May 25, 2007 (08:05 PM EDT)
Amid The Rush To Web 2.0, Some Words Of Warning
Read the Original Article at InformationWeek
As businesses rush to get involved in Web 2.0, they must think about the security implications of all those blogs, wikis, and social networks. They could be putting their networks, employees, and customers at risk.
"Web 2.0 is all about openness and freedom," says Kris Lamb, director of the IBM Internet Security Systems division's X-Force security research organization. "You're really tearing down the traditional barriers that have kept companies safe."
Business managers and marketing heads like the idea of customer-generated content. An automobile maker, for instance, might start a social network or blog, allowing customers to write about their experiences and post pictures and video.
"You have to remember that you're taking all this code from the back end and pulling it down to the client," says David Cole, director of Symantec Security Response. "If you have some goofy code in there, you could be exposing it with these technologies."
Web 2.0 technologies allow data to move in new ways at faster speeds, complicated by the fact that users are so much more involved. "You've got to make sure you're protecting users from each other," says Paul Judge, CTO at security vendor Secure Computing. "You have to have some containment and control."
Web-based content is generally blocked for three reasons: to avoid liability for any illegal activity involving workers, to reduce the risk of malware infections, and to prevent drop-offs in employee productivity.
Most companies are more concerned with blocking certain Web site categories—gambling and adult sites, for example—than with targeting individual Web sites like MySpace and YouTube, says Stephen Pao, VP of product management at Web filtering company Barracuda Networks.
Of course, social networking and other Web 2.0 sites may have value to workers beyond any distractions they might cause. Half of the 162 customers polled recently by security vendor Sophos say employees should be able to access MySpace. A quarter of respondents are opposed to blocking access to MySpace because the effort would be too complicated and time consuming, while the rest worry about employee backlash at having MySpace access taken away.