When Web 2.0 means Threat 2.0 When Web 2.0 means Threat 2.0 - RSS feed from Security Park
(16/01/2009)

All manner of companies are beginning to adopt Web 2.0 technologies, encouraging employee blogs, customer forums, greater use of multi-media content and images and self-created encyclopaedias (or wikis). As with all new technologies, there are issues.

First and foremost, privacy – the rapid growth of social networking has meant the risk of harmful private information or compromising materials being published is far greater. There are also technical Web 2.0 security issues – like the recent Facebook and MySpace worm – which are only the start of what might be called Threat 2.0.

Part of the excitement about Web 2.0 technologies is that they have such widespread personal adoption. A survey carried out by IT Governance showed that over 39% of people who responded are typically on a Web 2.0 site for more than an hour every day. This is especially true for the 16 to 25-year-old demographic. These people, now entering the workforce in appreciable numbers, think e-mail is outdated; they want instant messaging, they expect to talk to their friends about what they did last night online, sharing photos, music files, bits of video – whatever they can manipulate digitally, it seems.

What to do about this, if you're an employer? Social networking is a challenge. Your staff are spending work time doing all this. And the danger is, of course, that confidential corporate data and protected personal information could very easily find its way into the public domain via this sort of largely unsupervised electronic interaction, along with the embarrassing shot of a member of staff after one too many drinks.

The threats associated with Web 2.0 are not clearly understood, but range across the whole gamut from regulatory and compliance issues to electronic and cyber attack. Connotations of 'friendship' mean that Web 2.0 users are lulled into a false sense of security – and because the web service is free, users assume that it is acceptable, safe and compliant with data protection and privacy regulations. That’s a dangerous and usually unfounded assumption.

Also, the security settings for personal and sensitive data on social networking sites are not transparent. This means that individuals are not immediately aware as to how much of their information is accessible to possibly unwanted third parties. Malware (worms, Trojans and spyware) can be spread, for example, via the (so far!) 25,000 different free third-party applications available for users of Facebook.

And what goes 'out there' tends to stay there – Facebook accounts cannot be deleted, for example. This sort of easy-to-acquire personal data, as well as professional information on the Web like CVs and previous employers is an open door to conmen to steal individual identities. And that rule applies to corporate information, in terms of data leakage and also exposure of what businesses want to keep inside the firewall.

So any company looking at this way of opening up to the outside world needs to consider how Web 2.0 could lead to the risk of litigation, significant brand damage or other privacy and data protection transgressions.

A very natural impulse is to just put controls in place to regulate Web 2.0 use. The negative aspect of this approach is that it may prevent staff from carrying out tasks that they need to do in order to do their jobs and work effectively. Web 2.0 enables a multi-directional, sharing of information). This offers enormous business benefit – by helping people share knowledge. In any case, Web 2.0 is now embedded in the cultural DNA of tomorrow’s workforce. The best and brightest of tomorrow’s workers will gravitate toward organisations which embrace these new working and social practices.

So how to get the mix of controls and access right? Identify those Web 2.0 technologies that could be usefully deployed, together with a realistic description of the benefits, current and future risks staff could open you up to, e.g. data 'leakage' and reputation damage – and set out an appropriate risk management strategy.

Doing this will enable managers to offer staff the more information-rich and agile way of working and operating they crave – and curb the risks, so you will not miss out on one of the biggest change in working and social practice in our lifetimes.

IT Governance Ltd is exhibiting at Infosecurity Europe 2009, on 28th – 30th April in its new venue Earl’s Court, London, www.infosec.co.uk

Opinion piece submitted by Alan Calder, Chief Executive of IT Governance Limited

Related topics:  Authentication and identity management   Data management and data security   Internet and Web security   Security management and policies 


print versionPrint version | email this to a friendEmail to a friend | related articlesRelated articles


Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.


Other Security news and resources


Security News Suppliers Directory Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security interviews Security companies Security events Security links Security market

Product channels

Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products

IT Security white papers and research library

Access Control  Authentication  Data Management  Data Security  Digital Signatures  Email Security  Identity Management  Internet Security  Intrusion Prevention  Network Security  Remote access security  Security Management  Security Policies  Security Software  Security Threats  Virus Detection Software  Virus Protection  VPN  Vulnerability Assessment  Wireless Security 

Security books, guides, standards and toolkits

RFID and Smart Cards books, guides and reference documents  Biometric books, guides and reference documents  CCTV books, guides and reference documents  Intruder alarms and intrusion detection systems books, guides and reference documents  Monitoring and surveillance books, guides and reference documents  IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits  Fire, Health & Safety books, guides and reference documents

Security Resources
Directory GET LISTED! Jobs forum Classifieds Knowledge base White papers Research library Security books Security videos Special reports Security companies Security events Security links Security market Company news

Security Products
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Security products

Security Markets
Bank and financial services security Corporate and enterprise security Education and school security Entertainment and events security Homeland and Government security Hospital and healthcare security Infrastructure and utilities security Manufacturing and industrial security Public sector security Residential and home security Retail security Small business security Sports and recreational security Transport and logistics security


Ensure that you conduct an effective information security risk assessment that is in line with ISO 27001 by purchasing vsRisk™ Risk Assessment Tool

Need a
Security reference book?
Find it on Amazon
Security books







advertise
sumbit an article
copyright
terms & conditions
privacy policy


CMS and Web design by www.Areza.com

Article search

Directory search


add your company
Google

ISO 18028 (Network Security Management)
Home | About | Contact | Submit article | Advertise | Newsletter | RSS | Search