By Short, Jason
Risk Management , Vol. 55, No. 10
Interaction, openness, knowledge-sharing and malleability are the new online currency The internet has always represented a security challenge, but with the emergence of Web 2.0's reliance on open-ended, user-generated content, things just got even more complicated.
The shift of consumer-oriented Web 2.0 tools to the corporate enterprise, including use of social networking sites such as Facebook, YouTube, Craigslist, Flickr and Wikipedia, as well as the proliferation of blogs, RSS feeds and other emerging technologies, introduce a whole new level risk.
Ultimately, it is the social and interactive nature of Web 2.0 technologies that make them inherently difficult to secure. Couple that with the speed with which new applications and widgets are created and launched, and you have a potential disaster in the making for the unprepared.
Ready or Not
In addition to using them for personal reasons, employees and businesses are increasingly adopting Web 2.0 tools as legitimate and useful business tools. Already the term Enterprise 2.0 has been coined, and terms such as "enterprise social computing" are being used to label the adoption of Web 2.0 by business.
According to Nemertes Research, 18% of companies currently use blogs, 32% use wikis (collections of web pages that anyone can modify or contribute to) and 23% use RSS feeds. These numbers are expected to grow rapidly, with leading analyst firms such as Gartner, the Radicati Group and Forrester Research predicting that enterprise spending on Web 2.0 business social software could reach up to $4.6 billion dollars by 2013. The notoriously secretive CIA even recently launched an internal wiki called Intellipedia to capture intelligence gathered from its global network of field agents and internal researchers.
Web 2.0 holds the key to breaking down the barriers between siloed business groups and in making valuable corporate information and organizational intelligence more accessible, searchable and more easily shared. It is a primary reason why wikis currently are one of the most popular social media tools for enterprises.
Web 2.0, with its built-in collaboration, promises to help capture and derive value from institutional knowledge and know-how. The fact that information is no longer centrally controlled and that the abuse of publishing tools is very easy, however, is a justifiable reason for concern. So too is the untested nature of many Web 2.0 applications.
Regardless of the which specific technologies are used, it is how Web 2.0 is implemented and how the associated risks are managed that will be most important. Even those organizations that are not using Web 2.0 themselves will need to take steps to secure users and their internal systems.
In some instances Web 2.0 tools and practices are being introduced on an ad hoc basis, without full knowledge or oversight by IT or management. Employees are simply taking the tools and running with them. Wikis, blogs, Flickr, social tagging, bookmarking and the like are all tools that can have a valuable role to play in business--that is, if the risks are understood and the necessary precautions and training are undertaken across the organization to reduce those risks.
The Risks Involved
As Web 2.0 solutions become more popular and more pervasive, security in the corporate enterprise will continue to be a major factor. As already outlined, the interactive nature of these applications creates new avenues for information leakage, and makes them inherently difficult to secure.
New technologies, like RSS, Ajax, and even instant messaging all introduce new vulnerabilities. The heavy use of Ajax (a web development technique that is used to create interactive web applications) and the move of processing from the almost exclusive domain of servers to client devices and handheld technologies heightens risks. …