I blogged a little earlier in the day about bad news from WhiteHat Security about threats opened up by new Web 2.0 technologies.
WhiteHat is not alone.
The press release describing Websense's ThreatSeeker Network, which was introduced this week, takes the position that the proliferation of highly interactive collaborative Web 2.0 and related applications overwhelms traditional signature-based antivirus techniques. Instead, ThreatSeeker relies on a grid computing and its "Internet HoneyGrid" to assess what actually is happening on the Internet. This information is relayed to customers' data and security products through the Websense Web.
Mashups, a family of Web 2.0 applications that is starting to permeate the enterprise, are particularly risky. This JackBe piece delineates four elements of mashups, all of which pose security challenges: Mashups are created by end users; potentially are shared with folks outside the firewall; are created from different sources, some of which may be outside the firewall; and use a variety of interface formats.
The blogger proposes three criteria for enforcing security. The three elements mostly deal with the way in which identities and authorization are handled across the various elements of the mashup. The explanations are a bit complex, but the basic idea is that a way must be built into to the system that enables control of access rights.