Web 2.0 in Enterprise Needs a Lock

Culture of sharing needs to be reminded about TMI at work.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

SAN FRANCISCO -- The culture of participation fostered by Web 2.0 applications like blogs, wikis and widgets has turned end-users into content creators and developers. But when consumers come to the office, they need to leave their open mindset at the door.

A peer-to-peer discussion led by Charles Renert, senior director of advanced content research at Websense, showed how easily collaboration tools can insert malicious code into trusted sites.

Collaboration and social networking tools have already made strong inroads into the enterprise, both through sanctioned channels and through unauthorized downloads. Earlier this week, IBM introduced the IBM Mashup Center, a bundle of tools for non-technical users and developers. And Gartner predicts that the market for enterprise social software will more than double in the next three years, reaching $707.7 million by 2011.

Businesses realize that to attract younger customers, they need to provide the kind of open online environment they're used to from MySpace and Facebook. But how do you explain to the guy who posted shots of his naked self guzzling a margarita on a consumer photo-sharing site that putting his account data into a comment on your financial services company's blog is a no-no?

"Any technology that allows the end user to write script is dangerous. If I can get you to come to my wiki or blog, and I have JavaScript there, I can do all kinds of nefarious things," an IT administrator for a financial institution pointed out.

Sans security controls, company-hosted blogs and wikis make it all too easy to post malware. Then, the trusting, sharing culture of Web 2.0 encourages others to click on the link. Even reading blog comments could activate malicious JavaScript.

This article was first published on InternetNews.com. To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.