Thursday, 12 June 2008

Security in Enterprise 2.0: Building a case for Security 2.0

While reading up on the security concerns highlighted in this article from the NY Times, I could see many E2.0 evangelists shaking their head in despair. The recent attack on Google /Orkut's network that compromised close to 400,000 users within a few hours is going to scare people even more.

Web 2.0 and Enterprise 2.0 is all about 'opening up', sharing information, communicating and collaborating. While the latest breed of techies are seeped in blogs, wikis, chat programs, Google docs and social networking sites, traditional firms continue to rely on the good 'old' trusted means of 'securely' disseminating information via emails and file attachments. The idea of sharing company documents that may have client names, sales figures on websites (yeah, Wikis are glorified websites) appears appalling to the senior management. Security concerns are always brought up when someone talks of adopting an Enterprise 2.0 outlook and many cases, these concerns are justified.

My attempts to Google the term "Security 2.0" bought up an interesting post which talks about the author's attempt at Googling 'Security 2.0" in October 2006 and his thoughts on what security 2.0. I can tell you that on today's date, my Googling attempts did not give me much either. Around the same time, Symantec spoke about bringing out Security 2.0 products but to me, the vision looked a lot like anti-virus packages bundled up in a new name.So where are we with Security 2.0?

The secure Enterprise 2.o forum and the ongoing E2.0 conference are good starts towards fostering dialogues between the participants of E2.0. Currently security in an Enterprise 2.o setup is limited to policies and mainly role based authentication but unless some convincing protocols are not established with regards to securing information management in an E2.0 setup, Enterprise 2.0 will not attain its goals of 'open communication and collaboration'.

No comments: