Executive Summary - This paper is divided into two parts. The first part is summarized the content of seminar 2 about “Web 2.0 and the Enterprise”. The speaker: Mr. Lionel Louie is director of Fusion Middleware solutions for Oracle Greater China. The seminar is structured in a way that helps participants to understand the view of collaborative Web 2.0 technologies can enable enterprises to foster employees' critical thinking and creativity while providing a platform to capitalize on their innovations for product and process improvement.
The second part, findings and case analysis provides information to better understand threats of Web 2.0 and mitigate its impact to business. The threats of Web 2.0 are investigated and two cases are related to Web 2.0 are analyzed. The impacts to business are assessed to identify areas of security management requires great concern. Finally, measures are introduced to improve security management
Nowadays, dynamic and global business environment, enterprises face ever-increasing pressure to stay competitive and achieve sustainable growth through agility and innovation. The seminar is structured in a way that helps participants to focus on understand the view of collaborative Web 2.0 technologies can enable enterprises to foster employees' critical thinking and creativity while providing a platform to capitalize on their innovations for product and process improvement.
2. Seminar Summary
2.1 The changing of business environment
As rapid technological and social changes affecting an enterprise's environment, it leads the enterprise to consider how the information will support the business. Nowadays, the rapid progresses in the capabilities of the internet, its infrastructure are enabling the enterprises to create business value in new business model. For instance,
- Supply chain - robust networks of suppliers, retailer and customer to obtain updated information.
- Online retailers - offer seemingly infinite inventory. These “countless niches” are market opportunities for those who cast a wide net and de-emphasize the search for blockbusters.
2.2 Web Evolution
In the 1990s, the web 1.0 began as repository of information of content for personal or organizations. After a couple years, a lot amount of content was dynamic, returning results to users). Nowadays, Web 2.0 makes web-based applications feel like and run as smoothly as local application.
2.3 Main difference between web 1.0 and Web 2.0
The Web 1.0 is a Read-or-Write Web. For instance, authors write a webpage to share for readers. Once they published it online. The readers can watch a webpage and subjectively comprehend the meanings. But authors want to release their contact information in their web page; the link between authors and readers is generally disconnected on web 1.0. It seems that web 1.0 does not facilitate direct communication between web readers and authors when authors have not to disclose their private identities such as emails, phone numbers, or mailing addresses.
The Web 2.0 is a Read & Write Web. At Web 2.0, authors and readers can both read and write to a same web space. It allows establishing friendly social communication among web users without obligated disclosure of private identities. Therefore, it is very important to increase the participating interest of web users. Normal web readers then have a handy way of telling their viewpoints without the need of disclosing who they are. The link between web readers and authors becomes generally connected, though many of the specific connections are still anonymous. Those users can contribute their knowledge for sharing.
2.4 The best Web 2.0 Sites
The different organizations/enterprises have a use of Web 2.0 which include in social networking, start pages, social book marking, peer production news, social media sharing and online storage. The following sites can show that how Web 2.0 to motivate users to contribute their knowledge.
Flickr combines a social network with the user generated content. Users can work together to collaborate on photo projects. Flickr also has an API for web services to integrate photo collections with blogs.
Wikipedia is a free, multilingual, open content encyclopedia project operated by the non-profit Wikimedia Foundation. Also, Wikipedia's articles have been written collaboratively by volunteers around the world.
Blogger provide commentary or news on a particular subject; others function as more personal online diaries. A typical blog combines text, images, and links to other blogs, web pages, and other media related to its topic.
Chicagocrime.org was one of the original map mashups, combining crime data from the Chicago Police Department with Google Maps via api or web service. It offered a page and sent to user by RSS.
2.5 The Benefit of Web 2.0 for Enterprise
Above the mentioned functions of Web 2.0 are useful for development of interactive web site that can enable enterprise to create the collaboration with across departments or its branches. Also, other main benefits are as below:
- More effective enterprise application
- Foster efficient knowledge worker collaboration and overall employee satisfaction.
- Improve the navigation of internal and external information consumption and reuse.
- Web 2.0 communities for immediate feedback, shortening the product development time and targeting valuable marketing resources.
- Fuels business innovation
2.6 Driver of Web 2.0 in the Enterprise
In order to achieve competitive advantage, enterprises face problems in how to make business innovation. Oracle believes that Web 2.0 in enterprise can transform the way companies share information and work together. Furthermore, this next generation innovation of business is tap into the passion of every individual, pockets of knowledge in minds of key employees and harness collective intelligence across entire business ecosystem.
2.7 Setting a Web 2.0 strategy for the Enterprise
Web 2.0 needs to be a part of overall IT strategy for technology focused. Moreover, IT Manager uses it with IS strategy to deploy Web 2.0 through a comprehensive, integrated, open standards-based platform. Consequently, users can take a new approach to interaction.
3. Findings and analysis
3.1 Trend of Web 2.0
Mr. Lionel said that ‘the trend of Web 2.0 are increasing base on enterprises want to achieve competitive advantage'. Moreover, according to Forrester Research, ‘there will be strong demand for Web 2.0 tools in the enterprise in 2008. Even though 42% of enterprises say adding Web 2.0 tools is not on their agenda, according to a Q3 2007 survey, Forrester expects that half of those will change their mind and embrace Web 2.0 tools by year end. In the report - Top Enterprise Web 2.0 Predictions For 2008, analyst Oliver Young gives three reasons why he thinks 2008 is the year that IT departments will take their heads out of the sand and embrace Web 2.0 technologies.' (Josh Catone 2008)
3.2 Web 2.0 applications raise security issues
Mr. Lionel also said that ‘Web 2.0 involved AJAX, content tagging and web service technology.' However, this new technology brings new vulnerabilities.
According to Robert Hansen, ‘president of California-based security consultancy SecTheory, the use of programming languages such as Java and Ajax, as well as the JSON data interchange format, in Web 2.0-style apps has created another door from which nefarious elements can enter a company's back end and do irreparable damage.'
(Greg Enright 2007)
Moreover, According to web security firm Finjan's report that ‘sophisticated new threats that target Web 2.0 platforms and technologies and centers on the use of Web 2.0 and AJAX technologies for malicious activities.'
(Richard MacManus 2006)
3.3 Recent Incident
Case 1: MySpace superworm creator sentenced to probation, community service (Published: 1 Feb 2007)
Affected: Within 20 hours, the worm had spread to nearly 1 million MySpace accounts and slowed down the performance of network.
Threat type: Web 2.0 worm
Status: News Corp. was eventually forced to shutter MySpace in order to fix the problem.
Case 2: MySpace spreads worms and spyware (Published on 20 July 2006)
Affected: Users who have not yet installed this patch had spyware from the PurityScan/ClickSpring family installed on their computers, which bombards the user with pop-up ads and tracks their web usage.
Threat type: Web 2.0 worm
Description : ‘MySpace appears to be developing into a virus pool, which infects visitors just by calling up profiles and member pages - without any assistance from the user. According to Michael La Pilla, a malware analyst with the security business iDefense, over the last few weeks an online banner advertisement has attempted to infect visitors to MySpace.com with spyware. The attackers are clearly exploiting the vulnerability discovered early this year in the way Windows processes WMF images.'
Status: A patch from Microsoft has been available to fix this vulnerability.
3.4 Impact to business
Web 2.0 enables anyone to upload content in enterprises; these sites are easily susceptible to hackers wishing to upload malicious content. Once the malicious content has been uploaded in Web 2.0 sites, innocent visitors to these sites can also be infected, and the site owners could be potentially responsible for damages incurred. Moreover, enterprises face a significant security risk from slow-down network's performance and disclosure of intellectual property or business-critical information.
4. Dealing with Web 2.0 threats
Web 2.0 user-contributed content means that the content on countless URLs is constantly changing. Static web filtering solutions that rely on periodically updated URL databases and automatic to identify threats are simply not in a position to keep up with the dynamic content that characterizes Web 2.0 sites. In order to keep pace with the dynamic nature of Web 2.0 sites, it is imperative for a web security solution to scan and profile URLs in real-time each time a URL is requested.
In addition, keep updated anti-virus signatures and patch to protect web servers. Moreover, web servers will be fully scanned periodically.
4.2 Incident Response
Virus-scanning software at all critical entry points such as client desktop and web server. Moreover, ensure that vendor patches are promptly applied to interrelated applications, and the underlying operating system.
4.3 Management & Policy Controls
Establish policies for acceptable use of Web 2.0 and ensure that all users are aware of those policies and clearly understand the potential risks.
The evolution of the internet has had a profound effect on the way businesses and individuals work and communicate. While Web 2.0 and AJAX have greatly enhanced the user experience and added important business functionality, they also introduce opportunities for hackers to invisibly inject and propagate malicious code.
In the two cases, the characteristic of Web 2.0 can make the infection spread like wildfire. Also, signature based solutions were not designed to detect these types of dynamic malicious web scenarios; thus, they are not enough to provide protection against the modern hacking methods. Therefore, signature based solution (anti-virus) or URL filtering lab can put its hands on each and every piece of malicious code and create a signature is no longer valid in today's web scenario. On the contrary, management & policy control is very important to protect the threat of Web 2.0 in enterprises.
1. Greg Enright (2007), Web 2.0 applications raise security issues, [Online] available at: http://www.computerworld.com.au/index.php/id;1304740632;fp;16;fpid;1 [accessed 15 Feb 2008]
2. Heise Security (2006), MySpace spreads worms and spyware, [Online] available at: http://www.heise-online.co.uk/security/MySpace-spreads-worms-and-spyware--/news/75722 [accessed: 16 Feb 2008]
3. Josh Catone (2008), The Year Web 2.0 Hits the Enterprise, Says Forrester, [Online] available at: http://www.readwriteweb.com/archives/2008_web20_enterprise
_forrester.php [accessed: 16 Feb 2008]
4. Michael E. Whitman and Herbert J. Mattord (2004) Management of Information Security, Boston, Mass.; London: Thomson/Course Technology
5. Richard MacManus(2006), Web 2.0 Security Scares, [Online] available at: http://blogs.zdnet.com/web2explorer/?p=285 [accessed 14 Feb 2008]
6. SC Magazine (2007) MySpace superworm creator sentenced to probation, community service, [Online] available at: http://www.scmagazineus.com/MySpace -superworm-creator-sentenced-to-probation-community-service/article/34514/ [accessed 16 Feb 2008]
7. Tim O'Reilly (2005), What Is Web 2.0, [Online] available at: http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html [accessed 17 Feb 2008]