There are few Web security policies that people cannot get around with a little thought and ingenuity. Flexible, interactive Web applications like Web 2.0 have made eluding traditional security measures easier than ever before. What to do?
The answer, according to this article, is both procedural and technological. To begin with, there are many ways in which Web 2.0 tools can be useful to business operations. Managers are advised here to evaluate if and how new software tools can benefit their company. [A blanket ban of useful tools will be seen by end users as irrational and they will try to bypass or work around it.] If the benefits are significant, the company is advised to find ways to encourage the use of those tools in that context.
The author claims that guidelines about acceptable usage should be publicized and backed up by a “technological enforcer.” He notes that new Web applications are constantly being created and no sooner has a company found a tool to manage and secure employee use of Web tools than another application appears. In May of 2008, analyst group IDC introduced a new security tool, eXtensible Threat Management (XTM). The author notes that most security vendors identify new threats and quickly integrate protection into their solutions. XTM users, however, receive extended protection as a software update, which automatically integrates into their security infrastructure and is managed through the same interface.
Source: Andrew Fourie. Computer Reseller News; September 22, 2008, p22