Industry View

New Ways to Approach Security in a Web 2.0 World

Web 2.0 technologies have ushered in a new age of security threats. Brian Foster, vice president of product management with Symantec, shares his insight on what you need to do to safeguard your company in today's business environment

By Brian Foster, Symantec

September 04, 2008CSO

Business isn't what it used to be.

Connectivity is driving increased mobility, online interaction, and collaboration. Communication is the foundation of business. Employees are scattered, and they use multiple devices and applications at multiple locations. Collaboration is enabling new levels of productivity, blurring the lines between end users and enterprises. Transactions, and the sensitive information they include, are moving online. In this new Web 2.0 world, people are the perimeter.

Unfortunately, hackers and cybercriminals are keeping pace in this new domain. Today's attackers are increasingly sophisticated and organized. In fact, they have begun to adopt methods similar to traditional software development and business practices. As security measures are developed and implemented to protect computers and the data stored on and transmitted over them, attackers are adapting new techniques and strategies to circumvent them. And, as attack activity has become more profit-driven, many aspects of it have become professionalized and commercialized. In many ways, today's attacker tools are a reflection of a burgeoning underground economy that requires specialized tools to meet the demands of a highly lucrative industry.

Worse yet, outsider threats are only part of the problem. Enterprises are also vulnerable to threats from within the organization, whether from a disgruntled employee who steals sensitive customer information or a distracted contractor who misplaces a laptop filled with confidential but unencrypted data.

Clearly, in such an interconnected business world, yesterday's approach to security is no longer effective. Just as new ways of doing business were ushered in with Web 2.0, next-generation security practices must be adopted to ensure a more enlightened era of enterprise security. Call it Security 2.0; an evolution in security that focuses not simply on protecting systems and keeping hackers out but also on securing information and interactions. It takes a more dynamic view of security, with technologies and processes that adapt to the reputation or behavior of devices, people, and applications. Policy drives Security 2.0, technology enables it, and operations strengthen it.

Protection Policy

By design, security policies document the rules by which an organization defines a base level of desired security. In a Web 2.0 world, security policies must focus not simply on protecting devices but on securing information. After all, the primary purpose of the devices and systems that comprise an IT infrastructure is to carry and contain the organization's most valuable asset: its information.

Consequently, a security policy must help organizations manage and control both inbound and outbound content to protect them from the inadvertent or intentional distribution of or access to confidential and sensitive information. To that end, a variety of solutions are available to enable organizations to know where their information is, establish policies for accessing it, filter sensitive content in electronic messages, and manage and control database exposure risk. Together with employee security training and awareness, these solutions can protect against data loss.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Rolling the dice with your security? Take the Self-Assessment Test now

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Configuration Assessment: Choosing the Right Solution

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Solving Online Credit Fraud Using Device Reputation