• 		Enterprise Infrastructure
  Data Centre Servers and Mainframes Storage and Storage Sub-Systems Operating Systems Systems Management Peripherals Virtualization

• 		Communications Infrastructure
  Network and Management Planning Performance Management and Monitoring Network Devices Unified messaging Carriers and Cellular Wireless LAN

• 		Information Architecture
  Service Oriented Architectures Messaging and Collaboration Databases Data Warehousing Identity Management

• 		Integrating IT
  Development Environments Tools and Languages Project Management Middleware / Utilities Outsourcing and Application Service Providers (ASP)

• 		Departmental and End User Computing
  Personal Systems and Peripherals Personal and Portable Devices Personal and Office Productivity Applications Small-Area Networking (SAN) Help Desk and End-User Support Mobile Applications Future Technology

• 		Enterprise Business Applications
  Enterprise Resource Planning (ERP) Business Intelligence and Data Mining Enterprise Portals Open Source and Linux Online Retailing and Ecommerce Customer Relationship Management (CRM) and Customer Self-Service Supply Chain Management (SCM)

• 		Security
  Security Products, Practices and Infrastructure Disaster Recovery / Business Continuity Hacking and Viruses Alerts, Patches and Fixes Privacy Issues

• 		Voice Data and IP
  Carriers and Service Providers Protocols and Standards Hardware, Software and Emerging Applications Regulatory Issues

• 		IT Workplace
  Human Resources Issues Hiring and Retention Careers and the Job Market Salaries and Benefits Education and Training Consulting and Contracting Knowledge Management Knowledge Worker Tools

• 		Leadership
  Issues for CIOs Budgeting / IT Alignment Value Management and ROI Human Capital Management Best Practices Industry News IT Executive Development

• 		E-Government
  Case Studies and Best Practices From Canada and Internationally Legal and Government Policy Issues Management Issues Privacy and Security

• 		The good the bad and the ugly
  The good The bad and the ugly Useful and fun tips

• 		Green IT
  E-Waste and Recycling Hardware lifecycle management Power and cooling Paper and printers Green thinking

• 		News Briefs
  Breaking News

• 		IT Women
  Training and development Profiles Opinions and commentary Global perspectives

• Blogs

• Salary Calculator

• IT Executive Development Series

• Video Library

• IT World Canada Technology News Daily ITwire Global Newswatch

• Slide Show Library

• White Papers

• Product Reviews

• Careers

• ITWorld Canada RSS Feeds

Raising the red flag on Web 2.0

Advertisement

The move towards Web 2.0 technologies may well be another race between functionality and security, and for now at least, security seems to be at the tail end.

Security professionals are raising the red flag on the increasing pervasiveness of Web 2.0 technologies in the enterprise, saying that while it offers the benefit of rich applications, the risks associated with Web 2.0 can no longer be overlooked.

In the enterprise, for instance, a Web 2.0-enabled architecture involves applications built as Web services that provide cross-platform access and functionalities for users. “Like submitting a record to a database or changing a piece of data (for example),” says Oliver Lavery, a consultant with Toronto-based IT security firm Security Compass.

“The problem is that what’s being exposed there are very detailed, technical procedure calls — Web service calls — using all these new technologies that haven’t really been tested and [the industry doesn’t] have a lot of experience securing them,” Lavery says.

The increasing use of these new tools, without proper understanding of the security issues that may arise as a result, is giving attackers new avenues to explore, says Lavery.

Web 2.0-enabled social networking sites present another attack vector for the bad guys, as well. Web sites such as MySpace and Facebook have allowed people to actively interact and connect in real-time in ways they have never been able to before.

On the surface, the Web 2.0 craze may seem like a consumer phenomenon. But many security experts agree that its pervasiveness is going beyond people’s homes and into the workplace, as employees access these sites from their office computer.

“The most dangerous part of any computer system are the people who run it,” says University of Calgary professor Tom Keenan.

Advertisement

The use of mobile devices, like laptops that typically travel back and forth between the home and office, is not helping the situation either, added Keenan, who is also the IT security spokesperson for the Canadian Information Processing Society. 071496