Raising the red flag on Web 2.0

The move towards Web 2.0 technologies may well be another race between functionality and security, and for now at least, security seems to be at the tail end.

Security professionals are raising the red flag on the increasing pervasiveness of Web 2.0 technologies in the enterprise, saying that while it offers the benefit of rich applications, the risks associated with Web 2.0 can no longer be overlooked.

In the enterprise, for instance, a Web 2.0-enabled architecture involves applications built as Web services that provide cross-platform access and functionalities for users. “Like submitting a record to a database or changing a piece of data (for example),” says Oliver Lavery, a consultant with Toronto-based IT security firm Security Compass.

“The problem is that what’s being exposed there are very detailed, technical procedure calls — Web service calls — using all these new technologies that haven’t really been tested and [the industry doesn’t] have a lot of experience securing them,” Lavery says.

The increasing use of these new tools, without proper understanding of the security issues that may arise as a result, is giving attackers new avenues to explore, says Lavery.

Web 2.0-enabled social networking sites present another attack vector for the bad guys, as well. Web sites such as MySpace and Facebook have allowed people to actively interact and connect in real-time in ways they have never been able to before.

On the surface, the Web 2.0 craze may seem like a consumer phenomenon. But many security experts agree that its pervasiveness is going beyond people’s homes and into the workplace, as employees access these sites from their office computer.

“The most dangerous part of any computer system are the people who run it,” says University of Calgary professor Tom Keenan.

The use of mobile devices, like laptops that typically travel back and forth between the home and office, is not helping the situation either, added Keenan, who is also the IT security spokesperson for the Canadian Information Processing Society. 071496

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now