copyright © 2007, patriot technologies, inc. third party brands & names are the property of...

COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS

Maryland DigitalGovernment Summit

June 2009


Lee KellyM.S., CISSPSecurity EngineerPatriot Technologies


Agenda

• Technology Shift

– Traditional apps

– Web Based apps

• Web 2.0

– Adobe AIR

– Mashups – iGoogle

• Questions to Consider


Desktop of Yesterday

Local applications and data

Network applications and data

Basic Web Applications

Static Websites


Desktop of Today

Local applications and data

Network applications

and data

Corporate Webmail

Instant Messaging

Hosted ApplicationsBlogs

Local Weather

Hosted Security

Email Security

YouTube Videos

Networking

UserGenerated

Applications

Hosted Security

Hosted Applications

and Data

User Generated

Content

Web-Based Mashup


Web 2.0 is a Hot Topic

96% of companies are using Web 2.0 technologies find them valuable

-Forrester survey

Web 2.0 can provide a competitive edge and address customer demand.

- McKinsey survey

We encourage employees to develop new methods of relationship-building, learning and collaboration. - IBM Internet-use policy (company has over 33,000 Facebook accounts)

Companies have made the leap into Web 2.0 without thinking about security

- Forrester survey

AJAX flings open the door to new malware propagation methods”

- Richard McManus, ZDNet

“This stuff scares the hell out of me.” - Paypal CISO

Web 2.0 security is seriously flawed- PCWorld


Business Growth Driving Web 2.0 Adoption in the Workplace

6

• Web 2.0 includes– Social Networking– Hosted Applications– Blogs, Wikis– File Sharing– RSS Feeds

• New technologies allow users to

– Create, Post– Modify, Edit– Interact– Share Information

•

•Corporate Webmail

• •Instant Messaging

•

•Hosted Applications•Blogs

•

•Local Weather

•

•

•File Sharing•YouTube Videos

•

•

•Networking


Users are utilizing Web 2.0 in the Workplace

7

• 74% of IT managers allow access to mashups

• 71% allow wikis

• 56% allow access to photo uploading sites

• 49% allow access to social networking sites

•

•Corporate Webmail

• •Instant Messaging

•

•Hosted Applications•Blogs

•

•Local Weather

•

•

•File Sharing•YouTube Videos

•

•

•Networking


The Web 2.0 ProblemWeb 2.0 is Happening

• Companies face increasing demands to adopt Web 2.0

• Technologies enable efficiency, better communication and service

• Increasingly, employees will use it anyway

Web 2.0 is Scary

• Web 2.0 breaks legacy security models

• Reactive systems can’t keep up with dynamic content and threats

• Deployments are outpacing security solutions


What are Risks of Web 2.0?

• Reputation systems know what used to be on a site – not what was just posted

• AV signatures are reactive – waiting until the damage is done

• Simplistic, non-granular policies can lead to over-blocking and frustration

Examples :

– Facebook = BAD, block all pages

– Wikipedia = GOOD, allow unrestricted access

9

•Many security systems rely on looking backwards


Adobe AIR


iGoogle


iGoogle

• Hotmail• Yahoo

• Twitter• Chats• IM


iGoogle


Web Security is Changing

• URL filtering has become commoditized• Many vendors adding filtering to core offerings – cheap or free

• Web 2.0 is game changing– Dynamic user-generated content creates

many new security risks– Need to prevent the bad content from coming in and the good content from going out

Web Filtering

Web Security

Valu

e

Time Today


New Security Requirements:Shift to a Data-Centric Focus• It’s all about the data

• Internal threats cost more than external

• Employee 2.0 meets Web 2.0• Internet as a business enabler

• Traditional security is ineffective• Guard infrastructure against inbound

attacks – not against outbound data loss

• Single communication channel, no collaboration to examine content and context in real-time

• Reactive, static, signature-based• Lack business context, don’t know

“who” and “what” goes “where” and “how”


Questions to Consider

• Are you planning to use Web 2.0 technologies to support business initiatives? What are those business initiatives?

• What Web 2.0 projects do you have on your roadmap?– Mobile users, customer intimacy/extranets

• What are your concerns about Web 2.0?– Privacy, Information leaks, New threat vector

• What security measures are you using to effectively control usage of Web 2.0 technologies and websites?

• How will Web 2.0 impact your risk profile? Compliance programs?• Is blocking Web 2.0 hindering business opportunities?

copyright © 2007, patriot technologies, inc. third party brands & names are the property of...

Documents