Amid The Rush To Web 2.0, Some Words Of WarningAmid The Rush To Web 2.0, Some Words Of Warning
All that social interaction and user-generated content opens a Pandora's box of security concerns.
May 26, 2007
As businesses rush to get involved in Web 2.0, they must think about the security implications of all those blogs, wikis, and social networks. They could be putting their networks, employees, and customers at risk.
"Web 2.0 is all about openness and freedom," says Kris Lamb, director of the IBM Internet Security Systems division's X-Force security research organization. "You're really tearing down the traditional barriers that have kept companies safe."
Business managers and marketing heads like the idea of customer-generated content. An automobile maker, for instance, might start a social network or blog, allowing customers to write about their experiences and post pictures and video.
Most Frequently Blocked Web Sites
Percentage of Barracuda Networks' customers blocking these sites
But just look at some of Web 2.0's darlings to see what can go wrong. Hackers and spammers can create their own pages on MySpace and riddle them with malicious code to infect their social networking peers. One worm planted in a MySpace page infected more than 1 million users. And malware writers are beginning to target vulnerabilities in Ajax applications, which help make the Web 2.0 Web sites so dynamic.
"You have to remember that you're taking all this code from the back end and pulling it down to the client," says David Cole, director of Symantec Security Response. "If you have some goofy code in there, you could be exposing it with these technologies."
Web 2.0 technologies allow data to move in new ways at faster speeds, complicated by the fact that users are so much more involved. "You've got to make sure you're protecting users from each other," says Paul Judge, CTO at security vendor Secure Computing. "You have to have some containment and control."
Web-based content is generally blocked for three reasons: to avoid liability for any illegal activity involving workers, to reduce the risk of malware infections, and to prevent drop-offs in employee productivity.
Most companies are more concerned with blocking certain Web site categories—gambling and adult sites, for example—than with targeting individual Web sites like MySpace and YouTube, says Stephen Pao, VP of product management at Web filtering company Barracuda Networks.
Of course, social networking and other Web 2.0 sites may have value to workers beyond any distractions they might cause. Half of the 162 customers polled recently by security vendor Sophos say employees should be able to access MySpace. A quarter of respondents are opposed to blocking access to MySpace because the effort would be too complicated and time consuming, while the rest worry about employee backlash at having MySpace access taken away.
About the Author(s)
You May Also Like
The New Frontier of Cyber Security: Securing the Network Edge
Choice Hotels Goes 'Lights Out' with Remote Power Management and Server Access from Raritan
7 Steps to Build Quantum Resilience
Data as Currency: The Importance of Master Data Management in Banking
Top Six Recommendations to Improve User Productivity with a Hybrid Architecture