New research from San Diego, Calif.-based security firm Websense Inc. suggests that while 80 per cent of IT managers are confident in their organization’s Web 2.0 security policies, a large majority are ill-equipped to protect against emerging threats. But according to at least one industry analyst, security vendors have to look above and beyond content filtering and work more closely with popular social networking platforms.
The survey, which polled 1,300 enterprise IT managers around the global, found that 93 per cent of Canadian respondents allowed access to at least one type of Web 2.0 site, with those numbers reaching 95 per cent globally.
Additionally, 30 per cent of respondents around the world reported pressure from C-level executives and directors to allow more access to Web 2.0 sites within the enterprise, a statistic causing serious headaches for the 51 per cent of Canadian respondents who felt users in their organization were trying to bypass existing Web security policies.
Despite the numbers, Websense is pointing to the 68 per cent of respondents that do not have real-time analysis of Web content, 59 per cent that cannot prevent URL redirects, and the 53 per cent that are unable to detect and stop spyware and malicious embedded code as a very dangerous security trend.
“We even saw malicious content on Barack Obama’s Web site, so even high-profile sites can be hit,” said Carl Mercier, director of software development for Websense’s Defensio.com service, a spam filtering Web service that protects against malicious attacks in blog comment boxes. He added that many IT managers are too overconfident in their immunity to these threats and don’t take the proper precautions, such as basic backups, to protect themselves.
For Websense, the strongest tool in Web 2.0 protection is content filtering, with the company offering real-time threat protection and Web filtering software specifically designed for growing social networking threats.
But according to Tim Hickernell, associate lead research analyst with Info-Tech Research Group Ltd., while content filtering is an important first step, it’s not the only step to successfully dealing with Web 2.0 security challenges.
“It’s understandable that they focus on this, because that’s what these guys know,” he said. “But what’s unfortunate is there are specific and very unique challenges in some Web 2.0 technologies — especially social networking ones — that are not about content and cannot be trapped at the network level.”
Hickernell said that currently there are no enterprise-class administrative controls on any social networking services. A common problem occurs when employees use their Facebook Inc. account for both personal and business contacts, he added.
“You run the risk of establishing an inappropriate conduit between personal networks and business-oriented networks, which could be an outright security violation,” Hickernell said, adding that even using tedious manual policies, separating the accounts can be nearly impossible.
Some social networking platforms even try and persuade users to offer up access to contacts outside of the social network, such as their Outlook address books, Hickernell said.
To solve the problem, he proposed that security vendors start working with major social networking and Web 2.0 focused sites to develop third-party applications that address these emerging issues.