Business Innovation Homepage > Collaboration
Taking a proactive approach to security can help enterprises ensure safer online collaboration.
October 8, 2008
Web-based collaboration is gaining momentum at many organizations, with tools such as social networks, blogs, wikis and podcasts helping to reinvent the way people interact.
Enterprise spending on these so-called Web 2.0 tools will rise 43 percent annually over the next five years to $4.6 billion worldwide by 2013, according to an April 2008 report by Forrester Research Inc. And a Gartner Inc. Executive Programs survey of 1,500 CIOs worldwide earlier this year showed that half the respondents said they plan to invest in Web 2.0 technologies for the first time in 2008.
Web 2.0 tools provide a host of potential benefits, such as improved collaboration, reduced travel and related costs, and enhanced customer service. But before jumping onto the Web 2.0 bandwagon, organizations need to understand and address the inherent security risks involved. “All the advantages of Web 2.0 are at the same time vulnerabilities,” says Joseph Feiman, vice president and Gartner fellow at Gartner.
Feiman says Gartner cites four main attributes of Web 2.0: The technologies are user-centric, distributed, lightweight and open — and all of these attributes come with their own security risks. For example, because many collaboration tools are based on open source software and are widely distributed, they are vulnerable to attacks by hackers and other intruders. Potential attackers can use the same penetration tools available to enterprises to detect and possibly exploit vulnerabilities, he says.
Web 2.0 allows many individuals to become application and content developers, and to deploy collaborative applications that implement their own versions of established business rules and practices, Feiman says. While this presents potential value to the business, it also introduces risks, he says.
Another risk is that users, by sharing information with other users, might inadvertently leak competitive corporate information and intellectual property via blogs, social networks and other online collaboration tools.
How can organizations best address the security issues related to Web 2.0 technologies? Gartner recommends that enterprises evolve toward what the firm is calling Security 3.0, a “proactive” approach to security.
The first generation of information security addressed security vulnerabilities of the mainframe-based computing environment, primarily through the use of IDs and passwords. The second generation addressed issues in the networked environment and early Internet years, mainly through technologies such as network firewalls and encryption.
These approaches were effective for those earlier environments, but are not sufficient for the Web 2.0 world. “They are reactive, and [organizations] have to be proactive” in protecting against the current vulnerabilities, Feiman says. Security 3.0 includes efforts such as application security, where developers include security components in the application design process and build security controls into the application itself.
By putting in place effective and proactive security mechanisms, organizations can be more confident in allowing their employees and customers to access Web 2.0 technologies and services, and therefore they may be less tempted to stop the use of these potentially beneficial collaborative tools.
Click here for more Human Factors articles
|
