Don't Block Web 2.0 Access, Says Gartner

Businesses need to resist the temptation to exclude their employees' access to Web 2.0 technologies and services if they are to benefit from the considerable creativity that Web 2.0 can unleash, according to Gartner.

Business demands will increasingly require security organizations to secure, rather than block enterprise access to the Web 2.0 global ecosystem. Many IT organizations are responding to the demand for Web 2.0 technologies. According to a Gartner Executive Programs survey of 1,500 CIOs worldwide, half of the respondents said they plan to invest in Web 2.0 technologies for the first time in 2008.

"Rather than just stopping the use of Web 2.0 technologies, IT groups should be providing secure means of developing and deploying such applications," said Joseph Feiman, vice president and Gartner fellow. "The business application movement toward Web 2.0 and other related-trends, such as increased use of open-source software and wider deployment of service-oriented architectures, are combining to change how applications are developed with significant implications for security."

"Web 2.0 enables masses of individuals to become application and content developers and deploy Web 2.0 applications that implement their own versions of established business rules and practices. Although this entails risks, it can also unlock huge business value," Feiman said. "By mapping the business gain against the potential risk, organizations can determine the most effective constraints and controls for enterprise use of Web 2.0."

According to Gartner, with mashups, Ajax and other Web 2.0 technologies already in widespread use, saying "no" to the Web 2.0 ecosystem will generally not be an option. Instead, enterprises should take tactical and strategic steps to increase the odds that business use of Web 2.0 will increase the bottom line rather than have a negative business impact through security incidents.

"Organizations need to extend their security processes to enable safe use of Web 2.0 technologies" said John Pescatore, vice president and distinguished analyst at Gartner. "Strategies to contain and protect the use of new technologies will always be more effective in the long run than security approaches that rely solely on blocking."

Pescatore advised organizations to expand their definition of vulnerability assessment to include the detection of external use of corporate content through mashups and internal exposure of sensitive data through Web 2.0 technologies. He also said that service-level agreements with content and service providers for mashups and other collaborative technologies would help to avoid or at least minimize discontinuities of the service. Organizations should not accept applications developed by external service providers, open-source-software communities or business partners unless they are tested for security vulnerabilities.