Web 2.0 Security Recommendations for the Enterprise

By Messaging News staff
in

A commissioned study, conducted by Forrester Consulting on behalf of Secure Computing, which surveyed 153 IT professionals and security decision-makers in companies with at least 1,000 employees, found that while Web 2.0 usage is already prevalent in enterprises, organizations are not prepared to deal with the potential threats associated with the technology. The study further notes a lack of risk awareness, user training and consistent policies.

The study suggests that about half of the organizations surveyed spent more than US$25,000 in the last fiscal year on malware remediation. It was therefore not surprising to learn that businesses are wary of Web 2.0 usage and associated threats. While 97 percent of all enterprise IT staff consider themselves “prepared,” 79 percent have reported frequent attacks from malware. In addition, 79 percent of those surveyed are concerned about viruses, and 77 percent about Trojans, but only 12 percent were concerned about botnets even though bot networks have been growing rapidly as demonstrated by the recent estimate that over one million computers in a single botnet propagated the storm threat. These findings confirm that the majority of today’s enterprises are still concerned—to a considerable degree—about Web 2.0 threats in their organizations.

Given the complexity of the current threat and technology environments, Forrester and Secure Computing recommend that organizations look beyond a simple filtering solution, and:

  • Employ next-generation Web filtering technologies, with enterprise-grade performance, scalability, and support for management. “Next-generation” capabilities include reputation services, blended threat protection and behavior-based detection. Additionally, outbound content control such as data leakage and application control is essential.
  • Re-examine the adequacy of security policies and protection capabilities. Report data shows that most organizations are confident that their protection policies and mechanisms are adequate; yet still face problems due to malware and data leakage. Organizations should re-evaluate policies and protection mechanisms in the face of the latest trends of Web-borne threats, especially those connected with Web 2.0 applications.
  • Improve user awareness and training on Web 2.0 and Web-borne threats. The first rule of thumb for improving security protection is considering people and process, alongside with technologies. Organizations should implement systematic and comprehensive training to communicate the magnitude and extent of Web threats to users.

Source: Secure Computing

Published October 1, 2007