Real IT with Enterprise 2.0

Convergance of SOA, BPM, EAI and Web 2.0

«

Web 2.0 and Application Security

Posted by precopio on January 3, 2008

For the past year, I’ve had the opportunity to speak with hundreds of companies and organizations about Web 2.0 and Web applications.  Every company has plans to move many of their mission critical applications to the Web.  However, many companies do not have a web security plan in place to ensure these applications are free from exploits and hackers. 

One company, who has 200 Web servers and handles over a million transactions, only uses SSL for secure access.  We had a long conversation about other security strategies that included vulnerability management.  To my surprise, the company not only doesn’t use this type of solution, they hadn’t heard of the technology. 

With millions of people using the Web for banking, purchasing, selling and posting information, there is a substantial increase in network, database and Web application vulnerabilities.   In fact, Web 2.0 applications have 5 times more vulnerabilities then Microsoft products.  Companies need to research and implement vulnerability management solutions. 

There are many products on the market and even a few open solutions that can help companies detect and remediate vulnerabilities.  One of these companies is Rapid7.  Rapid7 provides a unified vulnerability management solutions for scanning networks, Web applications and databases.  This solution is perfect for companies who want and need to protect their complete network.  I had the opportunity to speak with customer of Rapid7 and found their product to be as promised. 

This entry was posted on January 3, 2008 at 1:52 pm and is filed under Andrew McAfee, BPM, Blogroll, Enterprise 2.0, Enterprise Web 2.0, Office 2.0, Precopio, SOA, Web 2.0. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Web 2.0 and Application Security”

  1. Yonni Harif said

    January 6, 2008 at 8:15 am

    Security in the enterprise will continue to be a major factor as Enterprise 2.0 solutions become more popular. In fact, it is the number one concern of customers looking to leverage consumer technologies at work. Companies seek to make use of these technologies while ensuring information does not leak out and they do not open themselves up to any new (and yet unknown) security threats. It is indeed important to identify the vulnerabilities, and there are new ones brought on by the use of new technologies, like RSS, Ajax, and instant messaging. It is also important to balance these security considerations with maintaining the flexibility and ease-of-use of the Web 2.0 environment. When we speak to companies and security concerns are raised, this is exactly the kind of discussion they are intent on. WorkLight’s approach to security is to provide an on-premise Enterprise 2.0 “platform” that makes proprietary corporate data stored in applications accessible across different Web 2.0 interfaces – personalized homepages, widgets and gadgets, RSS , but in a secure way. This affords the flexibility needed to do business while keeping protected information safe, behind the corporate firewall.

    Yonni Harif
    WorkLight

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«