Question
IT Consumerization and Web 2.0 Security Challenges In recent years, the direction of investment in information technologies has shifted. The shift is in reaction to
IT Consumerization and Web 2.0 Security Challenges In recent years, the direction of investment in information technologies has shifted. The shift is in reaction to the fact that in 2004, independent consumers passed business and government in their consumption of digital electronics devices. More digital devices, such as notebooks, cell phones, and media players, are being designed for consumers rather than businesses. New and popular technologies are now being introduced into the workplace by employees rather than systems analysts. This is a trend that some refer to as IT consumerization. Unfortunately, consumer devices and systems are introducing a host of new systems vulnerabilities. A big concern regarding IT consumerization is the free flow of communications and data sharing. Todays Web 2.0 technologies make it all too easy for employees to share information that they shouldnt. A study in the United Kingdom revealed that three-quarters of U.K. businesses have banned the use of instant messaging services such as AIM, Windows Live Messenger, and Yahoo Messenger. The primary concern is the loss of sensitive business information. Even though the IM services could prove useful for business communications, most businesses are concerned about security rather than interested in innovative communication. Consider the Apple iPhone. Some businesses that have supported RIMs Blackberry smartphone are feeling pressure from their employees to support the iPhone as well. Systems security experts are hesitant to comply due to concerns over information privacy. For example, the iPhone 3G does not include data encryption native to the device. If the phone is lost or stolen, private corporate information is vulnerable. Systems analysts are stuck trying to serve both a demanding workforce and corporate security needs. CTO Gary Hodge at U.S. Bank is concerned about Web 2.0 applications. We always said outside the corporation was untrusted and inside the corporation was trusted territory. Web 2.0 has changed all that. Weve had to expose the internal workings of the corporation. Theres a whole rash of new devices coming out to enable people to compute when they want to, with the iPhones and smartphones. Hodge worries that smartphone manufacturers havent paid enough attention to security. CTOs and CIOs are feeling as though they are losing control of their systems and data. Dmitri Alperovitch, principal research scientist for Secure Computing, is also concerned about security and Web 2.0. The concern stems from the browser becoming a computing platform itself. Although businesses have learned to protect traditional operating systems, they have little power when the browser is acting like an operating system. Web 2.0 sites and social networking sites allow anyone to create applications and post files and content. This increases the risks of transmitting malware and revealing corporate secrets. Gary Dobbins, director of information security at the University of Notre Dame, has simple and effective advice for information security: Never trust the browser. In banking, minor lapses in security can have devastating results. Bank CIOs see Web 2.0 as expanding their security perimeter. Web 2.0 gives them a much larger area to watch. Because of this, many banks are taking a hard line. For example, U.S. Bank only allows employees to access business related content on their PCs. The bank restricts the use of any type of portable storage including USB drives and CDs. Every electronic transmission that leaves the bank is monitored. For Gary Hodge, investing in information security at U.S. Bank isnt a matter of ROI, but rather a survival necessity. We protect money. Its new for us to have to protect vast amounts of information, Hodge said. We spend millions of dollars on security but it doesnt generate any new revenue. I havent been able to show anybody a return on investment. It comes down to can we secure the organization at the right risk and the right cost. You cant spend all the money. You have to figure out what level of risk youre willing to tolerate. Discussion Questions 1. What are the differences in information security needs for a bank versus a retail store? 2. Why are IT consumerization and Web 2.0 challenging business information security? Critical Thinking Questions 1. Do you think that over time consumer devices may become as secure as banking systems? Why or why not? 2. Do you think the hard line taken by U.S. Bank in regards to information security policies is justified? Why or why not? Would you be willing to work in that environment
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started