The web 2.0 world makes security more complex. Enterprises are looking for a comprehensive security technology to reduce (rather than increase) the number of threats and simplify the management and compliance challenges faced by IT administrators. Although instant messaging, online meetings, point-to-point file sharing, and social networking websites can facilitate businesses, they have become the latest entry point for internet threats, violations of compliance, and data loss.
For many companies, the advantage of social networks and web 2.0 applications lies not only in user usage, but also in helping enterprises promote products and optimize labor.
For example, human resources can use LinkedIn to study employee development prospects, sales teams can use Facebook to communicate with customers, and marketing departments can use Twitter to share information or the latest news.
Easily share information and communicate in real time. These advantages make web 2.0 very attractive, and this trend will continue to develop, by 2013, enterprises are expected to invest $2.0 in web 4.6 billion technology. Enterprises cannot ignore the opportunity to use these new tools to increase productivity.
New Generation Internet Threats
Although social networks and web 2.0 applications have improved collaboration capabilities, they have also brought about a new generation of Internet threats.
The nature of a social networking website allows users to establish a network of contacts that expand to external enterprises based on trust factors. This allows users to easily exchange or disseminate information, images, and files, generally, no additional authentication or verification information is required after logon.
The number of malware incidents spread on social networks and P2P file sharing websites is also rapidly increasing. These new tools are suitable for social engineering-based attacks, attackers can quickly exploit this attack and endanger important data. Therefore, enterprises should ensure that the Intrusion Prevention System (IPS) is in the monitoring mode and focus on real-time threat defense.
Nearly 80% of data loss occurs unconsciously because of employee negligence or unclear security policies written in the enterprise employee manual. For example, an employee may send an email containing important files to an incorrect recipient, or use a P2P file sharing website based on the network to send large files to business partners, they may not know that they have lost ownership and control of important data after uploading materials.
The key to avoiding the problem is to let employees know which data is important in the enterprise and educate them about which specific types of data can or cannot be sent out. To reduce the risks caused by web 2.0 applications, enterprises should deploy technical solutions to help key employees avoid risky operations through self-learning technology.
Web browser virtualization technology
To effectively protect users' clients from web 2.0 threats, some leading enterprises are deploying technical solutions and a series of behavior and analysis technologies, make reasonable use of collaboration without compromising security.
For example, enterprises are preventing users from logging on to the threat website in advance by isolating known and unknown web browser virtual technologies. Now, anyone can use social networks and Web 2.0 applications through a browser, while web browser virtualization technology can help enterprises separate enterprise data from the Internet, it also provides full protection for users to surf the Internet freely.
Just like other security issues, the key to protecting enterprise system security lies in the multi-level protection that focuses on prevention,Excellent web 2.0 protection policies should protect the following seven features:
1. Application Control: deploy detailed security control for web2.0, social networks, and Internet applications
2. Compliance: Write logs and archive each record to meet compliance requirements or electronic discovery needs.
3. Web filtering: monitors and controls users' web usage.
4. malware defense: block spyware, rootkits, and worms on the Gateway
5. bandwidth control: controls the use of bandwidth-intensive applications (such as file sharing and video streams)
6. Web browser Virtualization: the dual-browser mode allows users to separate enterprise data from the Internet
7. self-learning capability: analyzes user behaviors and pre-configuration policies, and reminds users of critical data risks.
Security in the web 2.0 world is very complex, and many enterprises are faced with the challenge of how to deal with such threats. Effective web 2.0 security policies can make up for network protection deficiencies through comprehensive endpoint security protection, and enable enterprises to freely integrate new security services on their existing infrastructure, IT does not require a limited IT budget. Most importantly, enterprises should deploy such solutions with better security, simpler management functions, and sufficient flexibility to meet ever-changing security requirements.