Many corporations have embraced the social networking attributes of Web 2.0 by encouraging executives to blog and exploring the potential benefits of a virtual presence in Second Life. And don't be fooled into thinking that its just adventurous start-ups taking the plunge. Mainstream companies like Coca Cola, FedEx and Lockheed Martin are embracing this new world. In short, many companies are beginning to recognize the business benefits that social networking applications can bring to the workplace. It encourages collaboration and efficiency both internally between co-workers and externally with customers and partners.
However, as Web 2.0 has created new opportunities for peer-to-peer and enterprise-to-customer interaction, it has also opened doors for hackers to launch new and varied attacks. For example, last October, the Samy worm hit MySpace with a new type of attack. The attack leveraged some of the technologies that are common in Web 2.0 applications and combined them with a weakness in certain web browsers. As a result, simply visiting an infected MySpace profile would turn a user's web browser into a platform for further spreading the worm and infecting other profiles. It was so effective, it forced the owners of MySpace.com to temporarily shut the site down. In a business situation, this type of downtime could have serious implications in terms of productivity and ultimately, revenue.
This new level of exposure to threats comes at a time when the need to protect private and sensitive corporate information has never been higher. We've recently seen how high profile security breaches and information leakage can result in costly lawsuits, destroy customer trust and irreparably harm brand reputation. (Just say the name TJX, and people's reactions will tell you that the company is more famous now due to their massive security breach than they ever were for their retail stores). At the same time, more stringent compliance requirements increase the stakes and add more complexity in determining how to appropriately embrace these new channels of communications.
So how do organizations harness the benefits of Web 2.0 technology without opening themselves up to new threats? There are six simple steps enterprises can follow to ensure the security of their organization while taking advantage of what these new applications have to offer.
Don't Discriminate: Multi-application policies ensure compliance
Take control of both inbound and outbound content using sophisticated policies across all applications. Having strong policies will enable organization to define rules and prompt specific actions based on an array of attributes. These policies should be applied to all content – no matter if it is being sent via email, web mail or IM. For example, if an email is in violation of a policy, it can blind copy an administrator, while blocking the email from being sent. Or, if the content is sensitive, say someone tries to send an IM that includes a Social Security number, the policy engine can make sure that content is encrypted before it is sent out unbeknownst to the user.
Protect two-way traffic
Given Web 2.0's interactive nature, it is important to have a good handle on information entering the organization as well as leaving it. With all the additional connections to the outside world, there are many more possible opportunities for threats to enter the network. It is important to have a strong, multifaceted engine to secure against an array of incoming threats such as malware, viruses, spam, botnets, DoS and DHA attacks being targeted at the organization.
At the same time, a robust privacy and compliance engine is critical to ensure employees are not knowingly or unknowingly violating any regulations, and thereby putting the organization in a possible breach situation. Engines should scrutinize the body, headers and attachments of all outbound content such as an IM or even a blog or wiki post, to ensure sensitive information is not being sent to unauthorized parties.
React in real-time
With hundreds of thousands of attacks taking place simultaneously around the world, it is important to have the most up to date information on global threats, not just historical reputation information. By leveraging real-time information and security industry standards, security solutions can react within seconds when a new attack is identified. This is especially important because the emerging Web 2.0 applications can be breeding ground for hackers trying new ways to infiltrate corporate networks.
Add capacity as you need it
During peak times such as company-wide projects requiring participation from multiple departments, it is important to be able to add capacity as activity and as a result, bandwidth demands, grow. With on-demand clustering, multiple devices can be configured in a way that make them appear as one virtual gateway. When additional capacity is needed, enterprises can simply plug in an additional device to scale in just minutes.
Ensure 100-percent up time
To take advantage of all that Web 2.0 promises, enterprises must ensure the applications are available when users want to use them. Advanced clustering offers failover insurance ensuring messages and information can be delivered if there is a failure in one part of the system. With mission critical information being shared on these new applications, 100-percent uptime is critical.
Centralized management is a must
With interactions taking place across email, blogs, wikis, and IM, to name a few, enterprises can't afford to have separate management devices for each. A single view and security management console for the network will make the move to Web 2.0 manageable for IT administrators as well as cost effective.
With the right planning, corporations can embrace the new frontier that is Web 2.0, reaping the business benefits of increased collaboration and efficiency that are sure to boost the bottom line – all while protecting sensitive corporate information and, not to mention, their reputation.
-Andrew Graydon is CTO of BorderWare