• August 15, 2007
  • By Colin Beasty, (former) Associate Editor, CRM Magazine

Web 2.0: Secure Now, Succeed Later

The adoption of Web 2.0 technologies in the enterprise is driving unprecedented collaboration throughout business, but brings with it significant security risks, according to a new report from Gartner. These risks are manageable, the research firm says, but only if enterprises engage security early in the process and build a solid foundation to support Web 2.0, while limiting the risks. While most Web 2.0 technologies are not new, many of their prevailing concepts run contrary to traditional security practices, says Joseph Feiman, a research vice president at Gartner. "Using and participating in these online services and communities forces enterprises to relinquish a level of control that they historically would not tolerate," Feiman says. "It is forcing enterprises to rethink their security strategies." A recent Gartner survey found that most organizations have work underway to develop a strategy for Web 2.0, but few are prepared for or executing on that strategy. Gartner predicts that by year-end 2007, 30 percent of large companies will have some form of Web-2.0-enabled business initiative under way. In his report, "Securing Web 2.0," Feiman says that the security challenges created by the new technologies could be divided into two categories: protecting internal users and the enterprise, and protecting external applications. The internal challenges are characterized both by inbound risks (such as malicious code in RSS feeds) and by outbound risks (such as information leakage through inappropriate blogging or use of collaboration tools). The external challenges are threats generated by enterprise usage of and participation in Web 2.0 technologies, such as the use of third-party content (mashups), and engaging in open user communities, Feiman says. "The perils of user-generated content have already been experienced by some newspapers which face the difficulty of readers posting inflammatory or offensive comments online. It's not yet clear what the rules are governing this kind of content or how it will affect the publisher's reputation." "A similar risk that many enterprises are currently dealing with is employee blogging," Feiman says. "Some organizations encourage it, others forbid it, and some have no formal policies at all." It's a double-edged sword, he adds: "On the positive side, blogging can build strong communities, brand awareness, and transparency; but on the negative side, blogging can reveal corporate secrets, arm disgruntled employees, and have undesirable consequences." According to Gartner, the open nature of Web 2.0 also presents significant challenges to the traditional enterprise approach to controlling intellectual property and proprietary content. In the outbound sense, information leakage can occur through a variety of means, such as blogging, instant messaging, collaboration tools, and even online calendars. Similarly, any content served by a Web 2.0 application can be re-formed, reused and redistributed by third parties, making it practically impossible to control content. This can include press releases, price lists, video, and audio, all of which can be rapidly propagated across the Internet. As with any collection of technologies, Web 2.0 comes with a wide range of vulnerabilities and risks--but a few basic practices can limit an organization's exposure. Feiman says the two most important practices for limiting risk when building Web 2.0-style applications are:
  • adopting a secure development life cycle; and
  • focusing on validating all input, whether it is from an internal user or a business partner.
"There is no technology that can effectively protect content that is publicly accessible," Feiman says. "Rather, enterprises should determine what content they are willing to have in the public domain, keep the rest private, and use licensing agreements as often as possible to help control distribution and use." Related articles:
Social Studies: It's the Interface, Stupid! A report reveals numerous flaws in popular social networking sites' design for user experience--but also some good processes. SMBs Love Web 2.0 Small and medium businesses are quick adopters of Web 2.0, fueled by cost and performance pressures, according to a new study from AMI. Feature: Social Networking: Getting in Touch the CRM Way The new technology that will understand and leverage your relationship capital. Demographic Marketing Goes Web 2.0 Understanding how consumers approach social networking is crucial for marketers trying to take the Web 2.0 plunge.
CRM Covers
for qualified subscribers
Subscribe Now Current Issue Past Issues