CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Preparedness

Web 2.0 Brings Increased Array of Threats

By Renee Oricchio

At least 5,000 Microsoft Corp. employees have their own company web blogs. Not only are they allowed and blessed by upper management, they’re even hosted on Microsoft’s own servers.

Compare this to Apple, Inc., which has such tight restrictions on its employees that they’re not allowed to talk to anyone outside the company about their work via blog or any other method. Apple has even gone so far as to sue some unofficial company blogs in attempts to pressure them to reveal inside sources.

What this shows is that even technology companies don’t know what to do about regulating Web 2.0 technologies like blogs. What makes Web 2.0 security so complicated is that it covers such a broad range of applications.

“RSS can be implemented in as little as 12 lines of code, and 12 lines of code aren’t going to change the world. Web 2.0 is not any one thing; it’s more like 12 things,” says Ray Valdes, a research director at Gartner. Valdes divides security concerns into two categories: how to manage the technology and how to manage the people who use the technology.

Managing the technology
“Web 2.0 applications can be more vulnerable to security attacks,” adds Chenxi Wang, a principal analyst at Forrester Research. “It’s harder to know whether the content is trustworthy. Today the client has a much bigger role to play, with the user contributing to the content. It presents a risk both inbound and outbound.”

Wang recommends that CIOs take these additional steps to safeguard their networks from Web 2.0 security challenges.

  • Filtering engines  In the past, companies have just used URL filtering for things like porn sites and sports sites. “Now they need to analyze content in real-time as it enters and leaves the system,” says Wang.
  • Outsource the job  Wang points out that this kind of real-time analysis is very expensive and time-consuming. Most companies would be better off to hand it over to a specialized vendor with greater expertise, along with the economy of scale to do it more cheaply.
  • Schedule automated scans frequently  Because these applications are so much more dynamic, it’s important to scan and test them on a regular basis. For example, Wang recommends that a simple wiki used to share harmless information should still be checked at least once per quarter. Applications that host sensitive information should be scanned once a month, if not weekly.
  • Conduct human-based audits routinely  This is best done by an objective third-party team, as well. It should be done at least once a year, if not every six months, to check for vulnerabilities, track problems over time and monitor the value of the application to the business.

Managing the people who use the technology
A Forrester Research survey of enterprise-level IT and security managers taken in September 2007 found that data leakage is considered the number one worry, ahead of viruses and Trojans. Data leaks aren’t likely to happen from a hole in the code, but more likely loose lips from insiders.

Both Wang and Valdes agree the first and most important step to secure Web 2.0 use begins with a clear employee policy, which will vary depending on the nature of the company and sensitivity of its information.

As highlighted by the differences between Microsoft and Apple, every organization has its own comfort zone in how much control it exerts over its employees. Typical policies range from no Web 2.0 use at all to using only applications implemented by the IT department, or no use of third party Web 2.0 applications to limited use of third-party Web 2.0 applications from a list of approved vendors.

“At the social level, we now have wikis and blogs,” says Valdes. “At any time, an employee can publish company secrets. It’s analogous to getting a phone system and worrying that an employee might call someone and reveal trade secrets. Your best security is an employee code of conduct and corporate culture that honors those policies, regardless.”

In other words, whatever a CIO does, the effort to secure Web 2.0 technologies is only as strong as the trust between employer and employee.

Renee Oricchio is a freelance writer in Norwalk, Conn. For the past 20 years, she has been writing and producing news segments about technology and business for CNN, MSNBC, Ziff-Davis, CNET and a variety of Silicon Valley-based local news outlets.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

“Web 2.0 applications can be more vulnerable to security attacks. It’s harder to know whether the content is trustworthy. Today the client has a much bigger role to play, with the user contributing to the content. It presents a risk both inbound and outbound.”

--Chenxi Wang, a principal analyst, Forrester Research.
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Mobile and Malicious
Playtime: 10 min 10 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service