Social Enterprise Can't Skimp on Security
I came to security from an applications and database development background. I can understand some of my colleagues in those areas feeling like security pros are too obsessed with security and not enough with functionality. I get it, we're working a balancing act. At the same time, some of my colleagues can say things that leaving me wondering, what in the world would make someone say a thing like that. I hit one of those comments today in Read/Write Web:
Clearly there are benefits in taking social technologies to the enterprise, but there are also big challenges. The first one is security. Companies are obsessed with it, for better or worse. It might not make sense, it might be silly, but companies always want to know: What about security?
At first I thought this was a tongue-in-cheek comment but the rest of the article doesn't indicate any attempt at sarcasm or humor. I've found the posts on this blog lite on technical details and insights so I'm left thinking this guy is serious, he really thinks concerns about security "might not make sense, it might be silly."
If I haven't misunderstood, and this post doesn't take security seriously, then I wonder how wide spread this kind of disdain for basic, prudent security practices is. Just this morning I mentioned how quickly one of the first OpenSocial apps was hacked, including comments in the code of the hacked application that are worth repeating here:
// TODO: no error checking - we’re bold…// TODO: figure out why this is necessary???
This kind of attitude reminds me of when Visual Basic first came out. Everybody and his brother was turned into a professional programmer overnight (without any sense of software engineering basics). The world was flooded with crap for code. Once again, a little technical knowledge is going to turn wanna be developers into generators of bad apps and bad advice.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
