Internet Identity

The March 2011 edition Fast Company magazine recently highlighted the most innovative companies in the world from their perspective. These companies have very popular technology products, and some have been household names for years. From an IT Security perspective, I have identified a few of those that you need to be watching closely because they affect your own online business. It's a good bet that your employees and customers frequent their web sites (or apps) and expose your networks to whatever vulnerabilities they have. In some cases they are already part of what your organization uses to connect with external audiences. You should be watching their public infrastructure as a matter of policy, and have action plans in the event of outages, hijackings, and major breaches. If your organization has business development plans with them, or sends to or receives data from them, or if employees use their products, they are part of your Extended Enterprise.

What these companies have in common:

• They have all focused on innovating for their customers

• They have taken advantage of the global shift toward mobile computing

• They offer products your employees want to access while using your organization's devices and/or networks.

1. Apple

With over 200,000 apps in the App store, and as the largest seller of mobile computing devices anywhere, Apple has broken down all the old barriers of Enterprise computing standards by ushering in the "Post-PC Era." Mobile computing is becoming the rule, and desktops, while still relevant, are becoming ancillary. It's a good bet that you are reading this on an Apple device, and security conference venues are replete with Macbooks or iPads. Do you simply trust that Apple is a safer platform?

2. Facebook

With over 600 million users, Facebook is approaching the point where it defines the web experience -- and not vice versa. Facebook had a well-publicized outage in 2010, creating an unsightly hole in a large part of the web. While being one of the most blocked web sites in corporate URL filtering lists, employees will still use work computers and phones for facebook updates. Facebook focuses heavily on security, but they cannot completely prevent users from allowing untrustworthy apps to gain access to the local machine. Are you simply trusting employees to follow policy guidelines here?

3. Zynga

Zynga is "connecting the world through games." Did you know that the creators of Farmville, MafiaWars, and Cityville have over 300 million users per month? A huge draw of the games is the ability to socially connect and share vital personal data. Are employee's family members playing these games on corporate devices?

4. Google

Despite its already-immense size and reach, Google remains one of the fastest growing companies of any industry in the world. A standard-bearer in cloud computing, corporate Gmail accounts have been involved in several data breaches over the past few years. You can try to list all the ways that Google impacts your extended enterprise, just be sure to actively monitor their Internet presence while you're at it.

5. UPS/FedEx

Both of these companies have fought to earn market perception as technology companies that are the engine for global supply chains, and not just your shipping company. Stop and think for a moment how pervasive their technology influence is in your organization, and what impact an infrastructure disruption would have on your business.

6. Foursquare

The social media darling of 2010, Foursquare capitalizes on the convergence of user location and user spending. While the "mobile geo-commerce" industry is still relatively new, applications like Foursquare focus on earning the user's implicit trust with data sharing. More and more, data sharing on mobile devices is equivalent to device information sharing. What sensitive corporate data do your employees carry on their mobile devices?

7. Skype

The largest international voice carrier now boasts over 650 Million personal and corporate accounts. As with many firms in the VoIP industry, the focus has been on fast growth--security is often an afterthought in that situation, as we have pointed out. Criminals are actively seeking ways to abuse Skype, and to utilize Skype accounts to defraud other VoIP vendors and the firms that they serve to the tune of millions of dollars annually.

8. Pandora

The "Internet's Personal Radio Station" is a great example of the network effect in action. Employees tend to load this site habitually, and as long as everything's working properly in the background, then there's nothing to worry about, right? With a recent IPO filing, you'll be hearing more from Pandora this year.

9. Groupon

Having grown from 200 employees to over 5,000 in less than 3 years, Groupon is a frequently rumored acquisition target. Groupon, its suitors, and partners alike are working on ways to innovate their service and penetrate more markets. Ask around. Is your company planning on doing anything related to Groupon?

10. Twitter

In 2006, Twitter had fewer than 10,000 users and at that time some of your employees had MySpace accounts for posting their statuses. Fast forwarded to 2011, and Twitter now has over 200 million users and has redefined how many people communicate, share, and gather news, both personal and global. Twitter is another firm that experienced hypergrowth in the past few years, and this often means that important items like "executing a full IT security strategy" have been put off for the future. If you are responsible for security in a large Enterprise, don't wait for the upstarts to come around on this issue.

11. Blizzard

Multi-player online games are big business, reaching into the billions of dollars annually. The virtual object economy is leading to the exchange of large amounts of real currency. Tempted by money and novice users, this sector is also becoming one of the hardest hit from a phishing volume standpoint. The malware threats vectors that exist in this realm are often overlooked.

12. Ford

What would Henry think of a new model being unveiled at the Consumer Electronics Show in Las Vegas? It may seem far-fetched, but automakers are innovating how they integrate technology into their products and the driver's experience. This means that the gap between the automobile and the Internet is closing. And the automobile is just one more vulnerability point, one more place where your customer and employee data will be stored and accessed for convenience.