IT managers agonise about how to erect ever stronger barriers to their company’s information resources. At the same time, within that precious firewall, employees happily trade gossip, company secrets and sexual innuendo, either by SMS, email or instant message. Some may even be posting all sorts of information on their personal blogs.
Welcome to the truly internet-enabled generation – where a new poll suggests 61% of all 13-17 year olds in the US have personal profiles on the web and estimated 12 million Americans already have their own online presence. Social networking site MySpace has an astonishing 56m members, while YouTube gets 100m downloads a day.
"We are all going to be involved, like it or not, in a highly public social experiment in security, trust and IT"
Science fiction writer Isaac Asimov may have had a clue to where we’re going with all this with his 1956 short story, The Dead Past. In the story an experiment to develop a ‘chronoscope’ to view ancient times instead becomes an easy way to look at events in the here and now, effectively ending the concept of privacy. Even as today’s teenagers and soon to be graduate recruits gaily share all their activities with the world, the workspace is trying to come to terms with these new realities of ever greater openness about personal information.
According to a recent report in New Scientist magazine, a quarter of employers Google search prospective job applicants or hunt down their online profiles. So beware sharing all the details of what you got up to at that New Moon party – it might one day stop you getting your foot in the door at a top corporation. Or will it? The modern organisation, with its commitment to work/life balance and greater employee empowerment, may take a more liberal view. This brings us back to the CIO and his responsibility, of course. Is his job to eternally clamp down and restrict or is it to ‘go with the flow’ and enable technology to foster more sharing of information?
There are no easy answers here. Security is likely to remain an equilibrium, a complex balancing act between compliance strictures, corporate and social culture and the often-questionable foibles of the individual worker at the heart of it all. This is because the internet has changed everything. It’s enabled us to tell the world what we had for breakfast but it also means the things we want hidden seem just as easy to gather. Investigative journalists tell us that the data corporations have outsourced to call centres is effectively up for grabs to the highest bidder, for example. Now the Information Commissioner is to launch a study into claims that financial details of 100,000 customers from Indian call centres are being offered for sale to outsiders.
The ID debate
At the other end of the scale we are all going to be involved, like it or not, in a highly public social experiment in security, trust and IT. Step forward national ID card project. The government says the biometrics-based system will be a “powerful tool to combat identity fraud which underpins organised crime, terrorism and abuse of the immigration system”. Civil liberties groups counter the system is a massive risk, counter-productive and likely to cost an awful lot more. What’s undeniable is that the introduction of ID cards is likely to change the way UK citizens view IT-based security.
At the same time security still means defence against disaster. After all, used as we are these days to the idea of destruction by terrorist action, how many CIOs know that arson is a growing threat to UK businesses? According to a study by insurers Axa there’s been a 12 per cent rise in claim settlements arising from arson in the past three months alone, with the average claim amounting to £40,000. That’s a factor of 10 bigger than the average insurance payout for all crimes. 80 per cent of firms never recover from a serious fire. How prepared are CIOs for that kind of risk? Security in the internet age is not going to be dull, that’s for certain.