Businesses need to resist the temptation to exclude their employees' access to Web 2.0 technologies and services if they are to benefit from the considerable creativity that Web 2.0 can unleash, according to Gartner, Inc.
Business demands will increasingly require security organisations to secure, rather than block enterprise access to the Web 2.0 global ecosystem. Many IT organisations are responding to the demand for Web 2.0 technologies. According to a Gartner Executive Programmes survey of 1,500 CIOs worldwide, half of the respondents said they plan to invest in Web 2.0 technologies for the first time in 2008.
"Rather than just stopping the use of Web 2.0 technologies, IT groups should be providing secure means of developing and deploying such applications," said Joseph Feiman, vice president and Gartner fellow. "The business application movement toward Web 2.0 and other related-trends, such as increased use of open-source software and wider deployment of service-oriented architectures, are combining to change how applications are developed with significant implications for security."
"Web 2.0 enables masses of individuals to become application and content developers and deploy Web 2.0 applications that implement their own versions of established business rules and practices. Although this entails risks, it can also unlock huge business value," Mr Feiman said. "By mapping the business gain against the potential risk, organisations can determine the most effective constraints and controls for organisation use of Web 2.0."
According to Gartner, with mashups, Ajax and other Web 2.0 technologies already in widespread use, saying "no" to the Web 2.0 ecosystem will generally not be an option. Instead, organisations should take tactical and strategic steps to increase the odds that business use of Web 2.0 will increase the bottom line rather than have a negative business impact through security incidents.
"Organisations need to extend their security processes to enable safe use of Web 2.0 technologies," said John Pescatore, vice president and distinguished analyst at Gartner. "Strategies to contain and protect the use of new technologies will always be more effective in the long run than security approaches that rely solely on blocking."
Mr Pescatore advised organisations to expand their definition of vulnerability assessment to include the detection of external use of corporate content through mashups and internal exposure of sensitive data through Web 2.0 technologies. He also said that service-level agreements with content and service providers for mashups and other collaborative technologies would help to avoid or at least minimise discontinuities of the service. Organisations should not accept applications developed by external service providers, open-source-software communities or business partners unless they are tested for security vulnerabilities.
Additional advice on dealing with Web 2.0 is available in the Gartner report "The Creative and Insecure World of Web 2.0." The report is available on Gartner's Web site at http://www.gartner.com/.... The report "Optimal Security Approaches for the Secure Use of Consumer IT" provides further advice on the use of consumer-grade technologies and services in the enterprise. That report is available at http://www.gartner.com/....
Business demands will increasingly require security organisations to secure, rather than block enterprise access to the Web 2.0 global ecosystem. Many IT organisations are responding to the demand for Web 2.0 technologies. According to a Gartner Executive Programmes survey of 1,500 CIOs worldwide, half of the respondents said they plan to invest in Web 2.0 technologies for the first time in 2008.
"Rather than just stopping the use of Web 2.0 technologies, IT groups should be providing secure means of developing and deploying such applications," said Joseph Feiman, vice president and Gartner fellow. "The business application movement toward Web 2.0 and other related-trends, such as increased use of open-source software and wider deployment of service-oriented architectures, are combining to change how applications are developed with significant implications for security."
"Web 2.0 enables masses of individuals to become application and content developers and deploy Web 2.0 applications that implement their own versions of established business rules and practices. Although this entails risks, it can also unlock huge business value," Mr Feiman said. "By mapping the business gain against the potential risk, organisations can determine the most effective constraints and controls for organisation use of Web 2.0."
According to Gartner, with mashups, Ajax and other Web 2.0 technologies already in widespread use, saying "no" to the Web 2.0 ecosystem will generally not be an option. Instead, organisations should take tactical and strategic steps to increase the odds that business use of Web 2.0 will increase the bottom line rather than have a negative business impact through security incidents.
"Organisations need to extend their security processes to enable safe use of Web 2.0 technologies," said John Pescatore, vice president and distinguished analyst at Gartner. "Strategies to contain and protect the use of new technologies will always be more effective in the long run than security approaches that rely solely on blocking."
Mr Pescatore advised organisations to expand their definition of vulnerability assessment to include the detection of external use of corporate content through mashups and internal exposure of sensitive data through Web 2.0 technologies. He also said that service-level agreements with content and service providers for mashups and other collaborative technologies would help to avoid or at least minimise discontinuities of the service. Organisations should not accept applications developed by external service providers, open-source-software communities or business partners unless they are tested for security vulnerabilities.
Additional advice on dealing with Web 2.0 is available in the Gartner report "The Creative and Insecure World of Web 2.0." The report is available on Gartner's Web site at http://www.gartner.com/.... The report "Optimal Security Approaches for the Secure Use of Consumer IT" provides further advice on the use of consumer-grade technologies and services in the enterprise. That report is available at http://www.gartner.com/....
