The use of Twitter to spread information about the unrest in Iran can teach businesses valuable lessons about the flow of information in their organisations, according to leading lights of the IT security world.
Howard Schmidt, president of the Information Security Forum (ISF), told ZDNet UK on Friday businesses need to recognise that technology such as instant messaging can be used to improve information flows, while still maintaining security.
"Instant messaging has been blocked for a long time, especially by financial-services companies," said Schmidt, speaking at an European Network and Security Agency (Enisa) event in London. "But it's easy to have IM, based on an internal server, with security controls. A knee-jerk reaction just to block information is not helpful."
If businesses try to put a complete block on such tools, employees will find a way around that as they try to get their work done, according to a panel discussion at the Enisa event involving Schmidt. A wider example of that is the way that Iranian citizens have managed to evade state web-censorship and organise protests following the recent disputed presidential elections, BT chief security technology officer Bruce Schneier pointed out. This has been achieved through technologies such as Twitter and YouTube, allowing information to flow to a global audience.
"Many-to-many social media is being used as a reporting tool," said Schneier. "Iran is the coming of age of citizen journalism. Journalists are under house arrest, and the web is censored. But the Iranian government forgot about Twitter, so that is the way that information is getting out."
Schmidt said the Iranian government had also failed to take into account the multiplicity of web-enabled mobile devices belonging to citizens. "Mobile devices are all over the place in Iran, and when the government finds ways of blocking information, people are finding ways round that," he said.
Given this, Schmidt advised businesses to harness employees' own paths to sharing information, and instead to build in security controls to prevent sensitive information leaving the enterprise.