The problem is almost as old as the World Wide Web itself: Security threats, in the form of viruses, malware and data loss, have been worrying IT security folks for many years now.

Typically, the response is to fight technology with technology: That is, put up so many layers of firewalls, password protection and data encryption that your company becomes a virtual fortress. And, even throw in a “sandbox” that can snag up the hackers within a faux environment.

But, with more and more social networking and Web 2.0 services becoming part of enterprise operations, security gets even more complex. A new survey out of Ponemon Institute finds 80 percent of 2,100 IT security administrators believe social networking, Internet applications and widgets “have significantly lowered the security posture of their organization.” (An executive summary of the survey findings is available.)

There's nothing new about the security threats Web 2.0 presents. The respondents’ fears are about the usual suspects: viruses, malware, botnets and workplace inefficiencies.

So is it time to buy and throw up the next generation of security solutions, some of which may not even be developed enough to handle all the exposures Web 2.0 brings?  Is it enough to keep fighting technology with technology?

Or, perhaps, it’s time to fight Web 2.0 with Web 2.0, which means taking user-empowered networking and securing it with user empowerment. In the report, Ponemon recommends putting employees themselves in charge of security issues. More than half of U.S. respondents believe the most responsible party for minimizing Web 2.0 security risk should be the end-user, followed by information security (CISO) and corporate IT (CIO).

Of course, you can't just hand security details to the end users and tell them to deal with it. Training and education are needed to keep users aware of the threats and the consequences. In the survey, the security executives expressed reservations about the abilities of end users to manage this.

But having end-users take more responsibility for the security of their activities makes perfect sense. We can't afford to have police watching every mile of highways for traffic violators—we rely on the common sense of every individual driver to keep themselves in line and driving safely. (And this works most of the time.) Likewise, as end-users become more self-directed, and either engage in online communities or build their widgets, we need to rely on their better judgment to avoid security mistakes. That's where the training comes in.

This article can also be found at InsuranceNetworking.com.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access