Intranet Blog :: Speaking of Facebook as an underground intranet…

Intranet evolution, best practices, and case studies by Toby Ward.

This Month

Month Archive

January 2008
December 2007
November 2007
October 2007
September 2007

Year Archive

2008
2007
2006
2005

Main Page

Previous:	1 in 3 find intranet “not useful”
Next:	Information architecture for the intranet

Speaking of Facebook as an underground intranet…

by Toby Ward on Fri 23 Nov 2007 02:26 AM PST | Permanent Link | Cosmos

Employee use of Facebook while at work could have or broach upon some serious security issues not necessarily seen on the surface. The use of Facebook as a developers platform for all sorts of tools and applications that use and promote personal information should catch the attention of corporate security folks.

ZDNet’s Phil Windley correctly postulates about the potential problems and the potential Pandora’s box for secure and highly confidential corporate information (see Social networking needs identity delegation strategies)…

"Ever since Facebook opened its platform to outside developers, thousands of applications have been built on top of Facebook. Some have tens of thousands of users and have become part of the everyday experience for many Facebook customers. The viral nature of Facebook means that well designed applications spread like wildfire.

Many of these applications ask users to enter their credentials for some other service so that they can provide a Facebook interface. Unfortunately, users are all too willing to do that if the application offers even a small benefit. Often these applications use the user’s credentials to find the email addresses for the user’s associates in the service and invites them to start using it.

Suppose, for example, that someone wrote a PeopleSoft application for Facebook (maybe someone already has) that worked through user credentials. When you set it up, it asks for your username and password in PeopleSoft and then authenticates as you and starts digging around. You get a nice dashboard widget of your PeopleSoft data on Facebook, the app gets a ton of data.

In an age where more and more organizations are deploying single sign-on solutions across the enterprise this is downright dangerous. The credentials you give might be the key to everything including your 401K account and direct deposit access on the employee portal. Yipes!

You don’t think your employees would do this? After all, it’s against policy isn’t it? Think again. I found in some non-scientific surveying that people don’t equate typing their login credentials into a Facebook application with giving them to a co-worker or friend. You may want to clarify that before the trouble starts."

Not convinced?

Check out this story from Forrester’s Charlene Li who made an online purchase that was advertised to all her friends via her Facebook profile thanks to the Facebook Beacon application (see Close encounter with Facebook Beacon):

"Earlier this week, I bought a coffee table on Overstock.com. When I next logged into Facebook and saw this at the top of my newsfeed… (Facebook directly referencing the exact purchase, the exact product (a coffee table) with name and a link to the product, made by Charlene herself).

I was pretty surprised to see this, because I received no notification while I was on Overstock.com that they had the Facebook Beacon installed on the site. If they had, I would have turned it off.

I used my personal email address to buy the coffee table, so I was puzzled why and how this "personal" activity was being associated with my "public" Facebook profile.

Facebook Beacon is merely a small piece of script that allows the partner site to put a cookie on your browser. So when I bought the table, an Overstock cookie was created, which then transferred the information to Facebook. Facebook then checks to see that the same browser is logged into Facebook, and shows the information. I'm not sure of all of the details, but I suspect that if I had logged into my "personal" Facebook account first (yes, I have two Facebook accounts and unless you know my personal email, you won't find my truly personal Facebook profile), that Overstock activity would have been logged to that Facebook profile."

I’m a big fan of Facebook, but it poses some serious security and privacy concerns for more than just individuals. Corporate IT and Security officials would do well to not only monitor Facebook activity, but to intimately know and understand the types of applications being used and developed for the Facebook community.

Cavaet emptor (buyer beware).

JOIN THE INTRANET GLOBAL FORUM ON FACEBOOK: Intranet Global Forum

RELATED READING:

Facebook used as an ‘underground’ intranet

Serena Software Adopts Facebook as Corporate Intranet

The Facebook Revolution

BOOKMARK THIS:

Digg this Post to del.icio.us Post to Slashdot reddit

Facebook StumbleUpon Add to Technorati Faves

Technorati Profil

Keywords: Intranets, intranet, Facebook

Posted to:

Main Page

Web 2.0

Comments

Post a comment

Re: Speaking of Facebook as an underground intranet…

by Anonymous on Sat 24 Nov 2007 10:16 PM PST | Permanent Link

Toby

You're spot on with this. I came to your blog via Charlene's. I wonder when the first disaster will happen.

My thoughts on this are here:

http://marketingconversation.com/2007/11/24/facebook-beacon-inst-in-the-users-interest-that-means-you/

Re: Speaking of Facebook as an underground intranet…

by Bogdan on Thu 17 Apr 2008 04:46 AM PDT | Profile | Permanent Link

In the United States, the terminology for a cheque historically varied with the type of financial institution on which it is drawn. In the case of a savings and loan association it was a negotiable order of withdrawal; if a credit union it was a share draft. water damage restoration

Re: Speaking of Facebook as an underground intranet…

by mcse training on Tue 29 Apr 2008 12:47 PM PDT | Profile | Permanent Link

If I were in charge of Facebook security I would be very concerned about even minor breaches of privacy. It takes only a couple of blunders to see people hit the exit door. cisco training

Re: Speaking of Facebook as an underground intranet…

by stellato on Fri 02 May 2008 08:11 AM PDT | Profile | Permanent Link

I think it gets more and more important to be in such social networks. the other hand is really the security. new social platforms are born every other week or so. facebook is one of the biggest, till now.
Stella Paruresis

Trackbacks

TrackBack URL:
http://intranetblog.blogware.com/blog/_trackback/3370958

Weblogs that reference this article:

Side effects of percocet.
Weblog:	How long is percocet in your system.
Excerpt:	Neo percocet. Effects of long term percocet use. Can percocet cause nightmares. Percocet.
Posted:	Sat Feb 02 00:05:33 PST 2008

Post comment:

Format Type:
	Convert newlines
	Receive comment notifications for this article
Subject:

Comment:

Comment verification:

Please enter the text you see inside the graphic to post your comment:

You are not currently logged in. If you would like your user information to be displayed with your comment, please enter your login information below.

Username:
Password:

If you would like to post contact information on your comment, please enter your information into the optional fields below:

Contact information:

Name:
URL:		example: http://yourdomain.com
Email:

Please note: email will not be displayed on the site, only for the blog owner. If logged in, URL will only be used.

Home

Syndicate

Syndicate this category