IT managers pressured to relax web security policy, says survey

IT managers pressured to relax web security policy, says survey

Tags:   Web Application and Web 2.0 Threats  web application security  Web Browser Security

By Robert Westervelt | May 21, 2009

Thumbnail: 

IT professionals are under pressure from upper level executives to open the floodgates to the latest Web-based platforms, relaxing Web security policy, according to a new survey of 1,300 IT managers.

The survey, conducted by independent research firm Dynamic Markets Ltd., was commissioned by Web, DLP and email security vendor Websense Inc. Dynamic Markets conducted interviews with IT managers in Australia, Canada, China, France, Germany, Hong Kong, India, Italy, the U.K. and the U.S.

Nearly all those surveyed said they allow access to some Web-based services, such as webmail, mashups and wikis. But more employees are turning to online collaboration platforms; some are turning to Google Apps, which are integrated with Google's Gmail platform, and others are turning to popular social networking sites, such as Twitter and Facebook. Some users are bypassing Web security policy to access the services, according to 47% of those surveyed.

Pressure to relax Web security policy is increasing as well. The survey found that 86% of IT managers reported feeling pressure to allow more access to social networking websites, online collaboration tools and other cloud-based technologies. The pressure is coming from multiple sources, including C-level executives, marketing departments and sales.

Despite the pressures, 80% are confident in their organizations Web security practices. However, the survey found many organizations lack Web application firewalls and other tools for defending against Web-based attacks.

Sixty-eight percent said they lacked the ability to conduct real-time analysis of Web content to prevent data leakage, nearly 60% lacked the ability to prevent URL redirects and more than half had no tools to detect embedded malicious code on trusted websites.

Web-based attacks have been on the rise, fueled by easy to use automated hacking tools that can be purchased by unsophisticated hackers on the black market. The latest malware exploits seize on website flaws, injecting malicious code into them to prey on visitors with vulnerable Web browsers and applications. The drive-by downloads were highlighted this week by the U.S. Computer Emergency Response Team (US-CERT). The organization said the drive-by attacks have been seen on legitimate websites and sometimes silently attack a victim's machine with malware that monitors network traffic and steals sensitive information.

Chenxi Wang, a principal analyst at Forrester Research Inc., said the use of cloud-based services often complicates data security and privacy. Wang considers any Web-based service that hosts data outside the company walls cloud-based.

The organization can lose visibility and control when the data resides on another network, she said. A recent Forrester survey found that 40% of the workforce is using some kind of external cloud services either with or without IT security consent.

"Companies often don't know when they move a particular functionality into the cloud, the impact on the internal security practices and privacy concerns," Wang said. "A lot of those Web 2.0 applications are cloud applications and it's just not really understood completely."

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Information security issues, strategies and spending in 2010
Could the 2010 World Cup be a nightmare waiting to happen for IT managers?
Top 10 tips for protecting sensitive data from malicious insiders
Today's top security priorities
Using Scapy to test Snort IDS

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS