Beware: Twitter's security problems are yours too
Recent hacks of Twitter data and the misuse of the microblogging service for phishing and other malicious activities highlight the danger of adopting new technologies before they are business-ready.
The Twitter microblogging service gets a lot of publicity, but recently that publicity has been increasingly bad as the company has become the victim of a series of hacks.
The most recent incident, which came to light last week, initiated an industry squabble over whether cloud computing is inherently unsecure or whether Twitter executives are just guilty of using bad security practices. It seems that a poorly protected password allowed a hacker to gain access to company records in Google Apps, a suite of online office services Twitter uses.
But the hacks, along with misuse of Twitter accounts that could compromise users, also highlight the danger of adopting new technologies as business tools before they are ready to be folded into the enterprise.
It is not surprising that Twitter and its management are not particularly focused on security because the service was started with no meaningful purpose. The site proclaims that it is intended for “the exchange of quick, frequent answers to one simple question: What are you doing?” Anyone who wants to frequently update the world on what he or she is doing in 140 characters or less probably has no life to speak of, and the people who want to read those updates probably are just as lacking. A tweet essentially is a postcard without the pretty picture, thus there is no reason for it to be any more secure than a postcard.
The novelty quickly became popular, however, and is becoming more widely used as a way to broadcast alerts and notices. A new, tech-savvy administration and Congress is adopting it, and according to the Web site GovTwit.com, there are more than 2,000 Twitter users either in government or commenting on government, with more than 17 million followers. From the Air Force to the White House, 375 agencies or offices use the service, along with 91 U.S. senators, congressmen and Hill staffers.
Those who seek ill-gotten gains have noticed the site's popularity. Not only has Twitter itself become a target, the site has become a vector for phishing attacks and links to Web sites containing malware. People who are used to thinking of Twitter as a nerdy toy use it in the workplace and expose the enterprise to risk.
This grassroots adoption is not a new story. It happened with texting, instant messaging, even with e-mail and the Internet itself. Today, these are accepted workplace tools, but years later the workplace still is suffering because of the vulnerabilities that these tools have introduced. They were developed without much thought for security, and even with the technologies and policies that have been bolted on later, networks tend to remain dangerously porous. These tools are common channels for both bad stuff coming into the enterprise and data leaving it.
The lesson we are being forced to learn once again is that technology often is thrust upon us and that administrators need to be aware of the implications of new tools such as Twitter. Banning their use probably is not necessary and might even be impossible, but policies to ensure responsible use and adequate security need to be in place as soon as new technology shows up in the workplace. Just because Twitter lets itself be hacked is no reason that users in your office should not be required to use strong passwords and common sense.
NEXT STORY: VA puts a hold on 45 IT projects