Web 2.0 threatens security: Symantec

Web 2.0 threatens security: Symantec

Summary: Security firm Symantec has highlighted Web 2.0 technologies and instant messaging (IM) applications as significant threats to corporate security.

TOPICS: Enterprise 2.0

Security firm Symantec has highlighted Web 2.0 technologies and instant messaging (IM) applications as significant threats to corporate security.

In its Internet Threat Report for the first half of 2006, which was published on Monday in the US, Symantec said that the collaboration required to create Web 2.0 projects opened the technology to vulnerabilities.

Web 2.0 technologies present "a number of areas for security concern", one of which is the "rush to develop" services and applications without delivering the same level of security auditing as would happen with traditional client-based applications.

Symantec's Asia Pacific vice president, David Sykes, said the main worry was that because many Web 2.0 projects relied on the collaboration of several independent sources, it would be easier for malicious users to find a way of exploiting the "implied trust" that was required.

"The collaboration basis is built on trust and automatically, it is available to be exploited by someone with malicious intent. In addition to that we are racing to get these apps to market in time and perhaps we are not taking all the care we could to address security issues.

"Web 2.0 opens up both those soft underbellies in a pretty big way and we anticipate we will be working hard to protect that environment in the future," added Sykes.

Keeping an eye on IM
Sykes told ZDNet Australia that IM applications were also a problem because too often they were being used without the proper authorisation or controls.

"IM is now out there as a broadly based communication mechanism. It is going into commercial environments and if you are someone who wants to compromise privacy for financial gain then that would be a nice juicy target -- particularly since it is often flying under the radar for most large corporate IT security operations," said Sykes.

Sykes said that e-mail quickly became a popular method of delivering malicious content to users and IM is destined to follow the same route: "Sit down and track the history of malicious code and security breaches by e-mail -- we are watching the same thing happen with instant messaging".

Topic: Enterprise 2.0

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion