by Jed Kantos

Created on: June 30, 2007   Last Updated: July 02, 2007

The buzzword that is on everyone's lips right now seems to be Web 2.0. There are a whole array of new services coming on-line that fall under the web 2.0 umbrella. I currently subscribe to many RSS feeds that are purely dedicated to unearthing new Web 2.0 sites and services, and additions are added daily to these lists. But how trustworthy are some of these services? I admit to being somewhat on the paranoid side, having spent most of my earlier life as a computer security professional, but some of the new Web 2.0 offerings are just plain scary to me, and perhaps should be to you as well. Take a step back with me and consider some of the options currently available, from an outside observer's perspective.

The first big thing that scares me half to death is the concept of an on-line service for outsourced Customer Relationship Management (CRM). There are many such new services being pitched at the Web 2.0 community. What are we doing here? Are we truly willing to release the confidential business data about our prime asset, our customers, to some geek who knows how to program in Ajax or Ruby on Rails, and who lives in a country that may be known for Internet scams? What could possibly draw someone to take such a risk with their confidential data?

Sure, one of the clear goals of Web 2.0 is to turn the Web into more of an application supporting operating system in its own right. Take the applications off the desktop and run them on the Internet. A great plan. As the workforce mobilizes more, having platform-independent and easily accessible applications available on the Internet is ideal. But are we sacrificing security for accessibility?

This goes beyond CRM, and extends into all business relations and all business forms and documents. There are Web 2.0 applications out there that provide the ability to generate on-line business documents. Take for instance Google Docs & Spreadsheets, ThinkFree Office Online, iRows, and gOffice, to name a few. Again, they take the applications off the desktop and onto the Web. But would you really trust such services with your confidential business data?

Let's take a look at another example. One of the biggest desktop applications of all time, and one that has always had competition from web-based alternatives. I'm talking about e-mail. But in a Web 2.0 environment, there are opportunities to not only run the e-mail client on-line, but also an enterprise e-mail server can be outsourced and run in an Ajax Web 2.0 environment! Would you really want your e-mail server to be run from outside your firewall? Is this good security practice? Doesn't "Internet Security 101" tell you to hide your servers behind your firewall?

The risks involved in Web 2.0 technologies do not only apply to the enterprise. We all, as consumers, end-users, are possibly giving out way too much information. Next time you fill out an on-line application form for a Web 2.0 on-line application, think on this: "Do the people who run this whiz-bang on-line application really need to know my personal home telephone number? Is it even really necessary to list my zip code?"

As I said at the outset, I admit to being somewhat on the paranoid side. I relish my privacy, both on-line and offline. I don't have FlyBuys or other loyalty cards because I know that they are just used for data warehousing, despite the perceived benefits to the card holder. I know that if anyone really wanted to trace me, and if they tried hard enough, they could still find out a lot about me anyway, but I choose not to make it too easy. Are you giving away sensitive information about yourself that could one-day be used to your detriment?

Learn more about this author, Jed Kantos.
Click here to send this author comments or questions.