A New Threat Landscape

By Jim Haskin  |  Posted 2009-07-28 Print this article Print

A new threat landscape

While many organizations have found ways to put Web 2.0 to good use, the CIOs and Chief Security Officers (CSOs) at those companies are left to worry about malware risks, data loss and other security concerns.

Traditional security solutions such as anti-virus alone cannot protect from dynamic Web 2.0 threats that evade anti-virus detection by using active scripts, obfuscated code, converged Web and e-mail delivery methods, and social engineering tactics. Security in a Web 2.0 world requires real-time analysis and categorization of never-before-seen Web content on the fly.

For example, earlier this year, hackers took advantage of the aforementioned My.BarackObama.com site, using the site's blogging platform to distribute pornographic content and a malicious Trojan attack. Of even more concern, only 30 percent of leading anti-virus vendors were able to detect the threat.

In addition to the threat of malware, IT professionals also need to prevent employees from uploading intellectual property, trade secrets or other sensitive information to blogs, cloud computing sites such as Google Docs, or other Web 2.0 applications.

For example, my own company worked recently with a large hospital to help them monitor data regulated by the Health Insurance Portability and Accountability Act (HIPAA). The IT department was shocked to discover that nurses doing their rounds typed patient notes into Google Docs from their laptops (rather than taking notes on paper), and then would transcribe them into the hospital's secure system.

At the end of their rounds, the nurses would copy the patient information from Google Docs into the hospital system. They were simply trying to be more efficient in their work, but the practice violated HIPAA regulations. If the hospital had the right security technologies in place, the nurses could securely use cloud computing and collaboration tools without violating policy.

Jim Haskin is CIO and Senior VP of Marketing at Websense, Inc. Bringing more than 20 years of experience in his dual role, Jim is responsible for IT direction and execution, as well as worldwide marketing. Prior to joining Websense, Jim served as group leader at Acxiom Corporation. Before Acxiom, Jim was VP of global services for Manufacturing and Distribution at Siebel Systems, Inc. Jim has a BachelorÔÇÖs of Science degree in information systems from the University of Maryland and a MasterÔÇÖs degree in business administration from the University of California, Irvine. He can be reached at jhaskin@websense.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel