May 21, 2008

Forrester's Views on Web 2.0 Security

Dr. Chenxi Wang, a Principal Analyst at Forrester, presented a session on Web 2.0 Security Strategies. Here are some highlights from her session:

Web 2.0 is moving into Enterprises, whether you like it or not. She calls this the “consumerization” of enterprises. This is one of the most significant trends in enterprise computing today. All of the existing business software vendors are eyeing this market.

Web 2.0 applications bypass traditional controls that enterprise IT has in place for business data and processes, which introduces an additional need to mitigate external threats. However, Wang advises against blocking 100% of Web 2.0 content in organizations in order to avoid employee backlash.

If you’re developing your own Web 2.0 applications or services, security must still be considered. Web 2.0 apps are more difficult to secure than traditional apps.

Information security considerations

  • Content governance: much Web 2.0 content is unstructured. Content moves freely between the web, email, IM, P2P, FTP, RSS. This moves outside normal security tools.
  • Data security and control
  • Identity management
  • Archiving and retention
  • Compliance
  • Privacy and Intellectual Property: IP is owned by the web 2.0 site. Businesses should understand IP ramifications of using Web 2.0 sites. For example, content posted to Facebook is owned by Facebook and not the author.

No comments: