| Mashups are hot. They were named a ‘Top 10 Technology for 2008’ by Gartner. They were spotlighted recently by the Wall Street Journal, BusinessWeek, McKinsey, IDC and The Economist. They were the topic of the opening panel discussion at the 2008 Web Services on Wall Street conference in New York. The security of Mashups is a topic of great interest, rendering some organizations unsure if the benefits of this technological innovation are worth the risk. I’d like to address this issue.
Mashups are composite applications that combine multiple data sources . Security considerations involve the who, what, and how of Mashups in the enterprise. This includes authentications, entitlements, permissions; vulnerabilities and malicious code entering the firewall; digital rights and use of subscription services; data leakage, and employee awareness. These risks exist in the enterprise already, so your Mashup strategy must employ your enterprise security framework. IT controls and governs Mashups in the enterprise – services to be mashed must meet corporate security and governance standards.
Any Enterprise 2.0 technology requires a sound implementation methodology. This includes looking at how your firm communicates, its culture, and its organizational network, as well as its regulatory obligations, infrastructure, and business requirements. Understanding these areas well helps guide risk mitigation and illustrates the areas that are likely to reap the biggest gains from Mashups.
You can leverage an implementation of Mashups as an opportunity to review your current state and ensure good operational hygiene. The recent fallout from Societe Generale focused our awareness (and that of the SEC) on the ability to maintain accurate entitlements. Many firms underwent a major fire drill to eliminate “toxic combinations.” Given the dynamic nature of organizations today, this should be an ongoing process. Why not use Mashups as an exercise to evaluate permissions and roles again for those services to be consumed? And to ensure that your security technology meets the complex challenges of Web applications? Mashup vendors are embracing standards and pluggable architectures which fit into your security framework. Whatever steps you take today that help you sleep at night can be applied to embrace Mashup technology. In other words, if technology leaders place a high priority on innovation and new ways of delivering services to the business, then their teams can find a way to make it happen.
|
