In the case of Porsche, news emerged two weeks ago on their blocking actions as reported by Hans Kullin in Sweden:
Porsche AG is blocking employeesâ€™ access to social networks such as Facebook and Xing, according to an article in Automotive News. The reason is to shield the sports-car maker from industrial espionage.
Industrial espionage is one of the security fears which appear to be the main driving force behind this group ‘off-switch’ activity:
[…] Computer experts have identifying [sic] social network sites as posing the main threat to company IT systems. ‘Before it was email that was the favorite gateway for damaging software – today it is social networks,’ said representative of anti-virus provider Kaspersky Christian Fuchs.
Other companies, such as car firm Daimler, cited concerns about employee productivity.
Luxury car maker Porsche recently restricted Facebook use over industrial espionage fears while energy group E.ON and industrial gas giant Linde have also curbed access to Facebook and video sharing site YouTube at some of their offices.
A study by IT security firm Clearswift indicated that 30 percent of German companies fear social networking sites will distract their employees from work if they have unlimited access.
However, a much larger group — 56 percent – cited security concerns as the primary reason to restrict such sites, Wirtschaftswoche said.
It seems to me this is more about perceived productivity issues and control of what employees do than it is about security.
My podcasting partner Shel Holtz runs campaign and awareness-raising activity at StopBlocking.org with persuasive arguments and links to pretty balanced views on why blocking employee workplace access to social media is, in the end, an exercise in futility.
In particular, Shel posted a highly-relevant article from a Gartner tech event in the summer that speaks directly to this latest blocking activity in Germany:
[…] research director Andrew Walls told attendees that although infosec pros may worry that social networking will lead to uncontrolled malware outbreaks, phishing, breaches of confidentiality and trade secrets, and even damage to the corporate reputation, trying to take control or even block its use is akin to monitoring employeesâ€™ home phone calls and rifling through their postal mail.
â€œAll this message traffic is not in your infrastructure,â€ Walls said. â€œIt all takes place out there in the cloud,â€ plus it can be accessed from anywhere, and usersâ€™ privacy settings can make monitoring nearly impossible. â€œAt the root of it is staff productivity, and security isnâ€™t responsible for monitoring and managing the productivity of the organization.â€
Some believe social media represents a growing platform for malware distribution, but Walls countered that argument, noting that antimalware vendors heâ€™s spoken with say social networks are being victimized by the same malware plaguing email and websites. â€œSo if Iâ€™m going to block social media on the basis of malware distribution,â€ Walls asked hypothetically, â€œwhy not block email?â€
I hope some sounder thinking happens on this issue soon at those top 30 German c0mpanies.
(Logos image at top courtesy of Autoblog.)