Read/Write/Web today has a story on the dangers of Web 2.0 behind the firewall. They are profiling a company called FaceTime that gives IT departments a way to add web application scanning to their network. Most IT departments do some scanning, at least at the firewall, for malicious applications and sites, but few do any kind of searching for web applications (think Facebook apps, Google’s Team Sites, unsupported IM capabilities, etc.). This company is offering a way to do that. RWW’s take on the matter, in the post Your Web 2.0 App is a Security Threat – ReadWriteWeb is:
Of course, when users become their own I.T. department, they’re unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn’t make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company’s data at risk, they could also be breaking various compliance laws as well.
And this is completely true. The problem isn’t really with the apps, though, it’s with IT departments that refuse to allow *safe* networking practices in their networks. User education, coupled with some monitoring of public sites for confidential information, along with sanctions for misuse of Web 2.0 tools (after the users are educated on proper use, of course) can make Web 2.0 apps part of the IT infrastructure and, consequently, much safer than if the users are off in the “wild west” of web applications, doing things themselves.
I’ve been working on a Tech Report for ALA discussing just how to use these Web 2.0 tools to collaborate with others – and one of the issues that I discuss is the fact that these are publicly facing tools with risks for unintentional leaks of data or confidential information. If your IT department is on the ball and willing to work with you, however, those leaks can be stopped and all of your data can be kept safe – even while you are using these tools to their best effect.
Want more about this? You’ll have to buy the Tech Report next year… until then, however, educating your IT department about the benefits of Web 2.0 applications in the organization will really help to make these things available – in a sanctioned way – for you!