So how did social media fare in 2009, and what can we look forward to in 2010? If Facebook could be considered a bell-weather for social media, then 2009 was an important year, because it broke through 300 million users and became cash-flow positive for the first time. Although this of course doesn’t mean that it is profitable – yet.

Analyst Gartner reckons that Facebook will actually strengthen its position in the future, because it will help different social networks operate with mechanisms such as Facebook Connect. In fact, Gartner believes that interoperability will be the most important trend in social networks over the next two years.

All business sectors embraced social media in 2009. Look at newspapers; criticised by Gartner in early 2009, the vast majority of newspaper sites now have social media widgets to help their readers share information. The Telegraph, for example, has a ‘retweet’ button, which handily counts the number of times readers have retweeted its articles.

Away from the mainstream, social media turned up in all sorts of places. It aimed to stop the spread of swine flu, got jurors into trouble in court and even saw an innocent man hauled down the police station to be questioned about terrorism offenses.

So what for next year? Well Forrester’s Josh Bernoff believes that 2010 is the year when marketers will focus less on fuzzy social media metrics and look for proper measureable marketing metrics. Getting followers and friends is all very well, but if businesses don’t use these networks or connections for any obvious end, then the money is wasted. In fact it can be counterproductive if the connections get bored or disillusioned with the enterprise’s business.

What do you think?

Judging from some of the news stories circulating online recently, you might be forgiven for thinking so. Researchers keep discovering flaws in the way that it works. Worryingly, these are not simply execution flaws. Rather, they are basic design flaws, which raise significant problems when it comes to mitigation.

Most recently, PhoneFactor, a company specializing in authentication using telephones, discovered a fundamental design flaw in SSL, a key technology designed to protect online web sessions from being hacked. 18 months ago, Dan Kaminsky, director of penetration testing at security consulting firm IOActive, discovered a flaw in the way that the Internet resolves web addresses. And shortly after he made his announcement, another pair of researchers announced yet another flaw, this time in the border gateway protocol [BGP], which is a key Internet technology designed to exchange information between different networks.

The most worrying thing about flaws such as these is that they render almost everyone using the Internet open to potential security attacks. For example, the flaw that PhoneFactor found lies with the secure socket layer [SSL], which is used to encrypt information passing between a website and a browser. It enables an attacker to inject their own data into the communication stream between the user and the website — even when that website is using encryption technology. This partly invalidates the padlock that you will see in your browser when surfing supposedly secure websites. Perhaps even more worryingly for enterprise users, it also potentially affects users of smartcards, which could render your whole two factor authentication system for remote employees [if you use one] vulnerable to attack.

Because SSL is a foundational technology which protects so many other things online, this design flaw is particularly worrisome. For example, others have pointed out that SSL is commonly used to protect database queries sent from one computer to another. If an attacker can inject their own commands into an SQL database query, they could turn something fairly innocuous — such as a request for a single customer’s details, for example — into something more malicious, such as a instruction to delete all of your customer records [assuming that the database granted such permissions].

Security problems have also been found in MD5, an encryption mechanism that has been traditionally popular on the Internet, and was used by some certificate authorities [the companies that create digital certificates designed to identify organizations and people, and authenticate them online].

Even so, not everyone believes that the Internet is fundamentally broken. Leslie Forbes, technical services manager at F-Secure, which sells software and services designed to make people more secure online, argues that it is the way we use it that is inherently flawed. “It is the model we used to trust [or not] the services offered across the medium that is broken,” Forbes says. “So, based on the premise that the Internet is supported by software, and software will have bugs — some never dreamed over the time of coding — there will always be fixes to be made.”

One of the biggest problems when such flaws are discovered is the remediation process. Fixing deployment errors is bad enough, but it generally only involves passing a piece of software or firmware and then distributing it online. But when the security problem involves a basic mistake in the design of a protocol, then this entails a potential change to a standard, which can be a much more complex task. Standards bodies move at a glacial pace, meaning that it can take years to alter existing documents to account for a design problem. In the meantime, companies must find workarounds that at least prevent an attack from happening in the interim.

Unfortunately, the general consensus is that such design flaws will keep cropping up as we become more adept at finding them [and hopefully do so before the Internet criminals]. “Any complex system will be difficult [or time-consuming] to analyze empirically, so it will continue to be both possible, and likely, that while there are Internet protocols, there will be serious flaws,” warns Martin O’Neal, managing director of security consulting firm Corsaire.

Not only must these companies work together, but they must do so largely in secret, so that they can find the solution to the problem before malicious attackers do. To this end, a group of companies including Microsoft formed the Industry Consortium for Advancement of Security on the Internet [ICASI]. ICASI focuses on working together to try and find solutions to security problems affecting the broader Internet and not limited to any one vendor.

Unfortunately, such efforts do not otherwise result in a fix before attackers exploit such basic vulnerabilities. For example, the SSL flaw that PhoneFactor discovered was kept secret until it was independently uncovered in a discussion forum. Shortly after that, security researcher Anil Kumas used it to engineer an attack against the Twitter micro-blogging service that would enable any attacker to authenticate themselves as another user.

Alternately, the question of whether the Internet is broken maybe too simplistic. The online world is never that binary. After all, you are still reading this article online — something that is miraculous when we consider that the web didn’t exist 20 years ago. However, thanks to increasingly sophisticated attackers online, we are finding the Internet in a continuous state of disrepair. This is the nature of the medium. It is chaotic, disjointed, and always in flux. Perhaps the best that we can do is to secure systems as best we can by applying the most up-to-date patches, and then protecting all of our valuable data by increasing his, and applying multiple layers of defense to thwart any single attack. Internet may not be broken, but that doesn’t mean we shouldn’t do our best to try and fix it.

Further info

PhoneFactor SSL flaw discovery http://www.phonefactor.com/sslgap/

BGP flaw – http://www.zdnet.com.au/news/security/soa/Flaw-in-BGP-net-protocol/0,130061744,339291643,00.htm?omnRef=1337

Twitter hack http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

Kaminsky DNS flaw news http://www.orange-business.com/en/mnc2/footer/news/enterprise_briefing/september2008/industry_watch.jsp

ICASI http://www.icasi.org

This blog was contributed by Danny Bradbury, one of Futurity Media’s international network of writers

Here’s an extract of an article that Simon Marshall and myself wrote last week for Orange Business Services on their Orange Business Live blog…..

Social networking usage in the workplace has gone through the roof as Generation Y employees tap into social media such as Instant Messaging, Twitter, Facebook, SharePoint and WordPress to interact with colleagues, partners and customers. As enterprises explore the legitimate use of social networking tools to gain customer intimacy and improve relationships, there are a number of factors that can make deployment more effective

Corporate social networking usage has grown out of message boards, Lotus Notes and intranets and is embracing collaboration tools and the social Web to increase productivity and profitability.  More corporates are using social networking as a response to the rise in globalization and dispersed workforces, and as a way of opening access to business-critical skill sets and information. But, there are a number of reasons why corporates must focus on achieving specific, measurable objectives in a corporate-created social networking environment that encourages positive rather than negative results.

Firstly, there’s significant evidence that social networking sites blur the lines between business and personal relationships. Although this might cause inappropriate behavior as personal lives move into the workplace, it’s more likely to cause ethical dilemmas for staff and exposure of valuable corporate brands to the vagaries of individuals or user groups. Companies can therefore struggle to delineate what social networking use is appropriate for their staff without over-reaching and denying access altogether to common tools such as Web browsers. There is some evidence to suggest that Web-browsing decreases productivity, but most firms deem it fair to allow access to a variety of Web sites and social Web applications such as Facebook, LinkedIn or Plaxo during work hours.

Who owns social networking within the organization?

Secondly, firms can fail to effectively deal with this situation because no one corporate discipline fully ‘owns’ social networking. Sometimes the IT department has control, sometimes Human Resources oversees this function. In practice it’s best to place the technical management of the social networking domain with the IT department, but have Human Resources, Sales or Marketing report to the CIO or CEO on the business benefits of such tools. IT and the CIO must meet regularly to ensure that tools are not being misused and to maintain a common fair usage policy for all employees. Problems commonly arise where listed firms must communicate material statements to their shareholders first, but run the risk of overzealous employees doing their job for them and releasing information to the general market illegally.

Finally, firms can struggle to devise a system that measures ROI. This can stem from a lack of clear objectives for the use of social networking tools. Although interaction with customers and partners is relatively straightforward to rationalize, companies must define their own measurement system that places value on employee-to-employee interaction if they are to derive full productivity benefits. Understanding how social networking tools can be used to boost discrete corporate functions helps to define who uses which applications, and with what end result.

Common internal uses include live communication and interaction based on presence applications; staff training, mentoring and performance monitoring; project collaboration; information sharing; knowledge management; social mapping for succession planning and unified communications. External uses include public relations and marketing products, events, ideas and new services; corporate social responsibility dissemination; market or competitive research; staff productivity; recruitment; project management.

Best practice for social networking

In an ideal world, the best way to tackle the challenges of introducing and benefitting from social networking is for corporates to build their own social networking framework that includes all the productivity tools employees need without recourse to them using their personal tools at work. Software developers such as Jive, Yammer, Social Text, YourMembership.com, Select Minds, SocialGO, WackWall and Ning offer different approaches.

Industry heavyweights such as the Cisco Collaboration platform provide options for big multinationals that include telepresence, unified communications and customized Instant Messaging options. Google Wave offers a centralized Web resource for collaboration across text, video, and document creation and sharing that provides an interactive record of social networking sessions.

In order to properly deploy any social networking system, best practice dictates that:

• There be a plan in place to monitor and mitigate potential reputational risks associated with inappropriate social networking site usage
• The divide between a right to know what employees are expressing online with their right to retain privacy is mitigated, and kept in context by helping them understand appropriate usage
• A code of ethics should be maintained and updated regularly, such as this one from Marks & Spencer
• Discussion of the use of social networking in the corporation must be elevated to the board level, as it is a strategic issue.

How social media adds value

• Organizational and geographical boundaries are bridged, with corporate information and discussion taking place on central, shared resources such as blogs and wikis, rather than on email or on the phone
• Teams can easily find the information they need, because social networking adds context, tags and social bookmarks to data that helps others find it more rapidly
• Employees with specific skill sets can easily connect with co-workers through user profiles and expert searches, and gain information that helps them do their job more productively.

Social media business leaders

• Best Western sponsors ‘On The Go With Amy,’ an evolving travelogue
• IBM Bloggers are encouraged to post to the site
• Coca-Cola employee Phil Mooney blogs on Coca-Cola Conversations
• Ford has pioneered Social Media Press Releases to communicate news using a variety of formats
• Kodak has dedicated a whole site to the development of social interaction with potential customers called 1000 Words.
• …As does Johnson & Johnson
• The New York Times has launched TimesPeople Beta, its social networking community
• Starbucks is currently asking its customers how to run the company, through My Starbucks Idea
• Suppository brand, Anusol, has launched a Facebook community
• MTV has extended its brand into the lives of viewers by offering an online interactive resource called Think MTV that deals with social issues.

The full article can be found here