Twitter has recently joined the ranks of fellow social media giants Facebook and Google by moving to more widespread and defualt use of SSL to protect their end-users’ information. Twitter announced on their blog that users can set a preference to secure all Twitter communication via HTTPS, which will in time become the default setting for the Twitter service. You can read the Twitter blog here: http://blog.twitter.com/2011/03/making-twitter-more-secure-https.html
This shift highlights a very real and important challenge for enterprise security that boils down to this:
The conclusion for enterprise security is pretty clear. If you can’t control social media, and specifically social media that is SSL encrypted, then you are leaving open a clear path for botnets and malware to get into and out of your network. This is a clear case in point where the consumerization of IT has serious downsides for security. The shift to SSL provides a moderate improvement in privacy for the end-user, but in the process makes the enterprise far more vulnerable to organized attacks, lost data and compromised systems. Obviously this also is yet another example of why a true next-generation firewall with the ability to control applications regardless of SSL is not just cool new technology, but absolutely mandatory for modern security.