Web 2.0 is changing the way we do business, and the way we do Internet security. With advances in the web that allow for a more "social" sphere of information sharing, collaboration, and ways of doing business. Here is a definition of Web 2.0 from John Battelle and Tim O’Reilly:

"the web had become a platform, with software above the level of a single device, leveraging the power of the "Long Tail", and with data as a driving force…" (Wikipedia)

Web 2.0 encompasses social networking sites like Facebook, blogs such as this one, Skype, Wikipedia, and so much more. No matter how you define Web 2.0, companies are in a transition period of adopting and developing around this new way of doing things.

All of these new tools and technologies of the interactive web have shepherded a new era of security vulnerabilities. Research group Fortify gave a talk at the Web 2.0 Expo in San Francisco recently about the new wave of internet security threats.

"Security was a challenge to begin with, but, if anything, it’s getting harder in the Web 2.0 world." – Jacob West, Manager, Fortify

Fortify foresees that JavaScript will be a growing issue in security as the adoption of Ajax (based on JavaScript) increases and the existing vulnerabilities become more widespread. At the same time as vulnerabilities are spreading, attack techniques are improving at a rapid rate. Some of the makers of JavaScript & Ajax toolkits are proactively closing up security issues, but others (particularly the big ones like Microsoft) are not.

This is just one example of the security issues associated with Web 2.0. Many issues with integrating Web 2.0 technologies internally or into the company website come from poor planning. A "rush to embrace" to what is trendy (InformationWeek). Additionally, social networking sites such as Facebook and MySpace can be laced with malware. Cyber criminals are co-opting social networking sites as the delivery vehicles for cyber attacks.

Companies are going to be faced with many Web 2.0 challenges, from planning the integration of new technologies to creating effective security policies outlining the use of such technologies.

"Companies need to adjust their security policies for Web 2.0 world today, they need to tailor their Internet use policies and create rules that include social Web sites, blogs, and all the other types of sites being created out there, the usage policies need to be spelled out specifically and enforced.

Beyond that they need technical safeguards to back those policies, but the outlook for all this is still pretty grim. Most companies are barely providing sufficient protection in the context of Web 1.0." – Paul Henry, Secure Computing (via InfoWorld)

Via CNet Tags: , , , , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati