Social networks, virtual worlds and real-time mapping services offer enormous potential for improved collaboration, customer interaction and information processing – but network providers need to ensure they provide appropriate levels of security.
Gartner research director Andrew Walls says organisations, staff and vendors must develop tools and practices that prevent the inappropriate exposure and exploitation of personal and corporate data.
"Improved security in virtual environments should be a joint responsibility between individuals, companies and service providers," he says. "There are some steps
that users themselves must take, some things their employers can do, and some that the providers of virtual environments could do to reduce the risks.
"Social software services currently provide very few user-controlled security features and do not provide users with complete control of the life cycle of uploaded data, for example, the ability to delete old information, and the establishment of user-defined access groups and multi-layered profiles with varying levels of information presentation."
According to Gartner, the security risks currently posed by virtual environments range from traditional problems like spam and malware to business issues like privacy and intellectual property management, as users upload and create information that is stored and traded remotely.
"The ownership of content placed in a virtual environment is often in doubt," says Walls. "The end-user license agreements offered by social software are between the user and the vendor, not the company and the vendor, so the company may have no legal standing to negotiate to protect their intellectual property."
Emerging threats from virtual environments include new social network analysis tools that allow easy integration of data from a variety of sources and potential flaws in user interfaces and media formats such as QuickTime, AVI and MP4.
"These threats are exacerbated by the speed at which new features are developed and implemented by the providers of virtual environments, without a long-term testing process to identity security flaws."
Gartner recommends that organisations:
* Start by monitoring and using virtual environments to gain familiarity;
* Define a policy for virtual environments;
* Ask corporate legal counsel to review licence agreements of sites used by staff;
* Ensure that security infrastructure controls are in place;
* Implement an education programme for staff to help them protect themselves; and
* Monitor use and assess compliance.
According to Gartner, virtual worlds, social networks and mapping environments will merge into highly integrated online environments over the next 10 years.
"Organisations cannot block social networks and virtual worlds, because they will become the base infrastructure for business and personal interaction in the future," says Walls. "Now is the time to build security tools and infrastructure that enable the organisation to benefit from them."