Web 2.0

04/07/2008

web 2.0 a phrase that currently yields 100 million hits on Google

Web 2.0 is a generalisation term given to the change of static websites into interactive, service-based application interfaces. Anyone who spends any time online cannot have failed to notice. People are using the Web in new ways; ways that make the ‘brochureware’ of the early Web experience look and feel decidedly flat.

Our partners, Clearswift and Trend Micro enlighten us with their research findings:

In the Web 1.0 era, few users could create code or content outside their personal Web pages, and a handful of editors and developersdetermined the content of the most popular websites of the day. Today, some of the most heavily trafficked sites on the Web including MySpace, Wikipedia and YouTube are open to anyone with a browser and the will to participate. A Web that was previously the provenance of information elites has become a global commons.

“Web 2.0 refers to a perceived second generation of web-based communities and hosted services - such as social networkingsites, wikis and folksonomies - which facilitate collaboration and sharing between users.” Wikipedia

Nearly all Web 2.0 applications started life as consumer-focused services, only later finding their way into the enterprise. But unlike many consumer ‘toys’, Web 2.0 actually delivers impressive benefits to the enterprise, including:

• Streamlining collaboration within and beyond the enterprise
• Accelerating search and information retrieval
• Capturing knowledge assets and facilitating knowledge transfer 
• Speeding application development and deployment
• Communicating with stakeholders in new ways.

Some of these benefits are ‘soft’. Others are quantifiable. But all have combined to earn the attention of business and IT Managers alike. Web 2.0 is here to stay. In fact, it’s now evolving into Enterprise 2.0 – the application of Web 2.0 technologies to workers using network software within an organisation.

Over the past 12 months social networking sites have increased massively in popularity, however, more and more companies have been banning the use of sites such as Facebook and MySpace, causing employees to complain about lack of trust and preventing the businesses themselves from using social networking sites for competitive advantage.

So what are the concerns for businesses?

The first is that social networking sites affect productivity and with stories about Facebook usage costing employers £30.8 billion per year, it is no surprise they are worried. One suggestion to curb staff usage is to put policies in place to only allow users access to specific social networking sites at certain times, for instance, before 9am, after 5.30pm and in lunchtimes. Products which can do this are readily available and their implementation means employees do not feel their freedom is being infringed and can still keep in touch with friends, but employers can be sure that during working hours, staff are doing just that.

The second concern businesses have raised is employees may leak confidential company information on social networking sites either accidentally or intentionally. Obviously this is a very real issue and any organisation needs robust content security to prevent this from happening.

Content security solutions offer the opportunity to set up and enforce specific filtering policies. With the right solution, employers can check all web content for confidential content and keywords – whether it is on a social networking site, on a blog or in a webmail message. Any content which is confidential or deemed inappropriate will be blocked, allowing companies to keep a tight grip on what gets into the public domain. This way, employees can discuss their day or weekend with friends but are prevented from talking about company sensitive information.

So in areas where the company can see no business value in social networking, is a blanket ban appropriate?

The answer is social networking has become a valid way of conversing not just with friends, but also with colleagues, customers and business prospects. Sites such as LinkedIn or Viadeo are social networking tools specifically designed for the business community, and there are a growing number of people who use Facebook for work-related networking. An example of this is T-Mobile, which created a group on Facebook designed to allow its new graduate recruits to get to know each other before starting at the company. Using the group, employees could swap mobile numbers, organise house shares and arrange to meet. It also allowed T-Mobile to respond to any queries the new employees may have had about their jobs. The response from the graduates was very positive and the company intends to continue with this initiative and expand it for the graduate scheme next year.

In this Web 2.0 age when employers are blogging and company websites are becoming more interactive, it makes good business sense for employees to be allowed access to such sites. Rather than seeing these sites as a distraction to the workforce, opening the doors to data leakage, malware and time wasting, businesses should be looking at integrating Web 2.0 sites into their daily practice.

Research Findings:

• 87% of US employees access Web 2.0 sites each week
• 46% of employees discuss work-related issues on social media websites
• 59% of UK employees aged 18-29 believe they should be entitled to access Web 2.0 content for personal use, from work

Clearswift Survey – The Impact of Web 2.0 on Corporate Security, 2007

While Web 2.0 is an exciting and revolutionary development in online computing, it exposes consumers and businesses to a broader spectrum of Web threats. Web 2.0 technologies, such as asynchronous Javascript and XML (AJAX), expand both the attack surface and the security gaps available to cyber criminals, while the communal interaction premise of Web 2.0 renders users more susceptible to social engineering techniques.

These developments challenge security solutions to expand protection beyond the traditional client-server endpoints of online computing. With many more threats unfolding “in the cloud” of the Web, which in the Web 2.0 paradigm is coming to function as a dynamic and exploitable operating system, next-generation security solutions must pay increasing attention to defence mechanisms that secure websites. Web reputation technologies, for example, have the potential to be the next frontier of defence against the burgeoning Web 2.0 security threat.

It is worth noting that social networking does give malware writers a new outlet for attack. Interactive sites use open source Ajax coding, which gives many more points of entry than with traditional HTML coding and with these new technologies come new threats. However, by using policy-driven security an IT Manager can bar access to a certain site or sites as soon as a threat is discovered and for as long as that threat is active. With flexible policy management, employees can still access work-critical internet sites so that their job related tasks remain unaffected.

Every new technology introduced into the enterprise brings with it new threats. Web 2.0 is no different, with threats including:

• Infection and downtime – caused by viruses, worms, Trojans and spyware specifically carried by Web 2.0 applications
• Data leaks – as staff members get lulled into a false sense of security, or intentionally share things they shouldn’t share
• Legal prosecution – for illegal activities or regulatory breaches
• Productivity loss – as users spend more time on blogs and social networking sites than on work
• Resource waste – as servers and networks become congested with frivolous multimedia content
• Reputation damage – as any of the above abuses hit the headlines.

These threats may look similar to the threat landscape associated with Web and e-mail use in general. But the unique nature of Web 2.0 technologies demand a new understanding and new defenses.

The Web 2.0 pillars

• Blogs
• Wikis
• Folksonomies
• Social Networking
• RSS or Newsfeeds
• Social Tagging or Bookmarking
• User-generated Media
• Mashups
• Podcasts

The potential consequences of neglecting Web 2.0 protection are significant: “Ignoring security during the Web 1.0 deployment led to website defacement, identity theft and business losses… Web 2.0 mashups that are not done securely will lead to huge openings for new forms of phishing and other attacks,” warns Gartner Group. However, because of the rush to architect Web 2.0 applications to meet demand and the underlying security weaknesses of AJAX, the Web 2.0 ecosystem remains disturbingly vulnerable to attack.

Our partners offer solutions to maximise use of Web 2.0, be protected and protect your business in the process.

Trend Micro™ InterScan™ Web Security Suite delivers protection against multiple threats at the Web gateway blocking attacks before they can invade the network. It protects against viruses, spyware, grayware and phishing, plus optional modules can be added to combat malicious mobile code and restrict employee Internet use. The suite also integrates with Trend Micro™ Damage Cleanup Services for automated clean up and repair of infected files. As a fully integrated solution, it is highly scalable and easy to manage across complex distributed networks.

• Blocks malicious mobile code and unwanted Web content when integrated with optional Applets and ActiveX Security and URL Filtering modules
• Filters HTTP and FTP traffic with minimal impact on Web performance
• Extends Trend Micro™ Enterprise Protection Strategy to the Internet gateway for outbreak lifecycle management at the enterprise perimeter.

 

The MIMEsweeper Web Appliance is the first enterprise-class web and Web 2.0 security solution, covering all web threats in a single box that’s easy to deploy, manage and support. All the essential web security software is integrated with pre-installed policies on a hardened Linux appliance and futureproofed with auto-updating of all software components.

The MIMEsweeper Web Appliance combines Clearswift’s award-winning content security with best-of-breed URL filtering, anti-virus and anti-spyware technology into an integrated, easy to manage web security solution.

• Hard or soft Appliances – for your chosen servers
• Rapid time to benefit - up and running in 30 minutes
• Blocks all malware and spyware - to protect your network and data
• HTTPS filtering – to protect encrypted traffic
• Data leak prevention – simple data loss policy controls for all web traffic and web mail
• Common policy and reporting – simple management of any MIMEsweeper web or e-mail appliances peer groups
• Includes leading URL database - to protect your productivity.

The heart of IBM’s Web 2.0 vision is to help businesses put together environments that enable employees to do their jobs better and faster - in support of user-driven business innovation and flexibility.

At IBM, Web 2.0 solutions already streamline and enhance people’s day-to-day activities on a variety of levels. For example, people at IBM can customise the corporate address book, called IBM Blue Pages, according to their job needs and professional interests. Individuals can create a profile to let others know their areas of subject matter expertise and interests. People can then find one another based on simple searches or tagging. And they can create automatic feeds to receive updates for relevant information about technology trends, competitive information or educational classes. People can also use a central wiki to create collaborative websites. For instance, geographically dispersed teams working toward a common goal can all access a wiki - and project-specific information - through a single access point. The entire extended team can easily monitor what’s new for the project and share feedback and content with one another.

A comprehensive endpoint security solution must supplement reactive and other less effective countermeasures with multiple security technologies, resulting in broader and stronger endpoint protection.

Symantec Endpoint Protection 11.0 combines Symantec AntiVirus with advanced threat prevention to deliver unmatched defense against malware for laptops, desktops and servers. It seamlessly integrates essential security technologies in a single agent and management console, increasing protection and helping lower total cost of ownership.

Symantec Network Access Control 11.0 securely controls access to corporate networks, enforces endpoint security policy and easily integrates with existing network infrastructures. Regardless of how endpoints connect to the network, Symantec’s award winning network access control solution discovers and evaluates endpoint compliance status, provisions the appropriate network access and provides automated remediation capabilities.

Microsoft are continually developing their products to increase collaboration and enhance the user experience and integration of Web 2.0. One product set to improve the interactive web experience is Silverlight. Microsoft Silverlight is a cross-browser, cross-platform and cross-device plug-in for delivering the next generation of .NET based media experiences and rich interactive applications for the Web. Silverlight offers a flexible programming model that support AJAX, VB, C#, IronPython and IronRuby and integrates with existing Web applications. By using Expression Studio and Visual Studio, designers and developers can collaborate more effectively. By leveraging Silverlight’s support for .NET High Definition video, cost effective advanced streaming, unparalleled high resolution interactivity with Deep Zoom technology and controls, businesses can reach out to new markets across the Web, desktop and devices.

By employing many of the Web 2.0 principles and technologies, the 2007 Office system delivers out-of-the-box solutions that enable users to leverage business data and participate in business processes through a number of easy to use interfaces. The set of programs, servers and services in the 2007 Office system represents a huge breakthrough in terms of organisational productivity, data integration and solution platform capabilities. Whether the information and processes are exposed in commonly used tools such as Microsoft® Office Outlook®, Word, InfoPath® or Excel®, or exposed through a Web browser connecting to a server running Microsoft Office SharePoint® Server 2007, the 2007 Office system ensures that users can participate at the appropriate time by using the tools that make the most sense.

The content and statistics from this editorial were taken from White Papers by Clearswift and Trend Micro.

To download the full version of the Clearswift White Paper – Demistifying Web 2.0 click here.
For the Trend Micro Report – Web 2.0 Security Threats click here.