Facebook’s chief of security, Alex Stamos, was heard stating that the company’s own network was run “like a college campus” in a leaked recording.
ZDNet reports that Facebook’s Chief of Security, Alex Stamos, told staff that the companies internal security practices must be improved to act more like a defense contractor and that the company’s current internal networks was run, “like a college campus.” Stamos made the comments in July during an internal meeting at which Stamos stated that not enough had been done to update the company’s security practices against growing threats, citing a number of issues both technical and cultural.
“The threats that we are facing have increased significantly and the quality of the adversaries that we are facing,” said Stamos. “Both technically and from a cultural perspective I don’t feel like we have caught up with our responsibility.” He continued, “The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost.” Stamos further added, “We have made intentional decisions to give access to data and systems to engineers to make them ‘move fast’ but that creates other issues for us.”
Stamos also said that the company had published a report on the companies current standing from a security perspective in what, according to Stamos, was a “very painful process.” Stamos added that the report would be updated every six months and management will be briefed on what the document contains. Stamos was reached for comment on the recording and said that the “college campus” line he used was a figure of speech and were not a criticism of Facebook’s management.
“My team runs network security for the company, and of course we secure it thoroughly,” he said on Thursday. “They care a great deal,” he said. “It’s not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network.” Stamos continued, “Tech companies are famous for providing freedom for engineers to customize their computing environments and to experiment with new tools, frameworks and development processes.” He further stated, “Allowing for this freedom helps creativity and productivity, but we have to weigh that against the fact that we have become a potential target of advanced threat actors. As a result, we can’t architect our security in the same way a defense contractor can, with extremely limited computing options and no freedom.”
“Keeping the company secure while allowing the culture to blossom is a challenge, but a motivating one that I’m happy to accept,” said Stamos. The source of the recording of Stamos reportedly has intricate knowledge of Facebook’s security system and said that the security threats the company is currently facing are “way above [Facebook’s] ability to handle.”