SlideShare une entreprise Scribd logo

IDC Web2.0 Best Practices Jun2009

Kim Jensen
Kim Jensen

IDC Web2.0 Best Practices Jun2009

TechnologieBusiness
1  sur  12
Télécharger pour lire hors ligne
WHITE P APER Best Practices for Securing Web 2.0 Sponsored by: Websense Brian E. Burke June 2009 IDC OPINION Like it or not, Web 2.0 is quickly becoming "enterprise 2.0" as a growing number of www.idc.com Web applications make their way into the corporate environment, bringing with them even more security concerns and attack vectors. It is IDC's opinion that organizations should embrace the value of Web 2.0 tools as a way to help lower costs and increase collaboration with little to no administrative burden on IT staff. Failed attempts to ban F.508.935.4015 or discourage use of consumer instant messaging networks in the past taught organizations that it is not good for business (e.g., employee productivity and morale) to say no to workers who wish to use tools such as Twitter or Facebook to collaborate and stay connected with clients, prospects, and partners. Furthermore, to ignore the pervasive use of Web 2.0 technologies belies the reality of most business P.508.872.8200 environments today, where everything from SaaS applications and Webmail to desktop replacement technologies plays a crucial role in day-to-day operations while presenting many unaddressed risks. The challenge for organizations is that many Web 2.0 applications were designed for Global Headquarters: 5 Speen Street Framingham, MA 01701 USA consumers, not for business users whose online activities can have dire consequences for their organizations if the tools are used irresponsibly. This challenge is compounded by the fact that the Web 2.0 applications that were designed for business use were not designed for existing security frameworks, architectures, and deployments. Moreover, virtually all of the top 100 Web sites, from Google and Yahoo! to Wikipedia and MSNBC, rely on or host some type of user- generated content, and the risk profile and challenge for organizations only increase. Fortunately, a growing amount of help is available for organizations looking to allow their workers to use Web 2.0 tools responsibly without sacrificing security and regulatory compliance requirements. In this tough economic climate, increasing collaboration and reducing costs are more important than ever. Web 2.0 technologies, if used securely, can help organizations increase collaboration and productivity and drive revenue. In response to these challenges, IDC has partnered with Websense to further understand the current pain points organizations face in dealing with the adoption of Web 2.0 technologies. Our research found that: 95% of organizations allow access to Web 2.0 sites, and 62% of IT managers think Web 2.0 is necessary to their business (source: Websense's 2009 Web2.0@Work survey). 64% of IT managers permit access to social network sites primarily used for business, but a significant 1 in 2 organizations (49%) allow access to social network sites primarily used for personal use (source: Websense's 2009 Web2.0@Work survey).
27% of global IT managers in large organizations are not sure about the access status of some Web 2.0 sites (source: Websense's 2009 Web2.0@Work survey). 70% of organizations view Web 2.0 as a serious concern for data loss prevention (source: IDC's 2008 Security Survey). METHODOLOGY This white paper was designed with the aim of revealing, understanding, analyzing, and presenting the predominant issues relating to the adoption of Web 2.0 technologies in the corporate environment. The paper draws on data from Websense's 2009 Web2.0@Work survey of 1,300 IT managers at large organizations across 10 countries and existing IDC research. Using this body of knowledge, we describe the overall business and technical challenges that organizations face in dealing with Web 2.0 issues and provide guidance on the types of solutions that play a key role in addressing today's complex threat environment. This paper discusses the limitations of traditional Web security technologies and the need for more advanced security techniques in dealing with Web 2.0. SITUATION OVERVIEW Web 2.0: Embrace or Extinguish? Web 2.0 is not really a new technology offering; rather, it is about using existing technologies to enhance usability, collaboration, and information sharing and gathering over the Internet. To get a clearer picture, one must look at the different technologies existing under the umbrella phrase of Web 2.0 as a taxonomy, as shown in Figure 1. The taxonomy illustrates the unique challenges associated with Web 2.0, including: Web 2.0 sites that rely on user-generated content to compile and present content in new ways New client and data technologies that move beyond the HTML Web of the past and into newer, richer mechanisms to share content New mechanisms to share and store data and use noninternal architectures from Salesforce to Google Apps Social interaction and communication that are supplanting many of the traditional modes of collaborating, communicating, and sharing information 2 #218589 ©2009 IDC
FIGURE 1 Web 2.0 Taxonomy REST XML JSON Programming Web Raw Data Data Formats Client and Mashups Aggregators and Languages Applications Data Client and Data Presentation Web 2.0 and Cloud Technologies Computing Social Interaction Taxonomy Computing and Communication Shifts Social Social Interactive Utility Client SAAS Networking Media Media Computing Replacement Source: Websense, 2009 Many organizations are embracing these Web 2.0 technologies to enhance relationships with clients and provide differentiating service and personalization or to streamline their infrastructures and replace traditional infrastructure and reduce communication costs. IDC believes the combination of a global recession, the need for both IT and information workers to do even more with even less, and the growing availability of Web 2.0 tools will cause the adoption and usage of enterprise social networking, blogs, microblogs, SaaS applications, wikis, and other tools to skyrocket. IDC strongly urges organizations to create a security strategy that empowers and IDC strongly urges organizations to encourages workers to innovate with Web 2.0 rather than hinders such efforts. During create a security this recession, organizations need to strengthen relationships with customers and strategy that prospects; tap the collective wisdom of partners, customers, and others to augment empowers and encourages workers the knowledge of shrinking workforces; and gain a competitive advantage over firms to innovate with Web that continue to make the mistake of saying "No we can't" to Web 2.0. 2.0. However, many organizations are struggling with balancing the business value of Web 2.0 technologies with the risks and security implications of many nonsecure and uncontrolled Web 2.0 environments. IT is feeling pressure from users and executives alike to allow greater access to Web 2.0 technologies and at the same time protect against malware and information leaks over this pervasive environment for new content usage, information sharing, and communication. The Web2.0@Work survey found that 86% of IT managers feel pressure to allow access to Web 2.0 sites and applications from within their organization and that 30% of this pressure is coming from C-level and director-level staff. It's clear that IT cannot say no to C-level executives. Organizations need the tools to embrace Web 2.0 technologies while ensuring security and compliance. ©2009 IDC #218589 3
Web 2.0: The Consumerization of IT The Web 2.0 world is no longer black and white. An interesting phenomenon is taking shape that IDC is calling the "consumerization of IT." Social networking sites, such as Facebook, which were once considered to be only consumer applications, are quickly moving into the enterprise environment. IDC has spoken to many organizations that tell us that the current generation of new employees, fresh out of college, is expecting access to Web 2.0 networks such as Facebook and Twitter. These new employees do not communicate with traditional email and are bringing their social networking tendencies with them into the workplace. Although this may seem anathema or in some ways trivial to traditional IT and security staff, it is a very real trend that will increasingly impact organizations. In fact, high-level management staff told IDC that they have lost potential employees because the employer would not allow access to Web 2.0 applications at work. IDC believes a growing number of consumer-oriented Web 2.0 technologies will The boundaries between consumer continue to saturate the corporate environment. The boundaries between consumer and corporate Web and corporate Web 2.0 environments are blurring. Even the use of the top 100 Web 2.0 environments are blurring. properties transitions from static content to dynamic and interactive user-generated Web 2.0 content. Many employees now use interactive content portals and social networking applications such as Facebook to communicate with a mix of friends, coworkers, and customers. This is creating a complex security challenge for organizations of all sizes. These environments create both a risk of data leaks and new channels for malware. Lines are clearly blurring between professional life and personal life, and in such "consumerization," security policies must be flexible, extensive, and pervasive. Trade- offs must be found between the user's comfort and global security. Forbidding personal use of the computer was the best practice some years ago, but it is not possible anymore due to users' skills and needs. Web 2.0 Threat Environment Web 2.0 environments are increasingly being used as the threat vector of choice by hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. Hackers are leveraging the popularity of Web 2.0 to reach the greatest number of users and are targeting nonsecure Web 2.0 sites that are extremely vulnerable to compromises. Web 2.0 also presents a significant data loss prevention (DLP) challenge for many Given that Web 2.0 exposes enterprises. Message boards, blogs, tweets, and other types of social networking organizations to both sites are becoming pipelines for information leakage and compliance violations. In inbound and outbound security fact, a recent IDC survey showed that 37% of confidential information leaks occurred threats, IDC believes via the Web. The same survey also showed that almost 70% of organizations believe that future Web that monitoring employee use of the Web to prevent data leaks and compliance security solutions must analyze traffic violations is a major concern (see Figure 2). Given that Web 2.0 exposes bidirectionally. organizations to both inbound and outbound security threats, IDC believes that future Web security solutions must analyze traffic bidirectionally. 4 #218589 ©2009 IDC
FIGURE 2 Importance of Monitoring Employee Web 2.0 Use by Company Size Q. Using a 5-point scale where 5 is extremely important and 1 is not at all important, please rate the importance of monitoring employee use of Web 2.0 to prevent data leaks and compliance violations. 100 90 (% of respondents) 80 70 60 50 40 30 20 10 0 Small (fewer than Medium sized Large (1,000+ 100 employees) (100–999 employees) employees) 5 (extremely important) 4 3 2 1 (not at all important) n = 433 Source: IDC's Security Survey, 2008 In IDC's annual security survey of IT and security professionals, participants were asked to rate the top threats to their company's network security. Figure 3 displays the top 10 threats in 2007. IDC believes many of these threats are directly related to the growing popularity of Web 2.0, including the following: The exposure of confidential information is now the single greatest threat to enterprise security. A recent IDC survey on information protection and control (IPC) showed that Web email or Web posting (e.g., message boards, blogs) accounted for 37% of information leaks. We also found that almost 70% of all organizations view Web 2.0 as a serious concern for DLP. Government and industry regulations such as HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, and various SEC regulations are forcing corporations to secure the use of all electronic forms of communications, including the Web. ©2009 IDC #218589 5
Trojans, viruses, worms, and other types of malicious code ranked as the second greatest threat to enterprise security. Virus writers and hackers are increasingly leveraging the popularity and complexity of Web 2.0 sites to target the greatest number of users. The practice of hackers planting malicious code on legitimate Web sites is quickly becoming the norm. Hackers and malware developers are aggressively innovating ways to compromise popular Web 2.0 sites and others to install malicious code designed to steal personal and/or business confidential information and to be difficult to detect. Spam has risen back up the list and is number three among the top threats to enterprise security. The pure volume of spam continues to rise at a rapid pace, and malicious attacks are becoming more sophisticated (e.g., blended threats that combine spam, spyware, viruses, and other malware in their attacks). Spammers are increasingly using spam to lure users to malicious Web sites. Spyware continues to be both a security and a system management nightmare. Theft of confidential information, loss of productivity, consumption of large amounts of bandwidth, corruption of desktops, and a spike in the number of help desk calls related to spyware are overwhelming many IT departments. More recently, spyware has evolved from a mischievous hobby to a money-making criminal venture that has attracted a new breed of sophisticated hackers and organized crime. The Web is without a doubt the single greatest source of spyware infections. 6 #218589 ©2009 IDC
FIGURE 3 Top 10 Threats to Enterprise Security Employees inadvertently exposing confidential information Trojans, viruses, worms, and other malicious code Spam Data stolen by employee or business partner Hackers Misconfiguration of network and security equipment Insider sabotage Spyware Application vulnerabilities Wireless LANs 0 10 20 30 40 50 60 70 80 90 100 (% of respondents) Significant threat = 5 4 3 2 No threat = 1 n = 433 Source: IDC's Security Survey, 2008 WEB 2.0 BEST PRACTICES Securing Web 2.0 The advances in Web 2.0 technologies in recent years require a new generation of Web security tools that go well beyond traditional URL filtering. IDC has identified 10 best practices that organizations should consider when choosing a Web security solution to address the risks of Web 2.0: 1. Dynamic Web 2.0 defenses. Threats in today's Web 2.0 world incorporate the worst of Web 1.0 threats with some new variations mixed in for good measure. Traditional known threats such as file-based antivirus attacks still exist along with a new generation of script-based attacks that are designed to compromise the Web ©2009 IDC #218589 7
browser and other applications. Mixed in with these threats are blended or Effective defenses must be dynamic in polymorphic attacks that change every time a user visits a Web site or accesses a nature. file. What is clear is that static defenses such as traditional antivirus inspection, site reputation, or stripping of attachment types are doomed to failure. Effective defenses must be dynamic in nature to match the dynamic threats they face. The real-time nature of Web 2.0 demands a new generation of protection technologies that work in real time to inspect all of the aspects of the Web page and to correlate these different objects into a single view of the environment into which the end user is entering. Only when the complete content and context of the Web page have been analyzed can an accurate judgment be made on the potential threats contained. 2. Real-time content classification. The high volume of user-generated content in It is necessary to have a system the Web 2.0 environment requires that effective Web security solutions have real- capable of analyzing time deep content analysis and classification. Many Web 2.0 sites today multiple flows in real time to let in the good incorporate some form of a Web site mashup that may be customized to an information while individual's interests. iGoogle, one of the most common and seemingly innocuous keeping out the bad mashups, can potentially be the weakest link in a company's security policy and inappropriate information. because of the complexity that even simple mashups introduce to the security and control equation. Dynamic classification comes into play for Web 2.0 when looking at social sites that use mashups or multiple frames. It is necessary to have a system capable of analyzing multiple flows in real time to let in the good information while keeping out the bad and inappropriate information. Besides the ability to individually block frames on the mashup, the Web security solution should be able to identify access to restricted Web sites through channels such as "Proxy Avoidance" or "Anonymizer" Web sites and Google Translate. 3. Employee access. Employee education is the cornerstone for effective Web 2.0 risk management. IDC believes employees must understand both the benefits of Web 2.0 technologies and the threats and risks. Web 2.0 technologies are used in a wide variety of sites, ranging from mission critical to harmless. A mature Web 2.0 security solution must allow access to mission-critical SaaS Web sites (e.g., Salesforce.com) while enabling safe and controlled access to nonbusiness sites such as social networking or interactive media. In the past, simply blocking all nonbusiness sites might have been an option, but today most employees expect some limited and controlled access to personal Web sites. A mature Web 2.0 solution can provide safe but time-limited access to sites for personal use. An organization, for example, may want to allow up to 60 minutes per day of access to personal Web sites (Web-based email, social networking, etc.). A Web 2.0 security solution must allow this kind of rationed access. 4. Data loss prevention. Web 2.0 presents a significant DLP challenge for many enterprises. Message boards, blogs, and social networking sites are becoming pipelines for information leakage and corporate compliance violations. As we open the doors to Web 2.0 applications that we might have simply blocked in the past, we have to ensure that sensitive information is not leaked over Web-based email, posted to Internet message boards, or shared over social networking Web sites. A Web 2.0 user may inadvertently post confidential information on blogs or post other data that is business critical. An integrated DLP-Web solution adds the identity and location context to the access, making sure that confidential data is not leaked out of the organization. 8 #218589 ©2009 IDC
5. Application control. Many Web 2.0 applications and newer instant messaging tools leverage evasive techniques to communicate and share information. The challenge of identifying these applications and applying appropriate policy is a burden facing many organizations today. Many Web 2.0 properties include Web- based applications within the site. An organization may wish to allow Facebook and even Gmail access, for example, but may want to block Google Chat for instant messaging, Facebook-delivered games, and proxy avoidance applications. A mature solution must provide control over these applications whether they run over HTTP, HTTPS, or some other protocol. The right solution should provide the right level of granularity of control that ensures that the users have secure access. 6. Remote access. The growing number of mobile and remote users is creating a complex distributed workplace. Many corporate applications are being moved to the Web 2.0 environment to allow remote employees to work more efficiently. Users don't simply sit in their office and work anymore — today's mobile employees are almost as likely to be connected from home or from a public WiFi hotspot as they are to be sitting in the corporate office. An effective Web 2.0 solution should provide the customer with choices on how to support the remote user while ensuring the application of a consistent policy throughout the organization. 7. Unified policy management. Policy management is the point at which all of the different technologies used to enforce a policy should come together. The focus of a policy should be the user or group of users to which the policy applies and the threats and behaviors that the business wishes to address. Web 2.0 requires a policy to address multiple technology stacks, everything from malware protection to objectionable content and application control. This complexity can lead to errors in translating a corporate policy into reality unless the policy management engine is designed to pull all of these items together into a single policy that can be applied on a global basis. 8. Comprehensive reporting and logging. Because employees may use wikis, blogs, and other Web 2.0 technologies located outside the corporate network for collaboration on sensitive, internal projects, reporting and logging for audit and forensics are considered critical. Often, corporations enable access without any restrictions. However, they log and report on all activities as the basis for potentially implementing future policies. The solution must enable multiple levels of reporting, including easy-to-interpret summary reports and the ability to drill down and quickly investigate violations against specific policy categories or by specific users and groups. 9. Performance and scalability. To be successful, any solution must provide high performance and deliver security and control without impacting the ability of end users to perform their duties. Scalability, or the ability of the solution to expand and adapt to current or future needs, is a large issue with Web 2.0 because Web 2.0 is still rapidly evolving and it is impossible to define what future requirements may be. A solution that is modular in design and distributed in nature, while being completely integrated in its analysis, management, and reporting capabilities, offers the best approach to keeping up with the uncertain demands that are sure to arise as the Web 2.0 world continues to mature and change. ©2009 IDC #218589 9
10. The server side of Web 2.0. To get the most from the marketing and customer service aspects of Web 2.0, companies are increasingly allowing their customers to post comments on public support forums, ask-the-editor sites, Facebook blogs, etc. If organizations are going to set up their own such communities, they need to ensure that malware and inappropriate content are not posted on the sites associated with their brand. To limit liability and protect their brand, organizations need to think about how they can scan blog posts before those posts hit their Web 2.0 sites. In essence, companies need to think about both sides of the Web 2.0 coin — the client side and the server side. The client is more important at the moment, but moving ahead, companies will need to have their own properties to reap the biggest marketing benefit. SUMMARY RECOMMENDATIONS: FIVE KEY SECURITY CONFIGURATIONS TO USE Protect your organization: Enable both real-time content and security scanning on all categories of Web sites that leverage user-generated content from search engines and Webmail to social networking. Enable Web 2.0 benefits: Use drill-down reports to gain visibility into which users and groups most consistently try to access Web 2.0 technology and create a policy to enable the safe and appropriate use of these tools. Increase productivity: Control specific applications like instant messaging over the Web by users with measures like time allotment, bandwidth-based controls, or content restrictions. Get full visibility: Decrypt and examine the content, including data for all HTTPS traffic to Web 2.0 sites and for applications like Webmail for inbound threats and outbound risks. Protect your data: Monitor and report on sensitive and regulated data sent over or posted via the Web by users, intended destinations, and the category of site or Web application. Then, create the appropriate enforcement policy that protects and enables the organization. WEBSENSE OVERVIEW Securing Web 2.0 Company Overview Websense Inc. (NASDAQ: WBSN) is a global leader in integrated Web, data, and email security, providing Essential Information Protection for more than 42 million employees at more than 50,000 organizations worldwide. Headquartered in San Diego, California, Websense distributes its solutions through a global network of channel partners. Websense software and hosted security solutions help organizations block malicious code, prevent the loss of confidential information, and enforce Internet use and security policies. Websense has its roots in Web filtering 10 #218589 ©2009 IDC
and continues to develop its core strength in discovering and classifying content across all its product offerings. Websense provides visibility into the internal and external movement of information in the Web 2.0 world, with extensive management of who is authorized to access Web sites, content, or applications, as well as what data must be protected from leaks, where users and data can go online, and how data and online resources can be communicated and used. Web 2.0 Security Overview Websense Web Security Gateway allows organizations to secure Web traffic effectively while still enabling the latest Web-based tools and applications. Through a multivector traffic-scanning engine, the Websense Web Security Gateway analyzes Web traffic in real time, instantly categorizing new sites and dynamic content and proactively discovering security risks and blocking dangerous malware. Using the Websense ThreatSeeker Network, the Websense Web Security Gateway provides advanced analytics, including rules, signatures, heuristics, and application behaviors, to detect and block proxy avoidance, hacking sites, adult content, botnets, keyloggers, phishing attacks, spyware, and many other types of unsafe content. Websense Web Security Gateway also closes a common security gap: decrypting and analyzing SSL-encrypted content before it enters the network. CHALLENGES/OPPORTUNITIES With Web 2.0 applications the challenge is to imagine threats where no perceived threats exist today. As conditions change and companies use Web 2.0 for large enterprise projects that involve sensitive data, security will need to be applied to this environment. The tolerance for simply applying security after a problem will be seen as increasingly poor, legally deficient, and ignorant of emerging threat environments. Still, changing behaviors and perceptions requires an incremental approach. The first step is monitoring so that IT understands the issues and can prepare solutions. The next step is reporting on the findings in such a way that senior executives and business unit managers can understand the benefits of controlled collaboration where customer information and intellectual property (IP) are protected from mistaken, mischievous, and malicious exposure. This phased approach is slow and cumbersome to implement, but necessary. In concert, technologies must support gradual migration while also offering the flexibility to deal with monitoring, reporting, and enforcement. The policy enforcement aspect must be flexible enough to handle both draconian and laissez-faire attitudes toward these environments. CONCLUSION: THE INFINITE POSSIBILITIES BETWEEN ABJE CT FE AR AN D L AI SSEZ-F AIRE Instead of rolling up into a ball like an armadillo as an instinctive survival tactic or just adopting a laissez-faire process in which "anything goes," successful organizations should embrace and implement Web 2.0 technologies. ©2009 IDC #218589 11
To minimize the risks associated with Web 2.0, organizations will need to deploy a new generation of content-based security gateways that enable the safe and productive use of Web 2.0. Copyright Notice External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2009 IDC. Reproduction without written permission is completely forbidden. 12 #218589 ©2009 IDC

Recommandé

IDC Report : Web Security
IDC Report : Web SecurityIDC Report : Web Security
IDC Report : Web SecurityKim Jensen
 
Facebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized EnterpriseFacebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized Enterprisewhite paper
 
Web 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participationWeb 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participationRoss Dawson
 
Introduction to Enterprise 2.0
Introduction to Enterprise 2.0Introduction to Enterprise 2.0
Introduction to Enterprise 2.0David Saitta
 
Term Paper On Enterprise 2 0 The Next Leap For Indian It Services Industry
Term Paper On Enterprise 2 0 The Next Leap For Indian It Services IndustryTerm Paper On Enterprise 2 0 The Next Leap For Indian It Services Industry
Term Paper On Enterprise 2 0 The Next Leap For Indian It Services Industryvyas_harsh86
 
Dml2
Dml2Dml2
Dml2Tanya Choudhury
 
Exploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 MethodologyExploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 MethodologyEnterprise 2.0 Conference
 
Enterprise 2.0
Enterprise 2.0Enterprise 2.0
Enterprise 2.0thomas.purves
 

Recommandé

IDC Report : Web Security
IDC Report : Web SecurityIDC Report : Web Security
IDC Report : Web SecurityKim Jensen
 
Facebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized EnterpriseFacebook Meets the Virtualized Enterprise
Facebook Meets the Virtualized Enterprisewhite paper
 
Web 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participationWeb 2.0 goes to work for business: Enabling the power of participation
Web 2.0 goes to work for business: Enabling the power of participationRoss Dawson
 
Introduction to Enterprise 2.0
Introduction to Enterprise 2.0Introduction to Enterprise 2.0
Introduction to Enterprise 2.0David Saitta
 
Term Paper On Enterprise 2 0 The Next Leap For Indian It Services Industry
Term Paper On Enterprise 2 0 The Next Leap For Indian It Services IndustryTerm Paper On Enterprise 2 0 The Next Leap For Indian It Services Industry
Term Paper On Enterprise 2 0 The Next Leap For Indian It Services Industryvyas_harsh86
 
Dml2
Dml2Dml2
Dml2Tanya Choudhury
 
Exploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 MethodologyExploring Early Enterprise 2.0 Methodology
Exploring Early Enterprise 2.0 MethodologyEnterprise 2.0 Conference
 
Enterprise 2.0
Enterprise 2.0Enterprise 2.0
Enterprise 2.0thomas.purves
 
Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticlePete Modigliani
 
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2KnowledgeWorking
 
Social Media - Transforming B2B Organizations: Contemporary Concerns Study
Social Media - Transforming B2B Organizations: Contemporary Concerns StudySocial Media - Transforming B2B Organizations: Contemporary Concerns Study
Social Media - Transforming B2B Organizations: Contemporary Concerns StudyVishrut Shukla
 
Mcafee web20-balancingact
Mcafee web20-balancingactMcafee web20-balancingact
Mcafee web20-balancingactDigital Pymes
 
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Vishrut Shukla
 
Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Shady A. Alefrangy
 
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009Prescient Digital Media
 
Intranet 2 0 Tools
Intranet 2 0 ToolsIntranet 2 0 Tools
Intranet 2 0 ToolsCarmine Porco
 
HR 2 0, Talent Management 2.0 by Talentys
HR 2 0, Talent Management 2.0 by TalentysHR 2 0, Talent Management 2.0 by Talentys
HR 2 0, Talent Management 2.0 by TalentysDavid Guillocheau
 
Intranet 2.0 on a Budget
Intranet 2.0 on a BudgetIntranet 2.0 on a Budget
Intranet 2.0 on a BudgetPrescient Digital Media
 
Web2.0 report McAfee
Web2.0 report McAfeeWeb2.0 report McAfee
Web2.0 report McAfeeBijgespijkerd.nl
 
A White Paper on Mobile ECM
A White Paper on Mobile ECMA White Paper on Mobile ECM
A White Paper on Mobile ECMKV Rajesh
 
Collaboration 2.0
Collaboration 2.0Collaboration 2.0
Collaboration 2.0IBM
 
Web 2.0
Web 2.0Web 2.0
Web 2.0Maria A. Bellera
 
Staying Productive with Social Streams
Staying Productive with Social StreamsStaying Productive with Social Streams
Staying Productive with Social StreamsLuis Benitez
 
Azure ad-windows-10
Azure ad-windows-10Azure ad-windows-10
Azure ad-windows-10sandip rami
 
The Enterprise 2.0 Market
The Enterprise 2.0 MarketThe Enterprise 2.0 Market
The Enterprise 2.0 MarketEyal Engelhardt Ari
 
Share point survey 2012 slideshare
Share point survey 2012 slideshareShare point survey 2012 slideshare
Share point survey 2012 slideshareJohn Rymer
 
Tics Article 6 Ideas
Tics Article 6 IdeasTics Article 6 Ideas
Tics Article 6 IdeasXimenaBonilla
 
The Economist, Serious Business, Web 2.0
The Economist, Serious Business, Web 2.0The Economist, Serious Business, Web 2.0
The Economist, Serious Business, Web 2.0ADELAHAYE STRATEGIC BRANDING AND DESIGN - JAKARTA, SINGAPORE, LONDON
 
The Web 2.0 phenomenon involves a lot of techniques and applicat
The Web 2.0 phenomenon involves a lot of techniques and applicatThe Web 2.0 phenomenon involves a lot of techniques and applicat
The Web 2.0 phenomenon involves a lot of techniques and applicatronnag9bkla
 
Web 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networksWeb 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networksHans-Joerg Happel
 

Contenu connexe

Tendances

Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticlePete Modigliani
 
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2KnowledgeWorking
 
Social Media - Transforming B2B Organizations: Contemporary Concerns Study
Social Media - Transforming B2B Organizations: Contemporary Concerns StudySocial Media - Transforming B2B Organizations: Contemporary Concerns Study
Social Media - Transforming B2B Organizations: Contemporary Concerns StudyVishrut Shukla
 
Mcafee web20-balancingact
Mcafee web20-balancingactMcafee web20-balancingact
Mcafee web20-balancingactDigital Pymes
 
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Vishrut Shukla
 
Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Shady A. Alefrangy
 
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009Prescient Digital Media
 
HR 2 0, Talent Management 2.0 by Talentys
HR 2 0, Talent Management 2.0 by TalentysHR 2 0, Talent Management 2.0 by Talentys
HR 2 0, Talent Management 2.0 by TalentysDavid Guillocheau
 
A White Paper on Mobile ECM
A White Paper on Mobile ECMA White Paper on Mobile ECM
A White Paper on Mobile ECMKV Rajesh
 
Collaboration 2.0
Collaboration 2.0Collaboration 2.0
Collaboration 2.0IBM
 
Staying Productive with Social Streams
Staying Productive with Social StreamsStaying Productive with Social Streams
Staying Productive with Social StreamsLuis Benitez
 
Azure ad-windows-10
Azure ad-windows-10Azure ad-windows-10
Azure ad-windows-10sandip rami
 
Share point survey 2012 slideshare
Share point survey 2012 slideshareShare point survey 2012 slideshare
Share point survey 2012 slideshareJohn Rymer
 
Tics Article 6 Ideas
Tics Article 6 IdeasTics Article 6 Ideas
Tics Article 6 IdeasXimenaBonilla
 

Tendances (19)

Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 Article
 
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2
ISACA AsiaPac Conf 2008 Employee Info Sec Awareness via Web 2
 
Social Media - Transforming B2B Organizations: Contemporary Concerns Study
Social Media - Transforming B2B Organizations: Contemporary Concerns StudySocial Media - Transforming B2B Organizations: Contemporary Concerns Study
Social Media - Transforming B2B Organizations: Contemporary Concerns Study
 
Mcafee web20-balancingact
Mcafee web20-balancingactMcafee web20-balancingact
Mcafee web20-balancingact
 
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
 
Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0
 
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
Winning Support For Your Intranet / Intranet 2.0 Initiatives June 2009
 
Intranet 2 0 Tools
Intranet 2 0 ToolsIntranet 2 0 Tools
Intranet 2 0 Tools
 
HR 2 0, Talent Management 2.0 by Talentys
HR 2 0, Talent Management 2.0 by TalentysHR 2 0, Talent Management 2.0 by Talentys
HR 2 0, Talent Management 2.0 by Talentys
 
Intranet 2.0 on a Budget
Intranet 2.0 on a BudgetIntranet 2.0 on a Budget
Intranet 2.0 on a Budget
 
Web2.0 report McAfee
Web2.0 report McAfeeWeb2.0 report McAfee
Web2.0 report McAfee
 
A White Paper on Mobile ECM
A White Paper on Mobile ECMA White Paper on Mobile ECM
A White Paper on Mobile ECM
 
Collaboration 2.0
Collaboration 2.0Collaboration 2.0
Collaboration 2.0
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Staying Productive with Social Streams
Staying Productive with Social StreamsStaying Productive with Social Streams
Staying Productive with Social Streams
 
Azure ad-windows-10
Azure ad-windows-10Azure ad-windows-10
Azure ad-windows-10
 
The Enterprise 2.0 Market
The Enterprise 2.0 MarketThe Enterprise 2.0 Market
The Enterprise 2.0 Market
 
Share point survey 2012 slideshare
Share point survey 2012 slideshareShare point survey 2012 slideshare
Share point survey 2012 slideshare
 
Tics Article 6 Ideas
Tics Article 6 IdeasTics Article 6 Ideas
Tics Article 6 Ideas
 

Similaire à IDC Web2.0 Best Practices Jun2009

The Web 2.0 phenomenon involves a lot of techniques and applicat
The Web 2.0 phenomenon involves a lot of techniques and applicatThe Web 2.0 phenomenon involves a lot of techniques and applicat
The Web 2.0 phenomenon involves a lot of techniques and applicatronnag9bkla
 
Web 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networksWeb 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networksHans-Joerg Happel
 
Companies benefit from Web 2.0 investment
Companies benefit from Web 2.0 investmentCompanies benefit from Web 2.0 investment
Companies benefit from Web 2.0 investmentSustainly
 
Web 2.0 Ppt Chandrasekar
Web 2.0 Ppt ChandrasekarWeb 2.0 Ppt Chandrasekar
Web 2.0 Ppt Chandrasekarchandru671988
 
Web 2.0 Ppt Chandrasekar
Web 2.0 Ppt ChandrasekarWeb 2.0 Ppt Chandrasekar
Web 2.0 Ppt Chandrasekarchandru671988
 
Web 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education InstitutionWeb 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education InstitutionVenkatesh Iyer
 
Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010
Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010
Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010Dion Hinchcliffe
 
AA using WS vanZyl 2002-05-06
AA using WS vanZyl 2002-05-06AA using WS vanZyl 2002-05-06
AA using WS vanZyl 2002-05-06Jay van Zyl
 
McKinsey Quarterly Dez 10
McKinsey Quarterly Dez 10McKinsey Quarterly Dez 10
McKinsey Quarterly Dez 10beebop media
 
Is Your Organization Ready for Web 2.0?
Is Your Organization Ready for Web 2.0?Is Your Organization Ready for Web 2.0?
Is Your Organization Ready for Web 2.0?Dennis D. McDonald
 
Telecomunicaciones eb dc
Telecomunicaciones eb dcTelecomunicaciones eb dc
Telecomunicaciones eb dcevaristo
 
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqAq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqevaristo
 
Php Leads Web2 0
Php Leads Web2 0Php Leads Web2 0
Php Leads Web2 0guestf34485
 
How do biotech firms leverage Boomi for Master Data Management
How do biotech firms leverage Boomi for Master Data ManagementHow do biotech firms leverage Boomi for Master Data Management
How do biotech firms leverage Boomi for Master Data ManagementRay Business Technologies
 

Similaire à IDC Web2.0 Best Practices Jun2009 (20)

The Economist, Serious Business, Web 2.0
The Economist, Serious Business, Web 2.0The Economist, Serious Business, Web 2.0
The Economist, Serious Business, Web 2.0
 
The Web 2.0 phenomenon involves a lot of techniques and applicat
The Web 2.0 phenomenon involves a lot of techniques and applicatThe Web 2.0 phenomenon involves a lot of techniques and applicat
The Web 2.0 phenomenon involves a lot of techniques and applicat
 
Web 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networksWeb 2.0 artifacts in SME-networks
Web 2.0 artifacts in SME-networks
 
Companies benefit from Web 2.0 investment
Companies benefit from Web 2.0 investmentCompanies benefit from Web 2.0 investment
Companies benefit from Web 2.0 investment
 
Web02
Web02Web02
Web02
 
Web 2.0 Ppt Chandrasekar
Web 2.0 Ppt ChandrasekarWeb 2.0 Ppt Chandrasekar
Web 2.0 Ppt Chandrasekar
 
Web 2.0 Ppt Chandrasekar
Web 2.0 Ppt ChandrasekarWeb 2.0 Ppt Chandrasekar
Web 2.0 Ppt Chandrasekar
 
Web 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education InstitutionWeb 2.0 for Schools/ Education Institution
Web 2.0 for Schools/ Education Institution
 
Paramount Web Solutions Enterprise 2.0
Paramount Web Solutions Enterprise 2.0Paramount Web Solutions Enterprise 2.0
Paramount Web Solutions Enterprise 2.0
 
Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010
Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010
Cloud and E2.0: Connecting the Dots - OSCON Cloud Summit - 2010
 
Web 2 0
Web 2 0Web 2 0
Web 2 0
 
AA using WS vanZyl 2002-05-06
AA using WS vanZyl 2002-05-06AA using WS vanZyl 2002-05-06
AA using WS vanZyl 2002-05-06
 
McKinsey Quarterly Dez 10
McKinsey Quarterly Dez 10McKinsey Quarterly Dez 10
McKinsey Quarterly Dez 10
 
Web 2.0 Overview
Web 2.0 OverviewWeb 2.0 Overview
Web 2.0 Overview
 
Is Your Organization Ready for Web 2.0?
Is Your Organization Ready for Web 2.0?Is Your Organization Ready for Web 2.0?
Is Your Organization Ready for Web 2.0?
 
Telecomunicaciones eb dc
Telecomunicaciones eb dcTelecomunicaciones eb dc
Telecomunicaciones eb dc
 
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqAq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
 
Php Leads Web2 0
Php Leads Web2 0Php Leads Web2 0
Php Leads Web2 0
 
How do biotech firms leverage Boomi for Master Data Management
How do biotech firms leverage Boomi for Master Data ManagementHow do biotech firms leverage Boomi for Master Data Management
How do biotech firms leverage Boomi for Master Data Management
 
Community Management
Community ManagementCommunity Management
Community Management
 

Plus de Kim Jensen

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter packKim Jensen
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003Kim Jensen
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportKim Jensen
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UKKim Jensen
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Kim Jensen
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012Kim Jensen
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Kim Jensen
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Kim Jensen
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011Kim Jensen
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Kim Jensen
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web SecurityKim Jensen
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Kim Jensen
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Kim Jensen
 

Plus de Kim Jensen (20)

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter pack
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web Security
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010
 

Dernier

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Dernier (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

IDC Web2.0 Best Practices Jun2009

  • 1. WHITE P APER Best Practices for Securing Web 2.0 Sponsored by: Websense Brian E. Burke June 2009 IDC OPINION Like it or not, Web 2.0 is quickly becoming "enterprise 2.0" as a growing number of www.idc.com Web applications make their way into the corporate environment, bringing with them even more security concerns and attack vectors. It is IDC's opinion that organizations should embrace the value of Web 2.0 tools as a way to help lower costs and increase collaboration with little to no administrative burden on IT staff. Failed attempts to ban F.508.935.4015 or discourage use of consumer instant messaging networks in the past taught organizations that it is not good for business (e.g., employee productivity and morale) to say no to workers who wish to use tools such as Twitter or Facebook to collaborate and stay connected with clients, prospects, and partners. Furthermore, to ignore the pervasive use of Web 2.0 technologies belies the reality of most business P.508.872.8200 environments today, where everything from SaaS applications and Webmail to desktop replacement technologies plays a crucial role in day-to-day operations while presenting many unaddressed risks. The challenge for organizations is that many Web 2.0 applications were designed for Global Headquarters: 5 Speen Street Framingham, MA 01701 USA consumers, not for business users whose online activities can have dire consequences for their organizations if the tools are used irresponsibly. This challenge is compounded by the fact that the Web 2.0 applications that were designed for business use were not designed for existing security frameworks, architectures, and deployments. Moreover, virtually all of the top 100 Web sites, from Google and Yahoo! to Wikipedia and MSNBC, rely on or host some type of user- generated content, and the risk profile and challenge for organizations only increase. Fortunately, a growing amount of help is available for organizations looking to allow their workers to use Web 2.0 tools responsibly without sacrificing security and regulatory compliance requirements. In this tough economic climate, increasing collaboration and reducing costs are more important than ever. Web 2.0 technologies, if used securely, can help organizations increase collaboration and productivity and drive revenue. In response to these challenges, IDC has partnered with Websense to further understand the current pain points organizations face in dealing with the adoption of Web 2.0 technologies. Our research found that: 95% of organizations allow access to Web 2.0 sites, and 62% of IT managers think Web 2.0 is necessary to their business (source: Websense's 2009 Web2.0@Work survey). 64% of IT managers permit access to social network sites primarily used for business, but a significant 1 in 2 organizations (49%) allow access to social network sites primarily used for personal use (source: Websense's 2009 Web2.0@Work survey).
  • 2. 27% of global IT managers in large organizations are not sure about the access status of some Web 2.0 sites (source: Websense's 2009 Web2.0@Work survey). 70% of organizations view Web 2.0 as a serious concern for data loss prevention (source: IDC's 2008 Security Survey). METHODOLOGY This white paper was designed with the aim of revealing, understanding, analyzing, and presenting the predominant issues relating to the adoption of Web 2.0 technologies in the corporate environment. The paper draws on data from Websense's 2009 Web2.0@Work survey of 1,300 IT managers at large organizations across 10 countries and existing IDC research. Using this body of knowledge, we describe the overall business and technical challenges that organizations face in dealing with Web 2.0 issues and provide guidance on the types of solutions that play a key role in addressing today's complex threat environment. This paper discusses the limitations of traditional Web security technologies and the need for more advanced security techniques in dealing with Web 2.0. SITUATION OVERVIEW Web 2.0: Embrace or Extinguish? Web 2.0 is not really a new technology offering; rather, it is about using existing technologies to enhance usability, collaboration, and information sharing and gathering over the Internet. To get a clearer picture, one must look at the different technologies existing under the umbrella phrase of Web 2.0 as a taxonomy, as shown in Figure 1. The taxonomy illustrates the unique challenges associated with Web 2.0, including: Web 2.0 sites that rely on user-generated content to compile and present content in new ways New client and data technologies that move beyond the HTML Web of the past and into newer, richer mechanisms to share content New mechanisms to share and store data and use noninternal architectures from Salesforce to Google Apps Social interaction and communication that are supplanting many of the traditional modes of collaborating, communicating, and sharing information 2 #218589 ©2009 IDC
  • 3. FIGURE 1 Web 2.0 Taxonomy REST XML JSON Programming Web Raw Data Data Formats Client and Mashups Aggregators and Languages Applications Data Client and Data Presentation Web 2.0 and Cloud Technologies Computing Social Interaction Taxonomy Computing and Communication Shifts Social Social Interactive Utility Client SAAS Networking Media Media Computing Replacement Source: Websense, 2009 Many organizations are embracing these Web 2.0 technologies to enhance relationships with clients and provide differentiating service and personalization or to streamline their infrastructures and replace traditional infrastructure and reduce communication costs. IDC believes the combination of a global recession, the need for both IT and information workers to do even more with even less, and the growing availability of Web 2.0 tools will cause the adoption and usage of enterprise social networking, blogs, microblogs, SaaS applications, wikis, and other tools to skyrocket. IDC strongly urges organizations to create a security strategy that empowers and IDC strongly urges organizations to encourages workers to innovate with Web 2.0 rather than hinders such efforts. During create a security this recession, organizations need to strengthen relationships with customers and strategy that prospects; tap the collective wisdom of partners, customers, and others to augment empowers and encourages workers the knowledge of shrinking workforces; and gain a competitive advantage over firms to innovate with Web that continue to make the mistake of saying "No we can't" to Web 2.0. 2.0. However, many organizations are struggling with balancing the business value of Web 2.0 technologies with the risks and security implications of many nonsecure and uncontrolled Web 2.0 environments. IT is feeling pressure from users and executives alike to allow greater access to Web 2.0 technologies and at the same time protect against malware and information leaks over this pervasive environment for new content usage, information sharing, and communication. The Web2.0@Work survey found that 86% of IT managers feel pressure to allow access to Web 2.0 sites and applications from within their organization and that 30% of this pressure is coming from C-level and director-level staff. It's clear that IT cannot say no to C-level executives. Organizations need the tools to embrace Web 2.0 technologies while ensuring security and compliance. ©2009 IDC #218589 3
  • 4. Web 2.0: The Consumerization of IT The Web 2.0 world is no longer black and white. An interesting phenomenon is taking shape that IDC is calling the "consumerization of IT." Social networking sites, such as Facebook, which were once considered to be only consumer applications, are quickly moving into the enterprise environment. IDC has spoken to many organizations that tell us that the current generation of new employees, fresh out of college, is expecting access to Web 2.0 networks such as Facebook and Twitter. These new employees do not communicate with traditional email and are bringing their social networking tendencies with them into the workplace. Although this may seem anathema or in some ways trivial to traditional IT and security staff, it is a very real trend that will increasingly impact organizations. In fact, high-level management staff told IDC that they have lost potential employees because the employer would not allow access to Web 2.0 applications at work. IDC believes a growing number of consumer-oriented Web 2.0 technologies will The boundaries between consumer continue to saturate the corporate environment. The boundaries between consumer and corporate Web and corporate Web 2.0 environments are blurring. Even the use of the top 100 Web 2.0 environments are blurring. properties transitions from static content to dynamic and interactive user-generated Web 2.0 content. Many employees now use interactive content portals and social networking applications such as Facebook to communicate with a mix of friends, coworkers, and customers. This is creating a complex security challenge for organizations of all sizes. These environments create both a risk of data leaks and new channels for malware. Lines are clearly blurring between professional life and personal life, and in such "consumerization," security policies must be flexible, extensive, and pervasive. Trade- offs must be found between the user's comfort and global security. Forbidding personal use of the computer was the best practice some years ago, but it is not possible anymore due to users' skills and needs. Web 2.0 Threat Environment Web 2.0 environments are increasingly being used as the threat vector of choice by hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. Hackers are leveraging the popularity of Web 2.0 to reach the greatest number of users and are targeting nonsecure Web 2.0 sites that are extremely vulnerable to compromises. Web 2.0 also presents a significant data loss prevention (DLP) challenge for many Given that Web 2.0 exposes enterprises. Message boards, blogs, tweets, and other types of social networking organizations to both sites are becoming pipelines for information leakage and compliance violations. In inbound and outbound security fact, a recent IDC survey showed that 37% of confidential information leaks occurred threats, IDC believes via the Web. The same survey also showed that almost 70% of organizations believe that future Web that monitoring employee use of the Web to prevent data leaks and compliance security solutions must analyze traffic violations is a major concern (see Figure 2). Given that Web 2.0 exposes bidirectionally. organizations to both inbound and outbound security threats, IDC believes that future Web security solutions must analyze traffic bidirectionally. 4 #218589 ©2009 IDC
  • 5. FIGURE 2 Importance of Monitoring Employee Web 2.0 Use by Company Size Q. Using a 5-point scale where 5 is extremely important and 1 is not at all important, please rate the importance of monitoring employee use of Web 2.0 to prevent data leaks and compliance violations. 100 90 (% of respondents) 80 70 60 50 40 30 20 10 0 Small (fewer than Medium sized Large (1,000+ 100 employees) (100–999 employees) employees) 5 (extremely important) 4 3 2 1 (not at all important) n = 433 Source: IDC's Security Survey, 2008 In IDC's annual security survey of IT and security professionals, participants were asked to rate the top threats to their company's network security. Figure 3 displays the top 10 threats in 2007. IDC believes many of these threats are directly related to the growing popularity of Web 2.0, including the following: The exposure of confidential information is now the single greatest threat to enterprise security. A recent IDC survey on information protection and control (IPC) showed that Web email or Web posting (e.g., message boards, blogs) accounted for 37% of information leaks. We also found that almost 70% of all organizations view Web 2.0 as a serious concern for DLP. Government and industry regulations such as HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, and various SEC regulations are forcing corporations to secure the use of all electronic forms of communications, including the Web. ©2009 IDC #218589 5
  • 6. Trojans, viruses, worms, and other types of malicious code ranked as the second greatest threat to enterprise security. Virus writers and hackers are increasingly leveraging the popularity and complexity of Web 2.0 sites to target the greatest number of users. The practice of hackers planting malicious code on legitimate Web sites is quickly becoming the norm. Hackers and malware developers are aggressively innovating ways to compromise popular Web 2.0 sites and others to install malicious code designed to steal personal and/or business confidential information and to be difficult to detect. Spam has risen back up the list and is number three among the top threats to enterprise security. The pure volume of spam continues to rise at a rapid pace, and malicious attacks are becoming more sophisticated (e.g., blended threats that combine spam, spyware, viruses, and other malware in their attacks). Spammers are increasingly using spam to lure users to malicious Web sites. Spyware continues to be both a security and a system management nightmare. Theft of confidential information, loss of productivity, consumption of large amounts of bandwidth, corruption of desktops, and a spike in the number of help desk calls related to spyware are overwhelming many IT departments. More recently, spyware has evolved from a mischievous hobby to a money-making criminal venture that has attracted a new breed of sophisticated hackers and organized crime. The Web is without a doubt the single greatest source of spyware infections. 6 #218589 ©2009 IDC
  • 7. FIGURE 3 Top 10 Threats to Enterprise Security Employees inadvertently exposing confidential information Trojans, viruses, worms, and other malicious code Spam Data stolen by employee or business partner Hackers Misconfiguration of network and security equipment Insider sabotage Spyware Application vulnerabilities Wireless LANs 0 10 20 30 40 50 60 70 80 90 100 (% of respondents) Significant threat = 5 4 3 2 No threat = 1 n = 433 Source: IDC's Security Survey, 2008 WEB 2.0 BEST PRACTICES Securing Web 2.0 The advances in Web 2.0 technologies in recent years require a new generation of Web security tools that go well beyond traditional URL filtering. IDC has identified 10 best practices that organizations should consider when choosing a Web security solution to address the risks of Web 2.0: 1. Dynamic Web 2.0 defenses. Threats in today's Web 2.0 world incorporate the worst of Web 1.0 threats with some new variations mixed in for good measure. Traditional known threats such as file-based antivirus attacks still exist along with a new generation of script-based attacks that are designed to compromise the Web ©2009 IDC #218589 7
  • 8. browser and other applications. Mixed in with these threats are blended or Effective defenses must be dynamic in polymorphic attacks that change every time a user visits a Web site or accesses a nature. file. What is clear is that static defenses such as traditional antivirus inspection, site reputation, or stripping of attachment types are doomed to failure. Effective defenses must be dynamic in nature to match the dynamic threats they face. The real-time nature of Web 2.0 demands a new generation of protection technologies that work in real time to inspect all of the aspects of the Web page and to correlate these different objects into a single view of the environment into which the end user is entering. Only when the complete content and context of the Web page have been analyzed can an accurate judgment be made on the potential threats contained. 2. Real-time content classification. The high volume of user-generated content in It is necessary to have a system the Web 2.0 environment requires that effective Web security solutions have real- capable of analyzing time deep content analysis and classification. Many Web 2.0 sites today multiple flows in real time to let in the good incorporate some form of a Web site mashup that may be customized to an information while individual's interests. iGoogle, one of the most common and seemingly innocuous keeping out the bad mashups, can potentially be the weakest link in a company's security policy and inappropriate information. because of the complexity that even simple mashups introduce to the security and control equation. Dynamic classification comes into play for Web 2.0 when looking at social sites that use mashups or multiple frames. It is necessary to have a system capable of analyzing multiple flows in real time to let in the good information while keeping out the bad and inappropriate information. Besides the ability to individually block frames on the mashup, the Web security solution should be able to identify access to restricted Web sites through channels such as "Proxy Avoidance" or "Anonymizer" Web sites and Google Translate. 3. Employee access. Employee education is the cornerstone for effective Web 2.0 risk management. IDC believes employees must understand both the benefits of Web 2.0 technologies and the threats and risks. Web 2.0 technologies are used in a wide variety of sites, ranging from mission critical to harmless. A mature Web 2.0 security solution must allow access to mission-critical SaaS Web sites (e.g., Salesforce.com) while enabling safe and controlled access to nonbusiness sites such as social networking or interactive media. In the past, simply blocking all nonbusiness sites might have been an option, but today most employees expect some limited and controlled access to personal Web sites. A mature Web 2.0 solution can provide safe but time-limited access to sites for personal use. An organization, for example, may want to allow up to 60 minutes per day of access to personal Web sites (Web-based email, social networking, etc.). A Web 2.0 security solution must allow this kind of rationed access. 4. Data loss prevention. Web 2.0 presents a significant DLP challenge for many enterprises. Message boards, blogs, and social networking sites are becoming pipelines for information leakage and corporate compliance violations. As we open the doors to Web 2.0 applications that we might have simply blocked in the past, we have to ensure that sensitive information is not leaked over Web-based email, posted to Internet message boards, or shared over social networking Web sites. A Web 2.0 user may inadvertently post confidential information on blogs or post other data that is business critical. An integrated DLP-Web solution adds the identity and location context to the access, making sure that confidential data is not leaked out of the organization. 8 #218589 ©2009 IDC
  • 9. 5. Application control. Many Web 2.0 applications and newer instant messaging tools leverage evasive techniques to communicate and share information. The challenge of identifying these applications and applying appropriate policy is a burden facing many organizations today. Many Web 2.0 properties include Web- based applications within the site. An organization may wish to allow Facebook and even Gmail access, for example, but may want to block Google Chat for instant messaging, Facebook-delivered games, and proxy avoidance applications. A mature solution must provide control over these applications whether they run over HTTP, HTTPS, or some other protocol. The right solution should provide the right level of granularity of control that ensures that the users have secure access. 6. Remote access. The growing number of mobile and remote users is creating a complex distributed workplace. Many corporate applications are being moved to the Web 2.0 environment to allow remote employees to work more efficiently. Users don't simply sit in their office and work anymore — today's mobile employees are almost as likely to be connected from home or from a public WiFi hotspot as they are to be sitting in the corporate office. An effective Web 2.0 solution should provide the customer with choices on how to support the remote user while ensuring the application of a consistent policy throughout the organization. 7. Unified policy management. Policy management is the point at which all of the different technologies used to enforce a policy should come together. The focus of a policy should be the user or group of users to which the policy applies and the threats and behaviors that the business wishes to address. Web 2.0 requires a policy to address multiple technology stacks, everything from malware protection to objectionable content and application control. This complexity can lead to errors in translating a corporate policy into reality unless the policy management engine is designed to pull all of these items together into a single policy that can be applied on a global basis. 8. Comprehensive reporting and logging. Because employees may use wikis, blogs, and other Web 2.0 technologies located outside the corporate network for collaboration on sensitive, internal projects, reporting and logging for audit and forensics are considered critical. Often, corporations enable access without any restrictions. However, they log and report on all activities as the basis for potentially implementing future policies. The solution must enable multiple levels of reporting, including easy-to-interpret summary reports and the ability to drill down and quickly investigate violations against specific policy categories or by specific users and groups. 9. Performance and scalability. To be successful, any solution must provide high performance and deliver security and control without impacting the ability of end users to perform their duties. Scalability, or the ability of the solution to expand and adapt to current or future needs, is a large issue with Web 2.0 because Web 2.0 is still rapidly evolving and it is impossible to define what future requirements may be. A solution that is modular in design and distributed in nature, while being completely integrated in its analysis, management, and reporting capabilities, offers the best approach to keeping up with the uncertain demands that are sure to arise as the Web 2.0 world continues to mature and change. ©2009 IDC #218589 9
  • 10. 10. The server side of Web 2.0. To get the most from the marketing and customer service aspects of Web 2.0, companies are increasingly allowing their customers to post comments on public support forums, ask-the-editor sites, Facebook blogs, etc. If organizations are going to set up their own such communities, they need to ensure that malware and inappropriate content are not posted on the sites associated with their brand. To limit liability and protect their brand, organizations need to think about how they can scan blog posts before those posts hit their Web 2.0 sites. In essence, companies need to think about both sides of the Web 2.0 coin — the client side and the server side. The client is more important at the moment, but moving ahead, companies will need to have their own properties to reap the biggest marketing benefit. SUMMARY RECOMMENDATIONS: FIVE KEY SECURITY CONFIGURATIONS TO USE Protect your organization: Enable both real-time content and security scanning on all categories of Web sites that leverage user-generated content from search engines and Webmail to social networking. Enable Web 2.0 benefits: Use drill-down reports to gain visibility into which users and groups most consistently try to access Web 2.0 technology and create a policy to enable the safe and appropriate use of these tools. Increase productivity: Control specific applications like instant messaging over the Web by users with measures like time allotment, bandwidth-based controls, or content restrictions. Get full visibility: Decrypt and examine the content, including data for all HTTPS traffic to Web 2.0 sites and for applications like Webmail for inbound threats and outbound risks. Protect your data: Monitor and report on sensitive and regulated data sent over or posted via the Web by users, intended destinations, and the category of site or Web application. Then, create the appropriate enforcement policy that protects and enables the organization. WEBSENSE OVERVIEW Securing Web 2.0 Company Overview Websense Inc. (NASDAQ: WBSN) is a global leader in integrated Web, data, and email security, providing Essential Information Protection for more than 42 million employees at more than 50,000 organizations worldwide. Headquartered in San Diego, California, Websense distributes its solutions through a global network of channel partners. Websense software and hosted security solutions help organizations block malicious code, prevent the loss of confidential information, and enforce Internet use and security policies. Websense has its roots in Web filtering 10 #218589 ©2009 IDC
  • 11. and continues to develop its core strength in discovering and classifying content across all its product offerings. Websense provides visibility into the internal and external movement of information in the Web 2.0 world, with extensive management of who is authorized to access Web sites, content, or applications, as well as what data must be protected from leaks, where users and data can go online, and how data and online resources can be communicated and used. Web 2.0 Security Overview Websense Web Security Gateway allows organizations to secure Web traffic effectively while still enabling the latest Web-based tools and applications. Through a multivector traffic-scanning engine, the Websense Web Security Gateway analyzes Web traffic in real time, instantly categorizing new sites and dynamic content and proactively discovering security risks and blocking dangerous malware. Using the Websense ThreatSeeker Network, the Websense Web Security Gateway provides advanced analytics, including rules, signatures, heuristics, and application behaviors, to detect and block proxy avoidance, hacking sites, adult content, botnets, keyloggers, phishing attacks, spyware, and many other types of unsafe content. Websense Web Security Gateway also closes a common security gap: decrypting and analyzing SSL-encrypted content before it enters the network. CHALLENGES/OPPORTUNITIES With Web 2.0 applications the challenge is to imagine threats where no perceived threats exist today. As conditions change and companies use Web 2.0 for large enterprise projects that involve sensitive data, security will need to be applied to this environment. The tolerance for simply applying security after a problem will be seen as increasingly poor, legally deficient, and ignorant of emerging threat environments. Still, changing behaviors and perceptions requires an incremental approach. The first step is monitoring so that IT understands the issues and can prepare solutions. The next step is reporting on the findings in such a way that senior executives and business unit managers can understand the benefits of controlled collaboration where customer information and intellectual property (IP) are protected from mistaken, mischievous, and malicious exposure. This phased approach is slow and cumbersome to implement, but necessary. In concert, technologies must support gradual migration while also offering the flexibility to deal with monitoring, reporting, and enforcement. The policy enforcement aspect must be flexible enough to handle both draconian and laissez-faire attitudes toward these environments. CONCLUSION: THE INFINITE POSSIBILITIES BETWEEN ABJE CT FE AR AN D L AI SSEZ-F AIRE Instead of rolling up into a ball like an armadillo as an instinctive survival tactic or just adopting a laissez-faire process in which "anything goes," successful organizations should embrace and implement Web 2.0 technologies. ©2009 IDC #218589 11
  • 12. To minimize the risks associated with Web 2.0, organizations will need to deploy a new generation of content-based security gateways that enable the safe and productive use of Web 2.0. Copyright Notice External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2009 IDC. Reproduction without written permission is completely forbidden. 12 #218589 ©2009 IDC