The CTO Roundtable of Washington DC (I am the President of this group) held its bi-monthly meeting on Friday. The topic "Web 2.0 security challenge" obviously hit a chord. We had record attendance.
Andre Yee discussed how the emergence of Web 2.0 and SAAS has completely bypassed the enterprise perimeter. The problem is real ... users are publishing (frequently by mistake) corporate information on the web and accessing corporate SAAS applications with no validation or control from the enterprise. There is a strong push to make corporations liable for the use of P2P networks by employees from within the enterprise.
A few interesting aspects Andre discussed included:
- encryption on the network, though very useful to hide information on the internet, is also making harder for enterprises to monitor for leakage of confidential corporate information.
- AJAX, widely used to deliver Rich User Experience, is very vulnerable to new threats
I think we will be hearing a lot about these threats in 2008.