A realization that I have made over the course of my research and work with clients is that individuals/companies do not own or command the platform / features / perpetuity / presentation / purpose / etc of these online Cloud platforms. What does that mean … well simply, it means plan accordingly and be able to adapt as rapidly as these platforms do.
Does that mean you should not build a community on FaceBook … well no, but it does mean be vigilant about having your owned properties being sustained too (“old” web 1.0 site). The content and interactions with consumers of your site will benefit – long term and short term.
There is also the awareness that competitors can advertise and compete against you on your own properties, or the Ads may run counter to your group’s taste. This in some case could create some very uncomfortable situations and lost revenue.
In addition, as features come and go … well, you have no choice. If you built your business using an API and Twitter cancels it, well it’s gone. Simple risk assessments would identify such critical relationships that are to often left to assumptions.
Given the level of interconnected dependencies that exist today weaving together these media platforms, businesses, and social sites .. a single disruption (such as Amazon’s data center going down) can have periphery effects that harm your business.
How does this relate to your security program .. well
not much a lot actually. While the simple “run a penetration test” won’t work, there are still many approaches to assessing the information security risks to your data, interfaces, and risks as it relates to your business. The API terms are free to all, the security within the API is easy to evaluate, among other things…
The security program is supported directionally by the business risk assessment – what matters and how much. Answer that question, and the decisions on the platform of choice (and second, and third) will become simpler.
Other considerations on these platforms as a service?
James DeLuccia iV