How can we avoid Web 2.0 security threats?

Source: Internet
Author: User

The collaboration and interaction of Web 2.0 technologies are extremely attractive to enterprises. companies of all sizes can make full use of social networking websites, free online services and other collaborative web 2.0 platforms.

Although its interaction is both interesting and enlightening, it also reduces productivity, and has vulnerabilities and internal security threats that cause data leakage. The latter three are even more of a major threat to the business of web 2.0. CISO must seek a balance between security and business needs to reduce the risk and harm of data leakage.

Due to the rapid development of web 2.0 technology, the time test security method may no longer be the best choice to defend against attacks and prevent data leakage. Many enterprises use traditional web filtering methods (basic methods against web threats), but they cannot cope with web 2.0 security issues, because protocols such as AJAX, SAML, and XML pose some trouble for threat search. Similarly, RSS and rich Internet applications are being placed directly on the Internet. Non-static content increases the difficulty of identity recognition. Finally, user-generated content is hard to be saved.

In addition to traditional defense, such as standard images, IDS/IPS, bandwidth correction, anti-virus/anti-malware, and firewall rule settings-many CISO are focusing on data leakage defense technology, to mitigate the threat of data leakage. However, they also found that these emerging technologies were not immediate. Whether deploying a network-based, hosted product, or data identification DLP product, you must keep in mind the importance of balancing speed, accuracy, and adequate coverage.

DLP content analysis products provide various web 2.0 security options. We must understand the differences and commonalities in order to deploy a product that can meet the needs of enterprises. DLP analysis techniques include: Pattern-based search using regular expressions, fingerprint identification using real database search elements, accurate file matching, and statistical analysis to search for content that may contain sensitive information, document matching is used to supplement documents, vocabulary analysis, and supplier directories to handle adjustment laws. Of course, it is not a skill that applies to all cases. The skill you choose depends on the data you protect.

How can security experts protect web 2.0 security? The answer is overall planning. There is no problem in accepting web 2.0. We only need to recognize the existence of threats and create a web 2.0 Security toolset to maximize its effectiveness. This Toolkit should be based on commercial goals to establish a strategy with evidentiary documents and clearly specify what content is allowed, what content is intercepted, and who is allowed, when to access the content. You can develop new policies or update the current policies to make them clear and operable.

After the policy is in place, it is necessary to prevent information leakage from the network. Your toolset must contain technologies that can be monitored, defended, warned, encrypted, and secured. Deploy a product that prevents sensitive information from being leaked from the peripheral email system and set it to run in real time to avoid affecting the productivity of employees or enterprises.

Finally, even if all the above controls are in place, data and information may still be leaked. Enterprises should always be vigilant. When enterprise information can be obtained from the Community, it is best to use well-known protection services, internal monitoring programs or password access when identifying and processing instances.

Among all emerging technologies, web 2.0 and its related components are developing rapidly, and security experts need to be highly vigilant against the potential threats. Strategy, technology, and architecture that resist threats must be forward-looking and can be used by CISO to further consolidate its value

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.