Enterprising Developments

Web 2.0 Security: Time to do More than Fight Technology with Technology

Joe McKendrick
Insurance Experts' Forum, August 24, 2010

The problem is almost as old as the World Wide Web itself: Security threats, in the form of viruses, malware and data loss, have been worrying IT security folks for many years now.

Typically, the response is to fight technology with technology: That is, put up so many layers of firewalls, password protection and data encryption that your company becomes a virtual fortress. And, even throw in a “sandbox” that can snag up the hackers within a faux environment.

But, with more and more social networking and Web 2.0 services becoming part of enterprise operations, security gets even more complex. A new survey out of Ponemon Institute finds 80% of 2,100 IT security administrators believe social networking, Internet applications and widgets “have significantly lowered the security posture of their organization.” (An executive summary of the survey findings is available.)

There's nothing new about the security threats Web 2.0 presents. The respondents’ fears are about the usual suspects: viruses, malware, botnets and workplace inefficiencies.

So is it time to buy and throw up the next generation of security solutions, some of which may not even be developed enough to handle all the exposures Web 2.0 brings?  Is it enough to keep fighting technology with technology?

Or, perhaps, it’s time to fight Web 2.0 with Web 2.0, which means taking user-empowered networking and securing it with user empowerment. In the report, Ponemon recommends putting employees themselves in charge of security issues. More than half of U.S. respondents believe the most responsible party for minimizing Web 2.0 security risk should be the end-user, followed by information security (CISO) and corporate IT (CIO).

Of course, you can't just hand security details to the end users and tell them to deal with it. Training and education are needed to keep users aware of the threats and the consequences. In the survey, the security executives expressed reservations about the abilities of end users to manage this.

But having end-users take more responsibility for the security of their activities makes perfect sense. We can't afford to have police watching every mile of highways for traffic violators—we rely on the common sense of every individual driver to keep themselves in line and driving safely. (And this works most of the time.) Likewise, as end-users become more self-directed, and either engage in online communities or build their widgets, we need to rely on their better judgment to avoid security mistakes. That's where the training comes in.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Insurance: The Next Generation (Part 2)

The Internet of things and the burgeoning number of smart devices coupled with cognitive computing will offer a more evidence-based, real-time approach to managing risks.

Social Media Turns the Sales Funnel Upside Down

If you can reach one member of a group with content that meets the criteria for contagious content, then they are likely to share with others.

Insurance: The Next Generation (Part 1)

Insurers are at a moment when their technological capabilities can be used to improve many of the legacy issues plaguing the industry.

Predicting the Future Becomes Reality

A recent Big Data experiment showed 70 percent accuracy in predicting crime in certain locales. The implications go far beyond that.

Social Media for Insurers — Stop Counting and Start Measuring

Measuring goes beyond just accumulating fans and followers: it looks at the contribution to business.

Keys to Successful Policy Administration System Upgrades

Celent surveyed 44 North American insurers to find answers to the major challenges of upgrading policy admin systems.