Home > Networking, Security > Network Security Admins: Don’t fight Web2.0!

Network Security Admins: Don’t fight Web2.0!

Like many network security professionals I have always taken the “lock it down then give specific access” approach. This approach worked well throughout the 90’s and early 2000’s. However with the rise of Web2.0 this just isn’t possible anymore.

Web2.0 is all about collaboration and interaction. Marketing departments are using Facebook, Twitter, MySpace, Flickr, YouTube and a multitude of other interactive technologies to gain the attention of current and prospective customers. HR departments are using the same technologies to find and retain employees. There is a definite business case for Web2.0 technologies to be used in a corporate environment.

The legacy Web1.0 applicaitons were easier to deal with. Firewalls and content filtering proxy servers could be utilized to block and/or restrict traffic to web mail, IM, dating websites, and other interactive sites. Web2.0 has changed this. Perimeter security vendors have been slow to deal with Web2.0 management, other than to block it. In my research I’ve also had almost every security vendor say “We have something coming soon!” Facetime has some promising offerings for social networking content control.

If the security technology is not quite there then Web2.0 must be blocked right? Wrong! From experience I can say that users wishing to use Web2.0 will find a way even if it is blocked. No matter how secure your network is there are always new online proxy services providing a hole through  your firewall. Not to mention that Web2.0 developers are finding ways to get into the corporate network in ways that make them hard to spot.

Instead as IT professionals we must work with the users to find out what they need out of Web2.0 technolgies. Instead of saying “No, you can’t have a Facebook site” we must research the technology and determine the best way for users to utilize it. I am currently doing this myself. I have researched how marketing can utilize Facebook, Flickr, YouTube, and Twitter together to provide meaningful interaction with customers. At the same time I have researched the security best practices for each of the technologies to reduce business risk.

While doing this the company policy also has to be updated. Most companies have an outdated corporate internet policy which does not take Web2.o into account. Or worse companies have no internet usage policy. A new policy has to be written and put forth letting users know what they can and can’t do on the internet while at work. Insure the policy explains the dangers of interactive content, but also allows enough leeway so users can get their job done. I really hope the days of network security professionals acting as big brother are done.

Just remember: Don’t forbid users from using Web2.0! Despite your best intentions it will cause a divide between IT and end-users. Remember no matter how secure you think your perimeter is, there are a multitude of ways for users to bypass that security and use Web2.0 technologies anyhow. Be sure to work with them to reduce risk associated with online social networking technologies.

Advertisements
Categories: Networking, Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: