Home | Services | Events | Features | Interviews | Profiles | Reviews | News | Resources | Press

Securing Web 2.0

by Ian Moyse

Just 20 years ago the web as wethink of it today did not exist. Ten years ago, the Online Computer Library Center researched the rapid growth of the web and estimated that 2.6 million websites existed. Netcraft, based in the United Kingdom, runs a monthly web server survey that found over 165 million websites in 2008.

With this exponential growth, the web has become an intrinsic part of our business and personal lives. Companies around the world rely on the web to market their products and services, communicate with investors, conduct research, advertise job openings and so many other actions fundamental to running a business.

With the introduction of more interactive web technologies, often referred to as Web 2.0 applications, site ownership is much more decentralised, making it significantly more challenging to evaluate and block risky content and code. With blogs, wikis and similar collaborative programs, many sites are much larger than their static HTML predecessors. Sites such as Facebook, MySpace and YouTube are counted as one website, when they are actually a collection of thousands of individual sites.

Even 'just content' sites often rely on a collection of content sources to display a single webpage. According to a recent report from Gartner, Web 2.0 has created a fundamental shift of content creation from trusted sources to anonymous collaborations such as wikis, blogs and social networking sites, which are much more likely to be infiltrated and infected by hackers.

The threats are serious. Reports in 2008 said that malware infections had grown in volume from between 400 percent and 800 percent. One leading vendor claimed that during 2008 there was actually more malware in the wild than during the previous 21 years combined.

The problem is easily understandable if we take computing out of the equation for the moment. If someone wants to protect their house, they talk to an alarm company. If they want running water they don't build their own well, they talk to a water firm.

Nobody has a problem with this idea but many seem prepared to abandon it when they're looking at the computer networks on which they rely for their livelihoods - they install a basic security program themselves and assume it's done.

An alternative is available - SaaS involves turning computing programs on from an external source and switching them off when they're not in use, just like tap water, and leaving the infrastructure and security to someone who knows all about it. The idea is gaining ground.

It's worth highlighting this now because of the amount of time and attention computer users are devoting to social networking at the moment. Media-rich emails and social networking sites that often carry applications have to be a source of concern for companies; security experts are suggesting that the 'Web 2.0' environment is increasingly vulnerable.

Naturally people are adopting the Web 2.0 technologies to get at the business advantages they offer. What they're not doing is adequately managing the new environment. It's understandable - one of the beauties of Web 2.0 is that it looks so simple, masking its massive complexity. Organisations using these new technologies might not perceive their increased vulnerabilities.

The answer has to be managing the computing environment more efficiently. This is where many organisations can become intimidated. A single layer of security so someone can tick the box and say they've done it is no longer enough. A multilayered approach, including email scanning, web traffic monitoring, spam interception, and managing who can look at which sites is becoming essential but it's a long and complex process. Asking businesses to handle this by themselves, particularly during a recession when they can't hire extra manpower, isn't realistic.

Which is why it's worth getting back to the SaaS model - computing on tap. It's entirely possible to get an expert security company to take away the headache of security, to remove the hassle completely by taking it off a business' site altogether.

This, I believe, is the way forward - and given its lower overhead, the one the switched-on manager will find most efficient.

About the Author
Ian Moyse is EMEA Channel Director of Webroot. Find out more at www.webroot.co.uk.

Send a comment about this article to editor@itwales.com.

Home | Services | Events | Features | Interviews | Profiles | Reviews | News | Resources | Press
About ITWales | Archive | Privacy Policy
All material on this website ©2002-2010 ITWales