Businesses need to understand the security issues of Web 2.0 and Social Networking 
(10/12/2009)
The adoption of Web 2.0 makes the job of keeping email and the web free from attacks, malware and spam even more difficult. Yet, simply closing access to unapproved tools can be short sighted as unhappy employees drift to rival businesses with more enlightened policies.
Web 2.0 is growing with increasing momentum and businesses seem to be harnessing some of its benefits to bring them closer to their customers and improve overall brand experience. However Web 2.0 as a concept is quite vague and is becoming all encompassing. Firstly it is important for businesses to distinguish between Web 2.0 social networks and Web 2.0 functionality in the workplace; Social Media is very similar to Web 2.0 the only main difference is that social media focuses on people and Web 2.0 focuses on content.
Social Networks are heavily focused at keeping in touch with friends and sharing photos, video and chatting in real time. Using social networks such as Myspace, Twitter and Facebook in the workplace is arguably questionable in terms of how it benefits the business. Evidently organisations need to keep staff happy and not enforce draconian rules upon them; however providing such a distracting media in the workplace and encouraging its use can’t be beneficial.
Web 2.0 functionality however can be very beneficial. Using a combination of different mediums (web, audio, and video) to convey a message to new and existing clients can be used to great effect. A number of Pentura’s clients have started to use such techniques drawing on the principles of the social networking environments to provide a new canvas for marketing. An example of this was a company that produces cosmetics, which used Web 2.0 functionality to provide a feature rich website for customers to become members of if they were interested in the brand in question. Additionally members could liaise with each other via chat but also enter online competitions and win prizes.
The original question of security is significant in both instances as both use diverse integrated functionality to convey information. Social networking sites’ very essence is defined by feature rich functionality and this encompasses web, chat, audio, video, pictures and integrated applications. There are issues of personal data to consider with profile information but the most significant risks exist with the integrated applications as these can be hosted third party and not subject to any security or information assurance controls. In the last 18 months it has been demonstrated that these applications can have malware or functionality issues, which have serious security implications.
Business are becoming more aware of the security risks associated with using Web 2.0 however, existing security architectures have a limited ability to manage them effectively. Most block at a higher level, which inhibits useful functionality or just block the URL outright. Firewall technology mostly enforces policy at network layer with a degree of layer application functionality but again with limited effect.
Technologies are now starting to emerge, which offer granular control of Web 2.0 functionality. Palo Alto Networks offer one such technology, which is currently unique in the Firewall marketplace. It allows businesses to gain user application usage visibility and affect a policy to control Web 2.0 applications from almost any aspect such as chat, email, apps and file transfer.
Companies that harness Web 2.0 technology for their own use should make sure their application and website code is fully checked and written in a secure manner as experience shows the use of third party libraries can diminish a business’s security baseline and should be used prudently. Businesses need to understand the security issues of both Web 2.0 and Social Networking as their use in the workplace seems to be here to stay.
Pentura Limited is exhibiting at Infosecurity Europe 2010, on 27th – 29th April in its new venue Earl’s Court, London. www.infosec.co.uk
Related topics: Application and software security Firewall Internet and Web security Security management and policies Virus, Worm, Email security, spyware and malware
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
