Facebook’s Robust Security

There may be complaints about Facebook’s ability to secure its users’ data, or to secure against criminals using Facebook as a platform for illicit activities, but on the home front it seems Facebook has security covered pretty well.

When you think about how ubiquitous Facebook is, how beloved, hated and controversial, it’s easy to see it and Zuckerberg as hot targets.  Zuckerberg reportedly receives several death threats per week.  His executive protection team of 70 protects him and his family 24/7 to the tune of $10 million per year, a budget higher than any other U.S. mogul.

Vendors, job applicants or simply uninvited, curious folks add up to well over a million visitors to Facebook facilities per year, across the globe.  Those visitors need to be vetted and corralled – no easy task.

Security Force

So are you surprised to learn that a security force of 6,000 is deployed to protect its 80,000 Facebook employees and contractors around the world?  Amounting to a crazy security to staffers ratio, that number seems staggering.  But when you consider the size of the company and the range of its enterprise , maybe that figure isn’t entirely crazy.

Rob Price wrote a fascinating article that appeared in Business Insider this March, describing in some detail the challenges and efforts taken to safeguard this social media giant. To begin with, maintaining a culture of casual openness and freedom makes just locking down offices a non starter.  Zuckerberg himself works at a desk in an open plan office, with access to a glass walled conference room in the middle of the space.  Of course the glass is bullet proof and EP officers sit near by at all times.

Another example cited was the theft of a virtual reality headset prototype from a conference room. Potential suspects numbered in the hundreds, in an open-plan space, and without surveillance cameras there were no leads.  Chief Global Security officer Nick Lovrien explained in the article that the open space that promotes collaboration is a business risk the company is prepared to take.  His teams mitigate threat as best they can through policies, protocols and proactive intelligence analysis.  The fact that employees have free access to lunch, bikes to get around the campus, technology accessories like headphones and cables has all but eliminated theft of the same.

Other less obtrusive security methods include large numbers of armed, undercover officers patrolling halls. Employees let alone visitors don’t necessarily know who is who, and that works well.

Price explains that Facebook security is divided between five areas: security officers, intelligence-investigations, strategic security, systems-technology and naturally the EP team.  The data centric company sifts through a great deal of open source information to keep ahead of threats.

Another example of how philosophy butts heads with practical necessity is reflected in the FB motto “move fast and break things.”  What works for engineers and coders is in stark contrast to security requirements.  An example is how the FB security department had to block many of the entrance points at the then new headquarters because they were a way to bypass the main reception checkpoints.  One images many clashes.

All in all, Facebook security does an admirable job in the face of the giant task set out for it.

Leave a Comment