Comment
Article
Analysis – Avoid data leakage in a Web 2.0 world
Losing data such as intellectual property can
harm an organisation competitively and, if it can
be proven how the loss occurred and what party
benefited, can potentially lead to expensive
litigation.
Businesses face many regulations that force
them to improve their security and implement
safeguards. In a recent Quocirca survey 82 per
cent of 250 respondents cited data protection
laws as the most worrying regulation they face
more than twice as many as for any other.
Organisations are now taking great pains to
ensure the data on which they rely, including
personal data related to partners, customers and
employees, is secure. But, in many cases, they
are struggling to keep ahead of hackers who
have turned their attention from using fairly
simple methods, such as sending a virus as an
email attachment, to a more targeted approach.
One such method of attack is through the
software applications that run on computer
networks.
Software applications often contain millions of
lines of code, making it likely that some mistakes
will have been made in the writing of the code.
Such flaws can be targeted by hackers and new
types of attacks are emerging that look for
insecurely written code and hunt for
vulnerabilities in software applications.
However, while organisations are under pressure
to protect the information they generate, they
are increasingly making use of Web 2.0
applications that provide a much higher degree
of interaction and allow for dynamic content to
be produced on the fly, providing users with a
much richer experience than the static web
content of yesteryear.
To write Web 2.0 applications, a number of new
programming tools have been developed, using
dynamic user-friendly interfaces that allow a
higher degree of collaboration. However, in
© 2008 Quocirca Ltd http://www.quocirca.com
By Fran Howarth, Principal Analyst, Quocirca Ltd
focusing on the functionality that these
programming techniques enable, less attention
was paid to their security vulnerabilities.
A key problem is that through use of next-
generation programming languages, more of the
business logic, such as access controls and
session management logic, is exposed to users
and therefore to hackers.
Many Web 2.0 applications allow users greater
control over the content they generate and give
them the ability to publish content online. This is
something that organisations should be wary of,
since security issues can be raised by employees
giving away personal, or even company-related
information, through the use of such
applications.
The need to place controls on the use of
applications using new programming techniques
as well as to solve the productivity drain seen in
some organisations through the use of newer,
more socially oriented applications, such as
social networking sites and blogs is leading
many companies to try to block or limit their
use.
There are a number of technology tools that can
be used to do this effectively. However, a large
proportion of survey respondents are relying on
policies alone for blocking or restricting access
and policies are notoriously hard to enforce.
A better strategy is to deploy both technology
and policies and to ensure that employees are
aware of their obligations laid out in the policies
set. Organisations cannot afford to be
complacent.
Quocirca’s report Why Application Security is
Crucial is free to CRN readers and is due to be
published shortly at www.quocirca.com.
+44 118 948 3360
 Comment
Article

About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information
technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-
depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its
analyst team is made up of real-world practitioners with first hand experience of ITC delivery who
continuously research and track the industry and its real usage in the markets.

Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption – the
personal and political aspects of an organisation’s environment and the pressures of the need for
demonstrable business value in any implementation. This capability to uncover and report back on the
end-user perceptions in the market enables Quocirca to advise on the realities of technology adoption,
not the promises.

Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger
picture. ITC has the ability to transform businesses and the processes that drive them, but often fails to
do so. Quocirca’s mission is to help organisations improve their success rate in process enablement
through better levels of understanding and the adoption of the correct technologies at the correct time.

Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and
resellers of ITC products and services on emerging, evolving and maturing technologies. Over time,
Quocirca has built a picture of long term investment trends, providing invaluable information for the
whole of the ITC community.

Quocirca works with global and local providers of ITC products and services to help them deliver on the
promise that ITC holds for business. Quocirca’s clients include Oracle, Microsoft, IBM, Dell, T-Mobile,
Vodafone, EMC, Symantec and Cisco, along with other large and medium sized vendors, service
providers and more specialist firms.

Details of Quocirca’s work and the services it offers can be found at http://www.quocirca.com

© 2008 Quocirca Ltd http://www.quocirca.com +44 118 948 3360