'can' identify 'you' by the google cookies they leave on your machine, which then resolves to your google email and face-book information/ history files google maintains about the cookies.
so now they have:
1. the deatails of every site you browse
2. the deatails of youre google accounts
3. your sexual/other interests
4. possibly your full name/address and friend list.
5. any details of sites you may have purchased from on the internet (if you used google to find the initial contact)
6. possibly your bank account details, if you use google advertising.. to make money from adverts on your site.
7. all paypal details about your account....... since they bought the company.
8. your geo-location from both face-book and your router/dns searches.(which they trace and also 'accidentally' acquired)
This is one reason why i use a pseudonym, when posting....purely to make it harder for companies like google to gain access to my personal information.( but a person with the right background would know exactly who/where i was, this type of person work at google/face book)
Hardcore--wow--this is a tutorial! Thanks for all the info. I realize now that Google, Facebook etc. are not meant as platforms for anything except information sharing--voluntarily or otherwise. I also hadn't seen RFID in the same light but it makes sense. You are correct--we are users should first and foremost be aware of this and go in with our eyes open. Of course there will always be hackers, but in as much as I can control the information I share, I should do so. And respect the paramaters my company gives me as well.
I think we are jumping the gun here. Forums like this tend to see into the future before the future arrives.
Like DennisQ said, social networking wasn't designed for business networking. Security will take the social out of the networking.
I think social networking lik adverts are just for organizations to reach out to their customers on a personal basis, all business transactions must still be done within the usual secure lines they have always been done in.
Product updates, news, customer relations issues, and the likes are what can be passed around via facebook, twitter and the likes.
However, as for iphones and the mobile business, Dave says it all. We are thinking it already, but when the mobile service providers are ready to create it, they will turn mobile phone to mobile business kiosks, with all the security that is needed. All mobile phones will definitely not come pre-loaded with advanced encryption and data authentication features, but maybe there will be special business edition iphones that will meet all the business needs of the future, allowing the supply chain to really go mobile.
The rules of the game and engagement have changed and changed considerably thanks to smartphones ,Social networks and all those ultra-portable devices.
We need to make a quick and firm decision on what Data is important and what is'nt.Anything that is,needs to be encrypted thoroughly regardless of performance concerns/complaints(major issue with encryption).
As far as Social networks go,the key remains user education into their personal privacy concerns and how comfortable they are and with how much data freely available about themselves online.This is a Personal decision and its my opinion that Companies(including those that Hire these people) should stay out of it as long as they don't say anything against their parent company.
Again another good Idea, try to grade the data and decide what is private , but again this would give Google/ FB / supply chain trackers, a framework to work around.
Unfortunately we have entangled ourself so much with technology that I don't think there is a 'clear' answer or grading system we could put in place. However even this dark cloud has spun off several 'industries' and businesses.
the anti trackable passport /RFID case. (read the links to see why this is a potential problem for supply chain)
There is a joke amongst hackers about people wearing Tin foil hats to protect their privacy against 'aliens'
I suspect that the joke is on the rest of us.... and that these tin foil hat wearing people are actually the sane ones.
The issue with encryption, is that to utilize it, either public or private keys need to be provided, whilst you may not be able to 'crack' the key ,unfortunately you can 'acquire' it in other ways (case and point the DVD fiasco)
EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats.
Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject.
Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital.
You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically.
Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions?
Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.