The Move To Web 2.0 Increases Security Challenges - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

The Move To Web 2.0 Increases Security Challenges

As more companies deploy cool Web 2.0 technologies, careful planning is required to avoid new kinds of security problems.

Web 2.0 isn't just for the likes of MySpace and YouTube anymore. Mainstream companies are catching the fever, ramping up their Web sites and creating communities of their customers.

The only problem is, they might be rushing headlong into something that could put their network -- and their customers -- at risk.

"Web 2.0 is all about openness and freedom," said Kris Lamb, a director with IBM's Internet Security Systems, in an interview at Interop. "You're really tearing down the traditional barriers that have kept companies safe. What does security mean for Web 2.0 when you can't make really clear distinctions between 'this is what we allow to happen,' and 'this is what we don't allow.'"

As companies rush to embrace this trendy new media phenomenon, IT and security managers are being warned to slow down the process and make sure they think through their security. How public-facing are these new Web 2.0 features going to be? How much risk are companies willing to take?

"They've got to think about security," said Lamb. "It can't be an afterthought. It has to be part of a larger decision-making process If it's not, there's a lot of risk."

Web 2.0 technologies -- the kinds that promote interactivity and community-building and made MySpace and YouTube household names -- are starting to gain a foothold on more conventional Web sites. Web 2.0 largely is about user-generated content. Corporate executives and marketing heads like the idea of having their customers be participants and sharing information, rather than just getting information off the site. An automobile maker, for instance, might start a social network or blog for customers to write about their experiences with their vehicles or to post pictures or videos from their favorite road trips.

But the advantages of creating these communities and enriched Web sites also come with the same risks that plague the Web 2.0 giants. A worm planted in a MySpace page infected more than 1 million users. Hackers and spammers can join MySpace to create their own pages, riddled with malicious code, to infect their social-networking peers. And hackers are beginning to target vulnerabilities in Ajax applications, which help make the Web 2.0 Web sites so dynamic.

"It's a gold rush right now," said David Cole, director of Symantec Security Response, in an interview at Interop. "But you have to remember that you're taking all this code from the back end and pulling it down to the client side. Before, you could hide it. If you have some goofy code in there, you could be exposing it with these technologies."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll