Internet Security A Growing Concern, Survey Finds
VARs could benefit as large business users increasingly worry about inadequate web security solutions.
Channel partners providing web security solutions to large business customers should rejoice at the findings of a recent survey that discovered rising concern about Internet security. The survey findings suggest that VARs capable of helping business users adopt a more robust Web 2.0-based approach to security problems could build a lucrative business opportunity.
Fears that the Internet is an entry point for malware topped the list of user concerns, with the impact of the web and web security on network bandwidth coming in second and enforcement of web usage coming in third.
The web security survey involved large companies with an average of 1,000 employees. It was conducted by Osterman Research on behalf of PureWire, a web security SaaS vendor. The survey involved 139 respondents.
While many companies have established corporate policies against downloading certain types of files and have deployed systems that will block such downloads, these are not adequate solutions, the survey found.
The security problem is partly due to the outdated enterprise approach to web security and partly due to Web 2.0 technologies, said Paul Judge, chief technology officer at PureWire.
A surprising 76 percent of the respondents to the survey expressed concern over the web as an entry point for malware; 55 percent worried about the impact of the web and web security on network bandwidth; and 44 percent mentioned employee productivity losses from web surfing.
Remote Workforce Worries
The remote workforce is a source of worry with 49 percent of respondents concerned about enforcing web usage and web security policies for their remote workforce. Another 48 percent were concerned about properly supporting remote workers with various web applications.
Those fears about remote workers are well founded, as they often engage in risky behavior, a study sponsored by Cisco (Nasdaq: CSCO) found.
"The web and web applications pose a serious conundrum - the productivity gains, and cost savings from the use of these tools can be significant and will become more important given the pressures resulting from the current economic crisis, but these tools create enormous risk for organizations of any size," the survey concluded.
That conclusion has a point. Browser add-ons, or plug-ins, such as Adobe (Nasdaq: ADBE) Flash, are becoming a growth industry, and Microsoft (Nasdaq: MSFT) has said that these are becoming a favorite target for attackers.
Meanwhile, IBM (NYSE: IBM) is betting on the browser as an application platform, a move which will increase corporate exposure to the web. And the browsers themselves are not so safe, either. Mozilla and Microsoft both had to issue patches for their respective browsers earlier this month.
"Attackers have moved from e-mail to the web because the traditional approach to the web is outdated and new developments like Web 2.0 introduce challenges to web security," PureWire's Judge said.
Enterprises are trying to do something about the security threat from the web. The Osterman Research survey found that 79 percent of its respondents have established corporate policies against downloading certain types of files; 76 percent have deployed systems that selectively block downloads of certain file types; 69 percent of them use tools to block or monitor the use of web applications at the firewall' and 31 percent use a web security gateway to monitor the use of web applications.
In addition, 46 percent of respondents lock down employee desktops to prevent users from installing certain web applications and 39 percent do the same for employee desktops.
However, their attempts are not enough. Sixteen percent of the respondents said they were not completely successful in locking down employee desktops and 12 percent said they were not completely successful in locking down laptops against web threats.
The problem could be partly due to the outdated approach to controlling the web in the enterprise. "Most controls in the enterprise were put in place 10 years ago, when the main concern was controlling access to pornographic sites," PureWire's Judge said. "Today, it's a question of security. How do I prevent users from accessing malicious Web sites? And there's a gap there which attackers recognize and exploit."
The shift to web applications is another part of the problem. "Antivirus applications scan files and determine if the executables they contain are good or bad, but in Web 2.0 applications like Google spreadsheets, you're not downloading executables to the desktop, you're running them between the browser and the website so antivirus doesn't work," Judge said. "You need something that understands what the Website is trying to do to the browser."
Another issue lies in the nature of Web 2.0 technology itself, which encourages user-generated content. "Ten years ago, content providers were web sites and you'd establish online trust by giving them certificates from someone like VeriSign (Nasdaq: VRSN)," Judge said.
"In today's world, when it's millions of users generating the content, how do you know whether the content is legitimate? There's the absence of a trust model that can deal with this."
(This article was adapted from InternetNews.com.)
Security News Solutions