Another security-related concern: PR risk


Lots of services these days include an online component if only for customer service and marketing. Companies are no doubt attuned to the security risks that their online services entail, especially when PII or any information at all about children is involved. There are others as well, including PR and headline risk.

A great example comes from the New York Times article on Edmodo, which offers free software to educators to set up virtual environments where they can conduct classroom activity virtually. These sorts of sites are popular these days

But they also allow users to add names, photos and other details,  and that has raised some concerns.  An engineer at Cisco Systems, examined Edmodo's data security practices by registering himself on the site as a fictional home-school teacher and soon discovered that Edmodo did not encrypt user sessions using Secure Sockets Layer protocols, which led him to worry about "the potential for a stranger to gain access to student information, and thus hypothetically be able to identify or even contact students."

These concerns made it to a reporter for the Times, which produced an article. The company had a nice response, noting that "any school that chooses" had been able to use a completely encrypted version of the site since 2011" and that the company "is working to ensure that all of our users are using an SSL-encrypted version."

The lesson here is that security is such a hot-button issue these days that you pretty much have to count on bending over backwards. There could well be some school districts that think twice about using the software because of the article.  At this point, companies will have to reconsider rolling out an online service without some form of encryption. The last thing you want is to end up being featured in the media for your security practices rather than your products.

For more:
- here's the article