Google Site Search

Google
 

Monday, June 11, 2012

LinkedIn has a wake up call

All the IPO fun news - soaring personal assets - increasing cash pile must have gone a bit sour at LinkedIn now. They have probably started living on earth now, like the rest of us. I am referring to http://blog.linkedin.com/2012/06/09/an-update-on-taking-steps-to-protect-our-members/  and http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html

I have been a LinkedIn member since inception. It feels like close to decade+. I respect and utilize their services on a daily basis. Their advances in technology primarily big data analytics impresses me.

But when customers/users provide you their information, then it is of utmost importance to safeguard it. LinkedIn failed to do that. But they are not alone. Everyday, we hear some data breach. The fundamental problem is that there is no easy way to secure anything. Passwords are useful to achieve the minimum level of security, with minimum set up. But they are not the best forms of security. Working toward preventing data breaches should be part of a daily routine.

The blog post from Vicente is very assuring. In the next few years, LinkedIn will probably have fewer news reports about data breaches. Hopefully, Ganesh Krishnan (from my alma mater, BMSCE) can shine.

What LinkedIn needs to do is take their advances in big data analytics into security intelligence. Salting/Hashing passwords is just the first step. You should incorporate device registration as well as use security analytics to thwart future breaches. Please be the first to show us the way with big data security analytics.

Good Luck to LinkedIn!

(Now can we please do something about the "Who viewed your profile?" leaks on LinkedIn on mobile apps?).