ARCHIVE
ID Number: G00167500



This research is provided for historical perspective;
portions of this document may not reflect current conditions.





Recognize the Security Risks of Twitter, Other 'Consumer' Tools
15 April 2009
 
John Pescatore  

Malware attacks against the Twitter social networking service highlight the risks of using consumer-grade technologies for business. These services are not going away, so enterprises need to take security measures.











Contact Gartner






Download Document:

PDF
recognize_the_s...pdf (85.1KB)

Help with Downloads



News Analysis

Event

On 12 April 2009, the social networking service Twitter reported that a series of malware attacks had compromised some user accounts. The malware is reportedly similar to the Samy worm, which struck another networking service in 2007. Twitter reported that approximately 190 user accounts were compromised before the attack was contained.

Return to Top

Analysis

Twitter's recent security issues follow the same arc that many other consumer-grade services have experienced. An innovative idea is quickly turned into a cool Web site that attracts lots of consumer use. Security is, however, not typically part of the cool site's business model. Hype about the potential businesses use of the new technology quickly leads to malware attacks. After a successful attack, security measures that were not built in are "sprinkled on."

This pattern will not change anytime soon. There will always be real reliability and security differences between consumer- and business-grade technologies. But there will also be real business benefits to using consumer-grade technologies before they are "business-strength." Enterprises must consider the cost of integrating or adding security controls to contain the risks of using these technologies before they reach security maturity. Trying to ignore or block them simply will not work (see "Optimal Security Approaches for the Secure Use of Consumer IT" ).

Return to Top

Recommendations

All enterprises:

  • Ensure that everyone who accesses enterprise systems is aware of the risks of using consumer-grade technologies such as Twitter.
  • Update Web security gateways and network intrusion prevention systems to block transmission of the malware used in the Twitter attacks.
  • Require malware blocking and data loss prevention capabilities in any business plans using Twitter or other consumer-grade technologies.
Return to Top

Recommended Reading

  • "Optimal Security Approaches for the Secure Use of Consumer IT” — Mapping the business gain against potential risks will enable enterprises to determine the most effective constraints and security controls for consumer-grade technologies.  By John Pescatore and Mark Nicolett
  • "A Buyer's Guide to Secure Web Gateways” — No single secure Web Gateway vendor leads in all functional areas, so buyers need to prioritize their requirements to address the needs of their specific business, technical and regulatory environments. By Peter Firstbrook and Lawrence Orans

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)

Return to Top



© 2009 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 939012