Securing Enterprise 2.0
Frank notes that while security in the Web 2.0 world is focused more on the protection of personal information, Enterprise 2.0 security (or Web 2.0 in the Enterprise) is targeted on protecting information in the project or community workspace. "The matter of security goes beyond simple authentication—am I who I say I am?— and privacy control—who can see what information," says Frank. In addition to authentication, he notes that other important aspects of security include permissions/access control (What can you see and do in the environment?), an audit trail (What happened over time? When was a document emailed? What comments were included on it?), and monitoring (the ability for users to keep up-to-date on new activity). It also enables administrators to monitor harmful content and suppress it as it’s posted.
Traction Software’s flagship product is the Traction TeamPage hypertext platform that organizations use as the backbone of an online information-sharing system. Through it, Traction Software addresses all of these security issues.
More specifically, Traction Software’s access control lists (ACLs) give server and project administrators the power to manage who accesses each project. The server ACL editor enables the assignment of server-level permissions to individual users and groups. There are permissions for such functions as emailing content out of the server or exporting content from the server to other formats (such as PDF). A project ACL editor controls functions such as what content an individual can author, contribute comments to, or read.
Central Desktop, a business collaboration platform where users can manage and collaborate their workspace in an online environment, launched a suite of security tools in early 2008 to help customers ensure the security of their data. The "security pack" add-on was designed to help these customers comply with both internal and external security issues. Central Desktop’s security features include a strong password complexity layer (in which requirements such as using one lowercase letter are created). Passwords can also be programmed to automatically expire within a specified period of time (such as monthly). Security measures can also restrict access to a company’s online environment to those with a specific IP address.
Just as collaboration in a Web 2.0 environment is a continuous process, security measures require the same diligence, experts agree. "This is not a one-time analysis," says Allan. "It needs to be continuous." Fortunately, the proactive approach that is necessary to have successful Web 2.0 security measures in place is catching on. "We’re seeing the shift to the business owner starting to address the problem proactively," says Allan. "From experience, without fail, we find there is less vulnerability for those who take a proactive approach."
The solutions must still be easy for companies to integrate into their operations. "I can’t say any customers are just buying it and forgetting about it," says Kraynak. "But it needs to be low maintenance." Kathleen Reidy, senior analyst for The 451 Group, notes how solutions such as the ones that Central Desktop offers provide companies with a slate of secure tools that have consumer-friendly functionality. So security becomes an easy process for them to control.
Companies are likely going to have to continue navigating themselves through the security issue, since they may not get a guiding hand from developers. "Developers are going to have to be more security-aware," says Kraynak. "But they are not motivated to do it; they’re motivated by helping the business do better. They’re not motivated to hold back the process for security."
"When you do this as part of the software development life cycle, it’s being caught too late in the cycle," adds Allan. However, Pescatore says that more enterprises are testing software before it is even installed as a way to prevent potential security issues from occurring in the first place.
While Web 2.0 security features can create a more productive work environment, there are also financial benefits. What companies need to recognize, notes Allan, is that implementing security measures can serve as a competitive advantage. "It’s a cost advantage—fixing things early in the cycle costs less," says Allan. "The majority of organizations need to build it into their processes."
Fortunately, this shift is occurring. Web 2.0 security solution providers say that they have seen an increased interest in security products from customers. They expect the need for such solutions will continue to grow as Web 2.0 applications are further developed and integrated into the workflow.