Web 2.0 poses new threats to company data


Web 2.0 poses new threats to company data

Ian Grant

Blogs, social networks and other Web 2.0 services threaten the integrity of company information systems, research firm Gartner has warned. The warning is contained in a report on the effects of consumer-oriented digital technologies on enterprise systems.

"Some of these services create a risk of information leaks, others offer potential new channels for malicious infection," said Rich Mogull, research vice-president at Gartner. "But eliminating their use is increasingly difficult and impractical."

He warned that smartphones and other advanced tools are targets for malware, and that as these are currently used mainly by executives, particular caution is required. Bans are unenforceable, he said.

At a minimum, such devices should communicate with the corporate systems over a secure socket layer virtual private network, Mogull said. They should also be encrypted to protect data in case they were lost or stolen.

Mogull suggested firms:

● Set clear policies on what is and is not allowed, especially with blogs.

● Detect and block incoming Java-Script exploits.

● Block any undesirable services, such as social networks.

● Use content monitors and filters and data loss prevention tools to enforce policies on all communications channels.

Web 2.0: beyond the buzz words >>

Survey shows Web 2.0 being used in business >>

David Lacey's security blog
Managing security from one of the UK's leading security experts

Comment on this article: computer.weekly@rbi.co.uk

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy