Websense Execs Say Web 2.0 Creates New Security Challenges
April 11, 2008 1:17 PM ET
Whether threats are caused by a rampant botnet or by an employee working on a laptop in a coffee shop, ultimately, security will come down to one thing-protecting data.
Echoing the same few themes on data security reiterated throughout the RSA Conference, Websense CEO Gene Hodges and Websense Chief Technology Officer John McCormack both stressed that businesses need to prepare for data leakage via Web-based attacks during Thursday's keynote, held at San Francisco's Moscone Center.
"It's about the data, stupid," said Hodges, during a presentation to and audience of several thousand security professionals. "They all come back to attacks or use or abuse of data."
During his part of the speech, Hodges emphasized that part of the reason for the shift to data-centric security is the result of the changing sociological paradigm. The rapid evolution of Web 2.0 has caught many businesses off guard, he said, and unlike years past, legitimate Web sites can now be compromised.
"The content changed but it didn't change at warp speed," he said. "If you went to a popular site, you'd be fairly safe."
In addition, the workforce has changed. In what he termed as Employee 2.0, Hodges said that the work environment has become more flexible and more mobile while the perimeter has collapsed and access points to data and information have become increasingly unsecure.
"Work isn't a time and space and physical device anymore. It's whenever it catches you," said Hodges.
Couple a changing work environment with emerging Web threats and it's a logical progression that data is the target of choice for cyber criminals, Websense execs said. During the shared keynote, McCormack highlighted that of the top 100 Web sites, 45 percent rely on user content, and 60 percent of those sites have hosted malicious code in the last 90 days. Plus, more Web sites contain user generated content than ever before, further increasing risk of user infection.
"This is the kind of exposure that our customers will experience," said McCormack.
Consequently, Hodges said that businesses will need to ensure that they have well-established requirements for data security in an evolving Web environment. For one, businesses will need to invest in identity access management, which includes encryption of all sensitive information. They will also need to invest in comprehensive archiving and information assurance capabilities, to prove regulatory compliance.
But more than that, preventing data leakage will require businesses to take the initiative in what Hodges termed as "proactive discovery."
"Finding out that you leaked some data in the papers is just no way of discovering that you have valuable data inside your organization," said Hodge. "Proactive discovery seems to make sense. It's not easy, but it's what's required."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
