How to integrate data protection into Web2.0 security policies

More and more employees begin to use Web applications for real-time communication or even more complex operations. The internal threats to the company force many companies to invest in data protection technologies. We will discuss these internal threats and show you how to integrate data protection into the Web security policy.

Social networks and web applications are full of enterprises. Web tools build bridges between employees and eliminate physical barriers. These tools allow people to complete business operations in a timely manner. Although timely communication, Web conferences, end-to-end file sharing, and social networking websites can bring many benefits to enterprises, they also provide an opportunity for security issues such as internet threats and Data leaks.

Web2.0 increases the complexity of security protection. Enterprises are seeking a comprehensive approach to protect enterprise security. They hope this approach can reduce both threats and management difficulties.

For many enterprises, social networks and web applications have already exceeded their individual needs and have tools that help them sell products and optimize their work efficiency.

For example, people in the human resources department can use LinkedIn to study employee prospects, and sales teams can use Facebook to interact with customers, the marketing department can use Twitter to share headlines or expand the browsing scope of the latest news or announcements.

These tools also meet the needs of information sharing and timely communication. Their attention and frequency of use should not be underestimated. And its development momentum is also very good. It is estimated that by 2013, the amount of investment invested by enterprises around the world in Web2.0 technology is expected to reach 4.6 billion US dollars. Enterprises cannot ignore this opportunity to use new tools to increase production efficiency.

Next-generation network threats

Although social networks and web applications have increased our collaboration capabilities, they have also triggered a new round of cyber threats.

The characteristics of social networks allow people to establish a network-based, trusted contact network, which expands to the business field. Therefore, users can easily exchange or disseminate information, images and files-typically, such operations do not require authentication and information verification.

The number of malicious code walking through social networks and the number of websites with client-to-end file sharing are rapidly increasing. These new tools are very useful for social engineering attacks, which can be exploited by people who launch these attacks and threaten sensitive data. Therefore, enterprises should ensure that their intrusion defense system is better than the probing mode, and ensure that the system focuses on preventing threats.

Nearly of Data leaks are unintentional. These are caused by employee negligence or unintentional violation of the security policies in the company's manuals. For example, an employee may send a confidential file to an incorrect recipient or use a Web page. A P2P file sharing page sends a large file to a business partner. In any case, if you do not read the detailed operation rules after uploading files, they are likely to lose control of sensitive data.

It is necessary to warn employees which data is sensitive data of the enterprise and inform them about the data classification. Web applications bring many benefits to enterprises, but in order to reduce the following threats, enterprises should seek technical deployment solutions to help employees stay away from high-risk operations through self-learning.

Web browser virtualization technology

To effectively defend against web threats on the client, some leading enterprises are starting to deploy solutions and some corresponding behavior and analysis skills, these skills allow employees to use tools without compromising Enterprise Security.

For example, many enterprises are using Web browser virtualization technology because it can isolate known or unknown threats and provide advanced exploration functions to prevent employees from opening dangerous websites. Currently, almost anyone using a browser can use social networks and web applications. Fortunately, Web browser virtualization technology can isolate enterprise data from the Internet, while allowing employees to freely access the Internet while being protected.

Like many security systems, multi-level protection that focuses on protection is critical to maintaining the Internet Security of enterprises. A good Web2.0 protection policy should contain the following seven features:

1. Application Control: granular security controls deployed for Web2.0, social networks, and Internet applications.

2. Obedience: Record and save records to meet the requirements for adjustment and electronic search.

3. Web filtering: monitors and controls the use of Web by employees.

4. prevent malicious attacks: block spyware, root kits, and worms at the gateway.

5. bandwidth control: controls the use of bandwidth-intensive applications, such as file sharing and video streams.

6. Web browser Virtualization: the dual-browser mode enables employees to isolate enterprise data from the Internet.

7. self-learning function: analyzes user behaviors, pre-configures policies, and warns users when sensitive data is in danger.

The security issue of web is very complex, and it also involves how to enable enterprises to manage new threats. An effective security policy can improve network protection through comprehensive endpoint security, allowing enterprises to easily integrate security services into existing architectures without consuming a limited IT budget. This solution is especially important for enterprises because it provides better security performance, simplifies management, and can be adjusted as business needs change.

1. Websense provides real-time Web and data leakage protection for the F1 Division
2. One-stop Web Application Security Solution