Enterprising Developments

Web 2.0 Security: Time to do More than Fight Technology with Technology

Joe McKendrick
Insurance Experts' Forum, August 24, 2010

The problem is almost as old as the World Wide Web itself: Security threats, in the form of viruses, malware and data loss, have been worrying IT security folks for many years now.

Typically, the response is to fight technology with technology: That is, put up so many layers of firewalls, password protection and data encryption that your company becomes a virtual fortress. And, even throw in a “sandbox” that can snag up the hackers within a faux environment.

But, with more and more social networking and Web 2.0 services becoming part of enterprise operations, security gets even more complex. A new survey out of Ponemon Institute finds 80% of 2,100 IT security administrators believe social networking, Internet applications and widgets “have significantly lowered the security posture of their organization.” (An executive summary of the survey findings is available.)

There's nothing new about the security threats Web 2.0 presents. The respondents’ fears are about the usual suspects: viruses, malware, botnets and workplace inefficiencies.

So is it time to buy and throw up the next generation of security solutions, some of which may not even be developed enough to handle all the exposures Web 2.0 brings?  Is it enough to keep fighting technology with technology?

Or, perhaps, it’s time to fight Web 2.0 with Web 2.0, which means taking user-empowered networking and securing it with user empowerment. In the report, Ponemon recommends putting employees themselves in charge of security issues. More than half of U.S. respondents believe the most responsible party for minimizing Web 2.0 security risk should be the end-user, followed by information security (CISO) and corporate IT (CIO).

Of course, you can't just hand security details to the end users and tell them to deal with it. Training and education are needed to keep users aware of the threats and the consequences. In the survey, the security executives expressed reservations about the abilities of end users to manage this.

But having end-users take more responsibility for the security of their activities makes perfect sense. We can't afford to have police watching every mile of highways for traffic violators—we rely on the common sense of every individual driver to keep themselves in line and driving safely. (And this works most of the time.) Likewise, as end-users become more self-directed, and either engage in online communities or build their widgets, we need to rely on their better judgment to avoid security mistakes. That's where the training comes in.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Don’t Wrap Your Organization Too Tight With Metrics

Metrics provide a picture of how business is going, and systems are performing. But do they provide the right picture?

Insurance: The Original Shared Economy

Insurers should look to revisit the roots of the insurance process.

The Seven Flavors of Virtualization

There is no one single form of virtualization rather, different parts of the IT infrastructure require different approaches.

Can New Technology Turn Older Cars into Safer Cars?

Unless you have the means and motivation to buy a new car every year, your newest car is quickly about to become an older car.

What if Someone Kickstarted an Insurance Company

Our industry is evolving and implementing new innovations, particularly focusing on the customer experience, including the web and mobile.

The Transformative CIO

Today's technology leaders are expanding well beyond their traditional role.