Web 2.0 presents a barely understood risk to companies embracing social networking and instant messaging technology as business tools and could force a change in corporate IT security and greater use of encryption.
Almost two-thirds (65 percent) of U.S. companies do nothing to block third-party collaboration tools, such as real-time communications and information sharing, according to research from Yankee Group.
Tom Rashke, senior analyst at Forrester, said 25 percent of U.S. CIOs in a recent survey admitted adoption of Web 2.0 tools would be a priority in 2008, even though the strategy would potentially increase potential areas of attack, increase the complexity of infrastructure and the return on investment (ROI) was not clear.
Rashke warned traditional security tools--such as firewalling--did not go deep enough into rich content to determine whether it was a security risk--either incoming as malware or outgoing as data leakage.
Essentially, what is needed is a shift in focus from securing the infrastructure, through which data moves, to the data itself, said Rashke.
Group head of information security at Standard Chartered Bank, John Meakin explained the banking industry is embracing Web 2.0 tools in two ways.
Externally, banks are responding to customer demands that their interactions with their bank mirror the other interactions they are used to on the Internet while internally banks are using Web 2.0 tools to communicate and collaborate across their large organizations and many business units spread around the globe.
He told ZDNet Asia sister site silicon.com: "Banks are under pressure to operate more efficiently. Web 2.0 applications help people collaborate, which as businesses, we would be foolish to look away from. At the same time, we have to be clear we are not introducing risk into the process--our businesses are based fundamentally on trust."
Meakin noted that embracing Web 2.0 tools may mean competitive data residing outside the organization.
He said: "Banks will have to make sure they haven't lost complete control over the integrity of their data if they use Web 2.0. One way to do this is to make sure the data is encrypted. This is a limited solution, because it doesn't take into account the way the security status of data can change. Financial reports, for instance are sensitive until the day they are announced, when they become public domain. A better approach is to make sure that even if data is accessed through something like Facebook, the data still resides within your organization."
Meakin and Rashke were speaking at a seminar attended by financial analysts and global banks organized by security specialist Worklight.
Julian Goldsmith of Silicon.com reported from London.
Play video
There are currently no comments for this post.