Gartner Says Organisations Should Not Block Access to Web 2.0 Technologies, but They Can Better Secure These Applications
Excluding Employees From the Web 2.0 Global Ecosystem Could Stifle Creativity and Innovation
Business demands will increasingly require security organisations to secure, rather than block enterprise access to the Web 2.0 global ecosystem. Many IT organisations are responding to the demand for Web 2.0 technologies. According to a Gartner Executive Programmes survey of 1,500 CIOs worldwide, half of the respondents said they plan to invest in Web 2.0 technologies for the first time in 2008.
"Rather than just stopping the use of Web 2.0 technologies, IT groups should be providing secure means of developing and deploying such applications," said Joseph Feiman, vice president and Gartner fellow. "The business application movement toward Web 2.0 and other related-trends, such as increased use of open-source software and wider deployment of service-oriented architectures, are combining to change how applications are developed with significant implications for security."
"Web 2.0 enables masses of individuals to become application and content developers and deploy Web 2.0 applications that implement their own versions of established business rules and practices. Although this entails risks, it can also unlock huge business value," Mr Feiman said. "By mapping the business gain against the potential risk, organisations can determine the most effective constraints and controls for organisation use of Web 2.0."
According to Gartner, with mashups, Ajax and other Web 2.0 technologies already in widespread use, saying "no" to the Web 2.0 ecosystem will generally not be an option. Instead, organisations should take tactical and strategic steps to increase the odds that business use of Web 2.0 will increase the bottom line rather than have a negative business impact through security incidents.
"Organisations need to extend their security processes to enable safe use of Web 2.0 technologies," said John Pescatore, vice president and distinguished analyst at Gartner. "Strategies to contain and protect the use of new technologies will always be more effective in the long run than security approaches that rely solely on blocking."
Mr Pescatore advised organisations to expand their definition of vulnerability assessment to include the detection of external use of corporate content through mashups and internal exposure of sensitive data through Web 2.0 technologies. He also said that service-level agreements with content and service providers for mashups and other collaborative technologies would help to avoid or at least minimise discontinuities of the service. Organisations should not accept applications developed by external service providers, open-source-software communities or business partners unless they are tested for security vulnerabilities.
Additional advice on dealing with Web 2.0 is available in the Gartner report "The Creative and Insecure World of Web 2.0." The report is available on Gartner's Web site at http://www.gartner.com/.... The report "Optimal Security Approaches for the Secure Use of Consumer IT" provides further advice on the use of consumer-grade technologies and services in the enterprise. That report is available at http://www.gartner.com/....
Gartner UK Ltd
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,000 associates, including 1,200 research analysts and consultants in 80 countries. For more information, visit www.gartner.com.
Press releases you might also be interested in
Weitere Informationen zum Thema "Software":
Cloud Zertifikate - Was sind C5 und TCDP?
Mit dem passenden Zertifikat oder Testat können sich Cloud-Nutzer und -Anbieter in Deutschland rechtlich absichern: Anbieter können nachweisen, die gesetzlichen Anforderungen an sichere Cloud-Dienste erfüllt zu haben und Nutzer kommen ihrer Sorgfaltspflicht nach.Weiterlesen