Security for Web 2.0

Setting security rules in the new Web world.

Your employees might be blogging right now, as you read this. Or visiting a wiki site, checking out MySpace or sending instant messages. Best case? Your bright, tech-savvy employees are creating and collaborating. Worst case? Those same employees are unleashing company secrets or damaging your business’s reputation. It’s a conundrum that pits IT security managers and their instinct to protect information against companies’ desire to take full advantage of the newest technologies and attract the best technical minds.

Not surprisingly, response to Web 2.0 is as varied as companies themselves. Financial services firms, banks and other businesses in highly regulated industries tend to ban such online activities outright; others swing the other way, with few restrictions and light oversight.

But, alas, most companies fall somewhere in the sticky middle — trying their best to restrict activities that expose them to undue risk while letting their employees experience the full creative benefits of the Web 2.0 world.

Many organizations are now figuring out how to develop these custom-fit rules. Our exclusive survey of IT executives shows that just over half have already made that first effort, implementing policies to regulate employees’ use of social and networking sites and instant messaging. And of those companies that do have policies in place, 76% prohibit those activities altogether.

Are total bans the right approach? For some, yes, and for others, no. In the following pages, you’ll read stories about companies that have wrestled with that question and, in the process, figured out the policy that works best for them. And as these companies know, it’s not just about applying a technology fix; a big part of the answer is effectively communicating those policies to employees.

In the end, as surely as you have employees, you have Web 2.0 security concerns. There’s no ignoring the issues, and there’s no boilerplate for addressing them, either. But we hope you’ll draw a few policy ideas from the experiences of the organizations profiled in this issue.

Because as Michael Miller, Global Crossing’s vice president of security, says, “If you spend all your time blocking it, people will find ways around it.” .

Ellen Fanning is special reports editor at Computerworld. She can be contacted at ellen_fanning@computerworld.com.

Special Report

Security for Web 2.0

How to keep corporate secrets safe in the new Web world.

Stories in this report:

  • Editors Note

    How companies are learning to keep their corporate secrets safe in the new Web world.

  • Keeping Secrets in a WikiBlogTubeSpace World.
    The debate rages over how to minimize security risks from blogging, social networking, video-sharing and other interactive activities that fall under the Web 2.0 umbrella. Heres how some companies are tackling the problem. Plus, Sun Microsystems, IBM, Yahoo and other companies share 15 guidelines for creating a blog policy.

  • IM Confidential
    Upfront recognition of IM as a powerful business tool requires upfront employee accountability for its use. Heres how to avoid the security problems. Plus, five questions to help you decide what type of instant messaging policy is best for your company.

  • Your Gadgets Are Springing Leaks
    Handheld electronics are cheap enough for the average worker to own, which means more of these devices and a greater variety of them are getting hooked up to networks. Heres how to plug the holes.

  • The Conversation.
    Thou shalt not is a big turn-off for the Gen-Y crowd. When spreading the message about small-device security, try face-to-face communication and sharp marketing.

  • Six Ways to Stop Data Leaks.
    The theft of $400 million worth of proprietary information from a DuPont database offers lessons in how to mitigate risks and better track whats going on inside the firewall.

  • Shred Your Bits for Safetys Sake.
    Jeff Jonas, chief scientist and distinguished engineer at IBMs entity analytic solutions group, discusses anonymization, a method of data protection, in this interview with the IDG News Service in Singapore

  • Get Serious
    Columnist Mark Hall is angry that CIOs are too timid to tackle the problem of secure messaging. But he outlines a plan that they should follow.

  • TECHCAST
    Web 2.0 poses technical, social and legal challenges for corporations. From user education to secure coding to insurance, there are many things to consider. Listen to Computerworlds Web 2.0 Security Techcast for an overview of the responses companies should be taking.

  • Security Survey Results
    Computerworlds exclusive February security survey of 113 IT managers showed that although more than half of respondents' companies have policies in place regarding employees' use of social networking sites, just over a quarter have policies for small devices such as iPods, USB drives or cell phones with cameras.

  • FAQ: Web 2.0 basics
    Still in the weeds as to what constitutes Web 2.0? Our FAQ guides you through four basic tenets: collaboration, aggregation, publishing and multimedia.


clear.gif

Related:
How AI will change enterprise mobility
  
Shop Tech Products at Amazon