Don't forget to secure your web applications

Share

The gold rush pushed by Web 2.0 and service-oriented architecture means things sometimes get left behind.

Take security, which is often seen as an afterthought when companies produce web-enabled applications.

While it can be great to push a new collaborative platform to market, lack of proper IT developer training leads IBM security expert Michael Weider to estimate that 80 to 90% of web sites have fairly serious vulnerabilities.

Shoddy IT fencing could leave your business prey to malicious attacks from predators and the result could be a potential loss of customer data, with a devastating effect on your company's reputation and balance sheet.

It is not a risk worth taking. So, how can companies ensure that security is central to their new collaborative strategies?

Safety first should be the key phrase – for while it's good to allow new forms of communication through social software, too much communication can encourage loose practices.

When it comes to panning for gold, crackers have quickly realised that users regularly post their crown jewels – personal information – on various social networking platforms.

Many Web 2.0 applications are not browser-based and the client-side nature of social software means traditional attempts to block URL addresses are often circumnavigated.

And the challenge, given the work practices of many employees, is likely to be significant. About a third of users download the applications they want regardless of company policy, according to FaceTime Communications.

Your IT staff must be schooled in building safe collaborative platforms, where security is integral to the development and testing of web applications.

Smart companies will allow employees to use collaborative systems without draconian rules, but users should be given guidelines on acceptable behaviour.

Back up your access control policies with attention to the audit trail, using specialist profiling tools to analyse changes and potential malicious activity.

Leading providers are now creating web application security suites that test for vulnerabilities and then suggest possible fixes.

Taking such steps now will mean your web security is not compromised in the impending collaborative gold rush.