OBT Magazine

...... and brings plenty of bugs with it.

The trend has been a long time coming, but corporations are finally caving in and okaying the use of free or mostly-free social networking Web sites as in-the-office software applications. Facebook, LinkedIN, Twitter, Google Apps, etc. are becoming the everyday tools of the knowledge worker--elbowing aside stodgy programs like Microsoft Outlook and the like. Corporate IT managers have been forced to accept the inevitable and lower their guards. Unfortunately, though, allowing workers unfettered use of social networking and Web 2.0 sites is like leaving the back door open on a restaurant. A lot of bugs are coming in.

Here's the problem: Traditional firewalls are fairly good at filtering out ordinary Web threats, but they're not good at managing Web 2.0 stuff. Enter Palo Alto Networks. The three-year-old Silicon Valley startup has leapfrogged legacy firewall makers such as CheckPoint and Cisco with its next-generation firewall technology. It inspects digital traffic coming from the Web into a corporate network and not only understands what's in the data flow but also recognizes the applications associated with it. This level of penetration allows corporate tech managers to set policies that block certain risky Web 2.0 activities, such as Facebook Chat, and limit other activities to people in the organization who need to do them. For instance, programmers who use the BitTorrent program to download software code can be permitted to do so while other employees can be blocked from using the program. "This is about dealing with the negatives of companies opening up to social media," says Rene Bonvanie, who heads worldwide marketing at Palo Alto Networks.

Bonvanie knows all about the risks and rewards of social media. Until a couple of months ago, he headed marketing at Serena Software, where he helped lead a major shift in software strategy. Over the past couple of years, the company has dropped most of its traditional software and is using Facebook, Google Apps, and other Web services instead. When Serena began the switchover, there wasn't much in the way of malicious code in the social media world. That's not true anymore. A prime example is Koobface, which targets the users of Facebook, MySpace, Friendster, and Twitter. Another is the spam program being run by My Mafia Family, an online game, which gets its tentacles into people's Twitter accounts and the won't let got. At one point, the company had to close off all external file sharing via Google.

There are lots of Web 2.0 services that are vulnerable to being abused by Black Hat hackers and other unscrupulous operators. Palo Alto Networks does occasional studies of the aggregate traffic of its 600 corporate customers, and the survey done in September found 202 Web 2.0 services inside corporations, 70% of them capable of transferring files and 28% of them known to propagate malware.

As employees use more and more Web 2.0 stuff, the threats will get worse and worse. It just goes to show once again: Free software doesn't necessarily come without costs.