Hence, if a security flaw exists
in a hosted software service, how does that affect a company??™s information? Can a
competitor exploit that flaw and gain the information for its advantage? Now that all
types of data from different organizations are located in one place (the vendor??™s web
application and backend systems), does a security issue in the application mean game
over for all customers?
Another aspect of Web 2.0 are mash-up and plug-in pages. For example, many web
applications allow users to choose content from a variety of sources. An RSS feed may
come from one source and weather plug-in may come from another. While content is
being uploaded from a variety of sources, the content is hosted on yet another source,
such as a personalized Google home page or a customized CRM application with feeds
from different parts of the organization. These mash-up and plug-in pages give users
significant control over what they see. With this new RSS and plug-in environment, the
security model of the application gets more complex. Back in Web 1.0, a page such as
CNN.com would be ultimately responsible for the content and security of the site.
However, now with many RSS and plug-in feeds, how do Google and Microsoft protect
their users from malicious RSS feeds or hostile plug-ins? These questions make the
process of securing Web 2.
Pages:
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47