Beware web 2.0 security risks, companies warned

The use of web 2.0 technology in business is creating significant security risks which need to be addressed.

The adoption of the web 2.0 technologies - such as blogs, wikis and social networks - is seen by analysts at Gartner as creating security risks, even as it also creates unprecedented collaboration.

Although these risks are manageable, enterprises must put security measures in place at an early stage of development of web 2.0 apps, according to the analyst.

Cheat Sheets

♦ Web 2.0
♦ Mash-ups

Speaking at a conference in Sydney, Australia, Gartner fellow Joseph Feiman said many of the concepts of web 2.0 technologies run against traditional IT security practice.

He said the use of the technology means companies relinquish a "level of control that they historically would not tolerate", meaning a rethink of security is essential.

Feiman said issues to consider are how to protect internal users and the business from malicious code, RSS feeds and information leakage through blogging, for example.

Blogging can be a positive for building communities and brand awareness, he added, but also has the potential to reveal company secrets or provide an outlet for disgruntled employees.

Gartner added that control of content and intellectual property is much more difficult as web 2.0 apps can easily be reused and redistributed by third parties.

Because of this, Feiman said enterprises must choose which content they are willing to make public.

Other recommendations from Gartner include the use of secure coding - to assume all public content will be reused - and to educate internal users and make use of web vulnerability tech.

By the end of 2007, Gartner predicts 30 per cent of large companies will have some kind of web 2.0-based business initiative up and running.