Facebook's new privacy settings

Last week, Facebook upgraded its privacy settings. I am sure by now many of you have gone through the new privacy setting wizard. But do you know all the ins and outs of the new settings and how to navigate them?

In general, the new Facebook privacy setting menu is easy to use and straightforward. Some of the new options Facebook provides are positive changes. For instance, you can now hide a wall post to specific individuals (or make them visible to specific individuals). This level of fine-grained control was not available before, which is a welcome change.

However, in the course of migrating to the new privacy settings, Facebook has made several categories of information visible by default to “Everyone.” If you didn’t actively manage your privacy settings through this new migration, some of your information, such as Family and Relationship, Education and Work, and your posts will be left visible to everyone, regardless of what your previous privacy settings were.

Another puzzling thing is that Facebook apparently does not think the ability to control who can see your “Friends list” belongs in privacy settings. Moreover, they’ve made everybody’s Friends list visible to the world by default. To turn that off, you have to go to your profile page and click the little crayon icon next to your friends list to unselect the “Show Friend List to everyone” option. If you have previously hidden your Friend list from public view, they are now free for all to see unless you did the little trick with the crayon icon! Even worse, your Friend list will now show up in search engine results.

Read more


Cloudy with a chance of non-compliance

Compliance, along with security and privacy, is a big topic when firms consider cloud services. I recently did a Forrester Webinar on the topic of compliance for cloud computing. This blog entry is a recap of the Webinar.

In terms of compliance for cloud services, there are four categories of issues of concern:

  • Where: Geographically-related issues
  • How: This is about operational details that affect compliance
  • Audit: Show me evidence that you can help me achieve compliance
  • Others: Everything that doesn’t fit into the above categories

For the “where” category, you need to be conscientious of the following aspects:

  • Datacenter locations
  • Implications of local laws and regulations (where the datacenters are operating)
  • Third-party access: Does the vendor use any “third-party” resources that may affect the locations of relevant data?

We recently helped a client evaluate the business suitability of a SaaS provider. In the course of doing so, we discovered that the SaaS vendor used a third-party backup service to back up their logs. Although the SaaS provider is located entirely in the US, the backup service provider is not. Therefore there is a question of whether my client’s logs will get stored in a datacenter outside the country. This made my client uneasy.

The “How” category is the biggest and most comprehensive, as it includes many operational aspects. For example, along with other aspects, you need to consider:

Read more

To Facebook Or Not To Facebook (40% Of Companies Said Yes To Facebook)

To Facebook or not to Facebook? Forrester recently received a flurry of inquiries concerning social network access inside enterprises. Many firms are reluctant to deny their employees’ access to social networking sites but at the same time are worried about consequences such as malware threat, data loss, and the loss of productivity. 

More specifically, risks associated with social networking come in three flavors:

  • Malware and phishing: Social networks have become a hot bed for malware and phishing activities. As such, allowing access to sites like Facebook, MySpace, LinkedIn, etc., does carry a certain amount of security risks.
  • Data loss: Employees post content to social networking sites pose a potential threat of data loss, which has many up in arms about the use of social networks in enterprises.
  • Damage to corporate image: There is no reliable way to ensure that no one can set up a fake corporate page in LinkedIn or Facebook, and that no one takes your official promotional video and repost it to YouTube after unauthorized edits.
Read more