Is Social Networking a Fad?

In the last 24 months social networking has seemingly come to a head of steam.  Facebook, MySpace and Bebo have been around for a number of years, but in addition we now have the likes of LinkedIn for professional networking and any number of micro-blogging and commentary sites.  This is not to mention Twitter...

Social Networking is really what the internet was invented for.  Shame it's taken the best part of 15 years to come together.  Many people now see email as a dying breed of communication, probably due to the increased 'spam', increased volume and lack of clarity it brings.  If only 65% of your emails are useful to you, you're wasting 35% of your "mail" time.  Full stop.  Time is one thing social networkers do NOT like to waste.  Everything has to be quicker, smaller and more customized.  Rapid execution is the key underlining factor.

If they're here to stay, do they need to innovate?

This bubble of attention and innovation with regards to small, simple and rapid execution based socnet sites is seemingly unstoppable.  Or is it?  Everything comes to a head at some stage, based on the product life cycle.  New sites are being created every day and any angel or VC funder is seemingly not worth their salt unless they have a social interaction or collaboration site on their CV.

The big benefit of any social networking is the mass volume of through put.  Be that members, people signed up, people viewing adverts....etc.  The gamble requires large volumes.  Without, it's just a network.  That doesn't really work.  So just a net then?  Can those volumes continue?  Well I think probably yes, but what will probably change is the level of intellectual property being invested in the original site.  By this I mean instead of just allowing large volumes of people to interact - the worker ant syndrome - the site would provide more intellectual grouping and dissemination of data and information.  This would remove the choices the individual social networker would need to make, again saving time and effort to collaborate and share.

Security Over Configuration?

Many recent software development frameworks use the term "Convention over Configuration".  The main idea behind this, is to remove the need for a programmer to explain every detail of an application and instead only specify what the unconventional aspects will be.  This should in theory, remove coding unnecessary aspects of the application that otherwise should be taken for granted.  This results in faster development, simplified code and ease of management.  Anything that doesn't fit the 'convention' needs to be 'configured'.

I wonder if this approach could be applied to the view of security, not only from a software perspective, but in general every day life?  Security in terms of software is often seen as an add-on, an extra, something to do at the end or if something erroneous occurs.  This shouldn't be the case.  Security should be built from the ground up from a technical perspective and from a process perspective should be considered equal to things like business continuity or the organizations marketing strategy.  So instead of security being an extra, should it be seen as default?

From an IT perspective, many view tight security simply as using a strong encryption method or implementing a password complexity policy.  Here I feel we are missing the point.  Security is all about strength in depth.  The use of rings or circles of protection the same as a fortified castle or strong hold would have been in times of "yester-year".  Information should be treated in just the same way, with protection coming from all levels including network security, application security, internal process and infrastructure security, right through to physical protection such as lock and key. 

But security at these different branches of an organization, is often seen as being time consuming, costly and returning nothing in the form of investment from the bean counters point of view.  This ironically, will probably lead to costly and short term projects that are a response to a security breach or a policy manifestation induced by not implementing the appropriate security controls in the first place.

It may take time, but information security will become more mainstream as organizations see the real value of being secure such as brand confidence, efficient process and reduced fire fighting.  Until then, security will have to be treated as a 'configuration' item for most people.