"Even in those organisations that block all access to social media, blocks tend not to be complete," said Andrew Walls, research vice president at Gartner. "Certain departments and processes, such as marketing, require access to external social media, and employees can circumvent blocks by using personal devices such as smartphones. Organisations need now to turn their attention to the impacts of social media on identity and access management (IAM)."
Gartner said that social media environments include mechanisms to collect, process, share and store a more complete range of identity data than do corporate IAM systems. They enable a more complete view of identity, one that extends beyond the bounds of organisations. For IAM managers, this is both a threat and an opportunity. Identity data and social media platforms can expose organisations and users to a wide variety of security threats, but organisations can also use this identity data to improve support for their own IAM practices and the ambitions of business stakeholders.
Gartner identified three significant impacts of social media on IAM:
Personal trust misaligned with corporate trust: Employees who participate in online social media continually make judgments about the degree of trust they should place in the platforms and in other participants, and they adjust content, structure and vocabulary to match their risk assessments. These assessments and the fundamental inputs to their assessment process may not align with corporate expectations for risk management. As a result, employees may say and do things on social media platforms that violate corporate policy or are otherwise counter to corporate expectations.
Public content supports identity intelligence: The collection of identity data by public social media on a massive scale enables improvements in the production of identity intelligence. This pushes IAM programmes to discover the user profiles accessed by staff and to maintain capabilities for accessing external services in order to harvest identity data.
Identity data can be leveraged for IAM: Social media provide a mechanism for verifying the identity of employees, job candidates and customers, and a cloud identity platform for performing IAM for other applications. IAM programmes can use social media for identity verification and to extend identity services to internal and external applications via a semi-trusted social platform.
"Organisations should not ignore social media and social identity," said Mr Walls. "We recommend that organisations ascertain how they currently use internal and external social media in both official and unofficial ways, and look for dissonance between IAM practices and the identity needs, opportunities and risks of social media."
Mr Walls will speak on the impact of social media on IAM at the Gartner Identity & Access Management Summit 2012. For further information on the Summit, which will take place on 12-13 March in London, please visit www.gartner.com/eu/iam. Additional information from the event will be shared on Twitter at http://twitter.com/... and using #GartnerIAM. Members of the media can register by contacting Laurence Goasduff at laurence.goasduff@gartner.com.
About Gartner Identity & Access Management Summit 2012
The Gartner Identity & Access Management Summit 2012 will explore the future of IAM technologies and the changing market landscape. It will help organisations promote desirable business outcomes, improve identity-relevant service levels, and satisfy growing regulatory and compliance imperatives.