Enterprise 2.0 Puts the Fear in Some Managers

A Web survey of companies with an average of 1,000 employees conducted by Osterman
Research on behalf of PureWire, a Web security software as a service (SaaS) vendor, found
the majority of the 139 respondents concerned about the Internet.

Seventy-six percent of the respondents to the survey expressed concern over the Web as
an entry point for malware, 55 percent worried about the impact of the Web and Web
security on network bandwidth, and 44 percent about employee productivity losses from Web
surfing.

While many companies have established corporate policies against downloading certain
types of files and have deployed systems that will block such downloads, they are not
adequate solutions, the survey found.

The security problem is partly due to the outdated enterprise approach to Web security
and partly due to Web 2.0 technologies, Paul Judge, chief technology officer at PureWire,
told InternetNews.com.

The remote workforce is a source of worry — 49 percent of the respondents were
concerned about enforcing Web usage and Web security policies for their remote workforce,
and 48 percent were concerned about supporting remote workers with various Web
applications.

Those fears about remote workers are well founded, as they often engage in risky behavior, a
study sponsored by Cisco has found.

“The Web and Web applications pose a serious conundrum – the productivity gains and
cost savings from the use of these tools can be significant and will become more
important given the pressures resulting from the current economic crisis, but these tools
create enormous risk for organizations of any size,” the survey concluded.

That conclusion has a point. Browser add-ons, or plug-ins, such as Adobe Flash, are
becoming
a growth industry
, and Microsoft has said that these are becoming a favorite target
for attackers.

Browsers remain a target

Meanwhile, IBM is betting on the browser
as an application platform
, a move which will increase corporate exposure to the
Web.

And the browsers themselves are not so safe, either. Mozilla and Microsoft both had to
issue
patches
for their respective browsers earlier this month.

“Attackers have moved from e-mail to the Web because the traditional approach to the
Web is outdated and new developments like Web 2.0 introduce challenges to Web security,”
PureWire’s Judge said.

Enterprises are trying to do something about the security threat from the Web. The
Osterman Research survey found that 79 percent of its respondents have established
corporate policies against downloading certain types of files, 76 percent have deployed
systems that selectively block downloads of certain file types, 69 percent of them use
tools to block or monitor the use of Web applications at the firewall, and 31 percent use
a Web security gateway to monitor the use of Web applications.

In addition, 46 percent of respondents lock down employee desktops to prevent users
from installing certain Web applications and 39 percent do the same for employee
desktops.

However, their attempts are not enough. Sixteen percent of the respondents said they
were not completely successful in locking down employee desktops and 12 percent said they
were not completely successful in locking down laptops against Web threats.

The problem could be partly due to the outdated approach to controlling the Web in the
enterprise. “Most controls in the enterprise were put in place 10 years ago, when the
main concern was controlling access to pornographic sites,” PureWire’s Judge said.
“Today, it’s a question of security – how do I prevent users from accessing malicious Web
sites – and there’s a gap there which attackers recognize and exploit.”

The shift to Web applications is another part of the problem. “Antivirus applications
scan files and determine if the executables they contain are good or bad, but in Web 2.0
applications like Google spreadsheets, you’re not downloading executables to the desktop,
you’re running them between the browser and the Website so antivirus doesn’t work,” Judge
said. “You need something that understands what the Website is trying to do to the
browser.”

Another issue lies in the nature of Web 2.0 technology itself, which encourages
user-generated content. “Ten years ago, content providers were Web sites and you’d
establish online trust by giving them certificates from someone like VeriSign,” Judge
said.

“In today’s world, when it’s millions of users generating the content, how do you know
whether the content is legitimate? There’s the absence of a trust model that can deal
with this.”

Article courtesy of InternetNews.com

Latest Articles

Follow Us On Social Media

Explore More