View
213
Download
0
Category
Preview:
Citation preview
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Maryland DigitalGovernment Summit
June 2009
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Lee KellyM.S., CISSPSecurity EngineerPatriot Technologies
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Agenda
• Technology Shift
– Traditional apps
– Web Based apps
• Web 2.0
– Adobe AIR
– Mashups – iGoogle
• Questions to Consider
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Desktop of Yesterday
Local applications and data
Network applications and data
Basic Web Applications
Static Websites
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Desktop of Today
Local applications and data
Network applications
and data
Corporate Webmail
Instant Messaging
Hosted ApplicationsBlogs
Local Weather
Hosted Security
Email Security
YouTube Videos
Networking
UserGenerated
Applications
Hosted Security
Hosted Applications
and Data
User Generated
Content
Web-Based Mashup
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Web 2.0 is a Hot Topic
96% of companies are using Web 2.0 technologies find them valuable
-Forrester survey
Web 2.0 can provide a competitive edge and address customer demand.
- McKinsey survey
We encourage employees to develop new methods of relationship-building, learning and collaboration. - IBM Internet-use policy (company has over 33,000 Facebook accounts)
Companies have made the leap into Web 2.0 without thinking about security
- Forrester survey
AJAX flings open the door to new malware propagation methods”
- Richard McManus, ZDNet
“This stuff scares the hell out of me.” - Paypal CISO
Web 2.0 security is seriously flawed- PCWorld
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Business Growth Driving Web 2.0 Adoption in the Workplace
6
• Web 2.0 includes– Social Networking– Hosted Applications– Blogs, Wikis– File Sharing– RSS Feeds
• New technologies allow users to
– Create, Post– Modify, Edit– Interact– Share Information
•
•Corporate Webmail
• •Instant Messaging
•
•Hosted Applications•Blogs
•
•Local Weather
•
•
•File Sharing•YouTube Videos
•
•
•Networking
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Users are utilizing Web 2.0 in the Workplace
7
• 74% of IT managers allow access to mashups
• 71% allow wikis
• 56% allow access to photo uploading sites
• 49% allow access to social networking sites
•
•Corporate Webmail
• •Instant Messaging
•
•Hosted Applications•Blogs
•
•Local Weather
•
•
•File Sharing•YouTube Videos
•
•
•Networking
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
The Web 2.0 ProblemWeb 2.0 is Happening
• Companies face increasing demands to adopt Web 2.0
• Technologies enable efficiency, better communication and service
• Increasingly, employees will use it anyway
Web 2.0 is Scary
• Web 2.0 breaks legacy security models
• Reactive systems can’t keep up with dynamic content and threats
• Deployments are outpacing security solutions
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
What are Risks of Web 2.0?
• Reputation systems know what used to be on a site – not what was just posted
• AV signatures are reactive – waiting until the damage is done
• Simplistic, non-granular policies can lead to over-blocking and frustration
Examples :
– Facebook = BAD, block all pages
– Wikipedia = GOOD, allow unrestricted access
9
•Many security systems rely on looking backwards
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Adobe AIR
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
iGoogle
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
iGoogle
• Hotmail• Yahoo
• Twitter• Chats• IM
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
iGoogle
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
iGoogle
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Web Security is Changing
• URL filtering has become commoditized• Many vendors adding filtering to core offerings – cheap or free
• Web 2.0 is game changing– Dynamic user-generated content creates
many new security risks– Need to prevent the bad content from coming in and the good content from going out
Web Filtering
Web Security
Valu
e
Time Today
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
New Security Requirements:Shift to a Data-Centric Focus• It’s all about the data
• Internal threats cost more than external
• Employee 2.0 meets Web 2.0• Internet as a business enabler
• Traditional security is ineffective• Guard infrastructure against inbound
attacks – not against outbound data loss
• Single communication channel, no collaboration to examine content and context in real-time
• Reactive, static, signature-based• Lack business context, don’t know
“who” and “what” goes “where” and “how”
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. • THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS
Questions to Consider
• Are you planning to use Web 2.0 technologies to support business initiatives? What are those business initiatives?
• What Web 2.0 projects do you have on your roadmap?– Mobile users, customer intimacy/extranets
• What are your concerns about Web 2.0?– Privacy, Information leaks, New threat vector
• What security measures are you using to effectively control usage of Web 2.0 technologies and websites?
• How will Web 2.0 impact your risk profile? Compliance programs?• Is blocking Web 2.0 hindering business opportunities?
Recommended