Quick update to Security 2.0 post

Reading through Bill’s comment on my previous post, I was reminded that I meant to tell you all about a very cool, and very related, compendium of information that the folks at the MuniGov 2.0 organization have compiled. The Web 2.0 Security page is basically an annotated collection of reports and “thought pieces” from all over the web, put together and given to us for free! There are positive and negative pieces included – you can read through them and make up your own mind, but as Bill so nicely stated in his comment – our job as IT people is to *support* business use, not stand in the way of our internal customers as they try to do their jobs. If we can do that and maintain security, we’re golden!
Update to the update – I just found a link (via the privacyala Twitter account to an article on Facebook & privacy. The sentence that makes it relevant to this post is:

Policymakers cannot make Facebook completely safe, but they can help people use it safely.

I’m headed off to read the article now, but thought I’d post a quick update here first, to let others know about it!

security Web 2.0

Your Web 2.0 App is a Security Threat

Read/Write/Web today has a story on the dangers of Web 2.0 behind the firewall. They are profiling a company called FaceTime that gives IT departments a way to add web application scanning to their network. Most IT departments do some scanning, at least at the firewall, for malicious applications and sites, but few do any kind of searching for web applications (think Facebook apps, Google’s Team Sites, unsupported IM capabilities, etc.). This company is offering a way to do that. RWW’s take on the matter, in the post Your Web 2.0 App is a Security Threat – ReadWriteWeb is:

Of course, when users become their own I.T. department, they’re unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn’t make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company’s data at risk, they could also be breaking various compliance laws as well.

And this is completely true. The problem isn’t really with the apps, though, it’s with IT departments that refuse to allow *safe* networking practices in their networks. User education, coupled with some monitoring of public sites for confidential information, along with sanctions for misuse of Web 2.0 tools (after the users are educated on proper use, of course) can make Web 2.0 apps part of the IT infrastructure and, consequently, much safer than if the users are off in the “wild west” of web applications, doing things themselves.
I’ve been working on a Tech Report for ALA discussing just how to use these Web 2.0 tools to collaborate with others – and one of the issues that I discuss is the fact that these are publicly facing tools with risks for unintentional leaks of data or confidential information. If your IT department is on the ball and willing to work with you, however, those leaks can be stopped and all of your data can be kept safe – even while you are using these tools to their best effect.
Want more about this? You’ll have to buy the Tech Report next year… until then, however, educating your IT department about the benefits of Web 2.0 applications in the organization will really help to make these things available – in a sanctioned way – for you!

Relation Browser
0 Recommended Articles:
0 Recommended Articles: