Social media in the 21^st century is ubiquitous. However, its soaring and expanding use is causing a headache for IT security professionals who have to contend with a whole new range of problems caused by people’s use of social media sites. Greg Masters writes in SC Magazine, a top resource for security professionals, regarding one radio station’s approach to this particular can of worms.
EMF Broadcasting, a California-based network that owns K-LOVE and Air1 radio networks, has a combined total of more than 700 radio and broadcasting stations throughout the United States. Supplementing its traditional broadcasting with social media posting has allowed the organization’s stations increased visibility and has been key to its growth.
The major problem facing the stations is if, for example, “a radio personality had their social media account compromised, this could create a public relations crisis for EMF,” says Juan Walker, principal security strategist for EMF Broadcasting. This would quickly undo all the good work done to build up the organization’s reputation.
The challenge then, for EMF Broadcasting, was primarily protection of its brand. Inappropriate content resulting from a hacked user account could have disastrous consequences in an industry that relies heavily on its reputation. When Walker and his 40-strong team were introduced to SkyFence, they soon realized that the cloud-protection capabilities fit perfectly into their social media protection strategy. “The cost per user really made the solution attractive,” Walker continued.
Frank Cabri, vice president of Marketing for SkyFence explains: “SkyFence is a proxy-based solution that provides cloud app discovery/risk scoring, analytics and protection. It does not require any endpoint software.”
The implementation of SkyFence went smoothly for EMF Broadcasting, and now, says Walker, “Our policies have changed to focus on extending the same security measures we use in the datacenter to cloud apps. SkyFence helps us ensure that the same security best practices used in our on-premise data center are being applied to our cloud environment.”
Before the implementation it was recognized that cloud app usage had created a security blind spot for the company. However, now the company can automatically identify both managed and unmanaged mobile devices and enforce specific access policies dependent on whether or not the device is managed by IT.
Cabri goes on to explain further that the cloud is no longer a technology in the future, just over the horizon. “The move from on-premise to software-as-a-service (SaaS) applications – such as Office365, Salesforce.com, Google Apps, Dropbox, NetSuite and others – can result in significant cost savings and increased flexibility.” However, this comes at the price of introducing new business and security risks, creating blind spots that cannot be addressed by traditional means.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”