X
Business

Social network security: Where is the outrage?

Companies such as Twitter, Facebook and others have to make a commitment to validating and certifying that their network infrastructure is resilient to everything
Written by Jennifer Leggio, Contributor

Jennifer Leggio is at RSA Conference

Guest editorial by Kyle Flaherty, BreakingPoint Systems

Do you have an iPhone? Of course you do, you are reading a blog dedicated to social media. If you don’t have an iPhone you are probably even more cutting edge with a fancy Droid, or perhaps you are just waiting for that iPad to arrive. Whatever you have in front of you check out the back of your phone, you’ll see a variety of logos, each representing some performance or safety standard for the phone. Now pick up your refrigerator and…oh never mind, I’ll just tell you that somewhere on every appliance in your house is this:

Along with a bunch of other logos, all of which mean that it has been evaluated against a certain standard and under realistic conditions. The most famous is the one above for Underwriters Laboratories and that logo lets us consumers know that when we plug in that microwave or fridge it won’t blow up the fuse box or grow titanium legs and become our appliance overlords. The reason it has the UL “stamp of approval”? It has been validated for hours and hours on end, through a battery of real-word scenarios and certified that it will perform as expected.

Now, a pop quiz. What undergoes more inspection and certification under real-world scenarios, that fridge or the network infrastructure holding up your favorite social network? It’s the fridge. The result of course is that Twitter (or name your fave social site) not only has difficulty performing, but continues to be a harbinger of nasty malware and viruses.

This is not to pick on Twitter. I’ve been using the service since December of 2006 and I realize that we get what we pay for when it comes to any of these services. My concern is that as these networks become more ubiquitous in our lives that users never stop to question these problems and that we never institute a set of standards to measure and certify the performance and security of the devices that run these services.

As I sit here writing this post I’m getting dozens of direct messages from folks offering me ways to make millions from the comfort of my own home or to check out their webcam, and these are people I know well. Unfortunately their Twitter accounts have been compromised and it is happening all the time on every social network. And this is only the tip of the iceberg. It is predicted that in 2010 social networks will be the number one source of malware. It is also a safe haven for botnets to do their bidding, whether that is spamming campaigns or stealing information.

The last time it was this bad (that week it was the performance) I wrote “Open Letter to Twitter: Can We Help?” on my company blog:

BreakingPoint wants to help Twitter by providing the use of its server load testing product and wicked smart folks (sorry, the Boston still in me) to help assure the resiliency of your company's network devices, servers and overall data center infrastructure.

In the months that have passed it has only gotten worse.

Resiliency is Key

Social networks rely on network and data center infrastructure to reach us all, in some instances this may be a cloud computing scenario or something they have built themselves. Most likely, such as the case of Twitter, it is a mix. As we already mentioned above, the equipment that makes up this infrastructure has not been assessed as thoroughly as your microwave. All of this equipment must be certified to be resilient to handle the complexity and chaos that is today’s network traffic. Network resiliency is the ability to remain high performing while remaining stable and secure.

Companies such as Twitter, Facebook, Amazon EC2, Google and others, have to make a commitment to validating and certifying that their network infrastructure (or their cloud computing partner) is resilient to everything, from maximum user load to a major cyber attack. For too long these companies have collected our information while taking little responsibility for properly securing our experience. When do you think these companies will move in the direction of resiliency certification? Perhaps after an immense attack, such as Google looking for help from the NSA after the cyber attacks in China. Or when users start to become appalled and demand their services provide a promise of resiliency.

Well I don’t wish the former upon anyone, therefore let us focus as users of these services on the latter. Each time you see another spammy DM or wall post I want you to do two things:

  1. Change your password…you should do this each week anyhow
  2. Be outraged that the service you are using has not properly certified the resiliency of the infrastructure that houses your information and in some cases your reputation

It is time to get outraged and perhaps then we will start to see change.

Kyle Flaherty also blogs for BreakingPoint Systems about cyber security simulation and validating the resiliency.

Editorial standards