'

Web 2.0 in the enterprise: Are you prepared?

One of the big takeaways from IBM's innovations talk over collaboration tools was that Web 2.0 technology is easing its way into the enterprise.

One of the big takeaways from IBM's innovations talk over collaboration tools was that Web 2.0 technology is easing its way into the enterprise.

First, companies like IBM and Cisco will adopt mashups that combine enterprise applications with external applications. Then CIOs will slowly adopt Web 2.0 approaches. These executives will experiment from the inside out.

First, the mashups will be basic, say data scrapes from a travel site coupled with an internal travel application.

From there, these mashups will bridge internal data with trusted partners.

And finally, they will be melding enterprise apps with Google Gadgets and other common toys found today.

It is early in this enterprise 2.0 game, but one question keeps popping up is: What are the security implications here? It is no small issue. What if someone had an Orkut/Google mashup when a worm hit (this is not theoretical since TrendMicro reported it last week).

So what happens when these mashups are used in the regular flow of business?

Sure, there is ROI in application production time when Web 2.0 meets the enterprise. Perhaps productivity jumps. The great unknown is what happens on the security front. Just imagine if some mashup includes QuickTime. How about a MySpace mashup at an entertainment company?

Luckily, we are not to the point where we panic over an enterprise mashup, but it sure will not hurt to think about it.

In an interview, with Luba Cherbakov, a distinguished engineer at IBM, I brought up the issue at Big Blue’s innovation talk last week. Bottom line: Big Blue is experimenting and noodling over the potential policy implications of mashups in the enterprise. Here are some big takeaways from our conversation.

Companies need a mashup policy. Cherbakov had a key point: While its innovation labs can cook up a mashup on the fly, any big rollout across the company needs some sort of partnership even if the APIs are freely available. For instance, employees created a Hertz mashup with IBM’s travel apps. It was handy. However, Cherbakov contacted Hertz to get that data in a REST format. That way the data was more consumable and scaled better.

These mashup policies could help on the security front. At the least, an enterprise would know a Web app would be swapping data with a trusted partner.

Keep mashups in your playground. IBM’s Web 2.0-ish apps are residing in its innovation toy box. These early implementations are not rolled out across the enterprise, said Cherbakov. That is a nice strategy as it keeps these mashups in an area where:

  1. they can be improved; and
  2. they can be quarantined if something goes wrong in a hand basket.
Create a process to harden mashups to make them enterprise class. If a mashup graduates from IBM's innovation toy box, it could follow a few routes:

  • It could be adopted across the company;
  • and

  • It could be developed as a product.

In either case, a mashup would have to become industrial strength. Cherbakov said that IBM is still figuring this one out. "If some mashups need to go to more than 300,000 employees we need to develop some process to harden," said Cherbakov.

When Cherbakov referred to hardening, she was talking more about uptime and making a Web 2.0-ish app enterprise quality. Security, however, will play a role.

For now the best way to secure any enterprise 2.0 toys is to keep them private inside the company. But the day will come when these toys will be externally facing. In the meantime, you need to cook up a plan.

This article was originally a blog post on ZDNet.com.