The rapid adoption of Web 2.0 applications has opened up the enterprise to new security threats that are not stopped by the widely deployed Web and messaging security solutions currently in place.

The “upgrade” from Web 1.0 to the new Web 2.0 world has been an evolutionary process, continually driving the Web to be more interactive, useful and interesting for consumers and the business community.

The evolution from Web 1.0 to Web 2.0 has been about improvements in the Web “experience”—from that of simply browsing static content and graphic images that display upon request, to an all-new highly interactive, programmable and much more useful Web.

The loss of sensitive information isn’t just a concern to large corporations. While there are a multitude of formal state, national, industry, and international regulations that apply to larger enterprises, all companies have information that would be damaging to their reputation and their bottom lines should it become public.

Organizations can do more over the Web today than ever before. As use of the Web continues to grow, virus outbreaks and other forms of Web-borne threats known as “malware” continue to grow as well.

Current security systems such as IDS, traditional firewall, or anti-virus, while providing vital security, were not designed to combat software code targeted at individual organizations or cleverly hidden inside seemingly harmless Web access protocols. While organizations need the Web, they need to be protected from it as well.

Web encryption is indispensable for today’s businesses, but organizations with an open port 443 (HTTPS tunnel) on their firewall are left with a major security hole wide open in their network. Traditional firewalls and gateway anti-virus solutions are unable to scan encrypted traffic, and therefore can provide no control over what content is sent in and out of organizations’ networks via HTTPS.

This presents risks to organizations that may not realize they cannot rely on their HTTP filters to protect HTTPS encrypted traffic. Risk also exists with regulatory compliance. Can an organization be compliant if they allow open SSL tunnels which could contain the very confidential information the regulations seek to control?

This white paper examines the potential legal, security, and human resource problems associated with employee Internet access. Also examined are various approaches to the potential problems associated with employee Internet access including Internet use policies, filtering software, and monitoring software.

Securing web access is no longer just about limiting an organisation’s legal exposure or maintaining user productivity.

With the growing threat from malware, spam and other criminal activity, the web has become a significant threat vector and must be secured to protect the rest of the organisation.

Traditional web filters that used to manage user activity are no longer effective against these new threats as they do not scan in real-time, leaving the user and the company exposed to unknown malware, zero-day threats and drive-by attacks.