So you as an enterprise or a consumer have decided Web 2.0 is the best of the best. Just wait one minute. Concerns about security were prevalent throughout Web 1.0, right, oh wait, they still are in a Web 2.0 world. People are worried about the three tenants of security: Confidentiality, Integrity, and Availability. (Conveniently the acronym is CIA). Lets take each one of these in stride:
Confidentaility: From wikipedia "Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of Information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography."
This is great and all, but what about a cornerstone of Web 2.0 being the openness of data. Well have I got some great resources for you:
The rest security manager (link) First, the security policy is applied by a proxy, not be the security manager, which makes sense. Second, in order to integrate transparently into a web architecture, the security proxy MUST make its policy decisions solely on the basis of the REST verb (POST, PUT, DELETE, GET, etc.), the URI, and the user, e.g., as authenticated with HTTP.
Integrity: From wikipedia Data integrity is a term used in computer science and telecommunications that can mean ensuring data is "whole" or complete, that the condition in which data is identically maintained during any operation, (such as transfer, storage, and retrieval), that the preservation of data for its intended use, or, relative to specified operations, the a priori expectation of data quality. Put simply, data integrity is the assurance that data is consistent, correct, and accessible.
People have found attacks based on this principle to be very disconcerting. Enterprises and businesses today are not build on their business model, but rather, their data. Amazons customer list is a lot more important to them than the idea of E-Commerce. The product catalog has value along with the comments, ratings, etc... not a drop shipment. At all costs companies must protects their data in a Web 2.0 world. With enterprises we must validate and put audit trails behind the scenes of our Web 2.0 applications. Lets us not forget the mistakes we made with Web 2.0 when we come into the new world.
Checkout HDIV (link) - We can briefly define HDIV as a Java Web Application Security Framework. HDIV extends web applications’ behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and without adding any complexity to the application development. It is possible to use HDIV in applications that don’t use Struts 1.x, Struts 2.x, Spring MVC or JSTL, but in this case it is necessary to modify the application (JSP pages). It grants us confidentiality, integrity, and data validation.
Availability: From wikipedia "The degree to which a system, subsystem, or equipment is operable and in a committable state at the start of a mission, when the mission is called for at an unknown, i.e., a random, time. Simply put, availability is the proportion of time a system is in a functioning condition."
When we move to an on demand world, we are faced with forcing users to use online applications. However, if the applications are not available, we loose productivity. Skype lost 2 days of service and it was a "black eye" in their business. How can you be trusted, used, and seen as legitimate if you aren't on demand. People have a desire for what they want when they want it. The day you become unavailable is the day you become unnecessary.
For this NexaWeb has created the Internet Messaging Bus (link). This can easily be recreated through little effort by most java developers, but provides a great software architecture. The IMB provides Nexaweb-enabled applications with richly-featured communications capabilities which few development platforms offer. It provides a built-in communications layer, which transparently handles most aspects of client-server messaging. The features of the IMB make it possible for developers to build multi-tier applications without having to create protocols, encode and decode messages, understand network topology, or immerse themselves in the communications and networking intricacies which client/server programming have traditionally required. The IMB uses industry standard technologies, HTTP and HTTPS, for its communications protocols. Nexaweb has done a lot of work to ensure that messaging is bidirectional, that it passes through firewalls and proxy servers, and that it can tunnel through security mechanisms such as SSL. The IMB extends the request/response model familiar from HTTP requests sent and received by browsers, so that it is not just client to server, but anywhere to anywhere — client to server, server to client, even client to client.
Secondly, I would recommend checking out O'Reilly's great article on load balancing web applications.
I hope through this you have learned a few techniques to increase security in a Web 2.0 world through the mistakes that we have learned in a web 1.0 environment. It is critical that we learn from our mistakes and make sure that we bring this web into the enterprise with thorough understanding of how to protect ourselves.
As always, if you have any questions, let me know.
John
Showing posts with label internet. Show all posts
Showing posts with label internet. Show all posts
Wednesday, September 26, 2007
Sunday, September 23, 2007
Why Web 2.0 Startups Fail
So you are wondering, will my web 2.0 go bang or bust. Well after looking at many of the failures and successes over the years I have a couple of things you might want to keep in mind.
1. Does it take a platform dependent task online - Services like Mint, Google Docs, and Meebo have taken things that are platform dependent and put them online. One thing that I love about the AJAX world we live in is I can now do my personal finances, not in quicken, but in Mint. Sure it is still in its infancy for features, but it works! Google Docs no longer forces me to be using a computer with an office suite installed. I constantly switch amongst my many computers, so knowing if this laptop or that laptop has an office suite installed is no longer an issue. Oh yeah, it also means I don't have to keep emailing files to myself. Lastly, meebo, what a revolution. Who needs to go to oldversions.com to get a stripped down version of AIM. How about using the bloated trillian, no longer. I can now be on a machine, without an installed instant messaging client, and it is ok. Oh yeah, it even saves my chat history amongst all my different computers, across the internet.
2. Is it easy to adopt - One of the problems traditional software developers have run into is horrendous user interfaces. Functions are scattered, graphs are slow loading, and users get frustrated at weird error messages. Web 2.0 in the enterprise and personal space has brought about a great new world of easy to use (not necessarily accesible) web sites. Youtube is simple, no plugins, files searching, etc... It is data when you want it, where you want it, how you want it. The world has gone from one in which organization is king (remember renaming your files with date stamps) to one in which search is king. Who can really organize their 500+ emails a day. Just let your inbox go, let it grow, and learn to search. That called easy adoption, let me do less when I end up getting more.
3. Promotion is necessary - Sure, you have a great website, great code, and an awesome idea, but it can still fail. Promotion is very difficult. People get frustrated that on day 1 they don't have 100,000 users. This won't happen, it takes time. Remember, Google didn't grow in a day, they went through many phases of development. You have to stick it out and promote like there is no tomorrow. Put it in your signatures on forums, get people to write about it in blogs, put it into wikipedia, have an aboutus.org. Embrace web 2.0 by using the tools they provide if you want your web 2.0 to thrive.
4. Legal issues - I am no lawyer, but lets face it, there is a right and wrong when it comes to the web. We have learned from the greats of Napster that you must know the law before you tread. Patents are your friend and your worst enemy. Do youself a favor and do a search or two at Google Patents, this isn't the end all be all, but will give you a good idea. It is called market research. The last thing you want is to have the feds knocking. It might be a good idea to take an opencourseware session or two. Like Law for the Entrepreneur and Manager, it might just save you in the long run.
5. Too much too fast - People adopt things at different rates. Being ahead of your time is great and all, but who remembers the 3d worlds of 10 years ago. No one had hardware, the expertise wasn't there, and adoption didn't happen. Secondlife, however, has hit the world like fire. We are talking massive adoption and desire to be in the world. Companies are buying up land like people were buying houses 3 years ago. This is a great example of being the first to do it right. Secondlife made sure the product was in tune to modern hardware demands, societies willingness to be online, and their desire for more social interaction. I am not saying to not go for the next latest and greatest thing, just make sure it is what you want and that the world can keep up.
I hope that you have learned a thing or two on if your web 2.0 idea will be the next big thing. If I had all the answers I would be in TechCrunch's 40, but I feel like developing in a web 2.0 world for several years I have seen what works and what doesn't. The last thing you want is for your great idea to flop, when someone who put in an extra 30 minutes makes it big. My last piece of advice is ACT FACT!!!, most likely someone else has your idea or will very soon. The old adage still follows: The early bird gets the worm.
John
1. Does it take a platform dependent task online - Services like Mint, Google Docs, and Meebo have taken things that are platform dependent and put them online. One thing that I love about the AJAX world we live in is I can now do my personal finances, not in quicken, but in Mint. Sure it is still in its infancy for features, but it works! Google Docs no longer forces me to be using a computer with an office suite installed. I constantly switch amongst my many computers, so knowing if this laptop or that laptop has an office suite installed is no longer an issue. Oh yeah, it also means I don't have to keep emailing files to myself. Lastly, meebo, what a revolution. Who needs to go to oldversions.com to get a stripped down version of AIM. How about using the bloated trillian, no longer. I can now be on a machine, without an installed instant messaging client, and it is ok. Oh yeah, it even saves my chat history amongst all my different computers, across the internet.
2. Is it easy to adopt - One of the problems traditional software developers have run into is horrendous user interfaces. Functions are scattered, graphs are slow loading, and users get frustrated at weird error messages. Web 2.0 in the enterprise and personal space has brought about a great new world of easy to use (not necessarily accesible) web sites. Youtube is simple, no plugins, files searching, etc... It is data when you want it, where you want it, how you want it. The world has gone from one in which organization is king (remember renaming your files with date stamps) to one in which search is king. Who can really organize their 500+ emails a day. Just let your inbox go, let it grow, and learn to search. That called easy adoption, let me do less when I end up getting more.
3. Promotion is necessary - Sure, you have a great website, great code, and an awesome idea, but it can still fail. Promotion is very difficult. People get frustrated that on day 1 they don't have 100,000 users. This won't happen, it takes time. Remember, Google didn't grow in a day, they went through many phases of development. You have to stick it out and promote like there is no tomorrow. Put it in your signatures on forums, get people to write about it in blogs, put it into wikipedia, have an aboutus.org. Embrace web 2.0 by using the tools they provide if you want your web 2.0 to thrive.
4. Legal issues - I am no lawyer, but lets face it, there is a right and wrong when it comes to the web. We have learned from the greats of Napster that you must know the law before you tread. Patents are your friend and your worst enemy. Do youself a favor and do a search or two at Google Patents, this isn't the end all be all, but will give you a good idea. It is called market research. The last thing you want is to have the feds knocking. It might be a good idea to take an opencourseware session or two. Like Law for the Entrepreneur and Manager, it might just save you in the long run.
5. Too much too fast - People adopt things at different rates. Being ahead of your time is great and all, but who remembers the 3d worlds of 10 years ago. No one had hardware, the expertise wasn't there, and adoption didn't happen. Secondlife, however, has hit the world like fire. We are talking massive adoption and desire to be in the world. Companies are buying up land like people were buying houses 3 years ago. This is a great example of being the first to do it right. Secondlife made sure the product was in tune to modern hardware demands, societies willingness to be online, and their desire for more social interaction. I am not saying to not go for the next latest and greatest thing, just make sure it is what you want and that the world can keep up.
I hope that you have learned a thing or two on if your web 2.0 idea will be the next big thing. If I had all the answers I would be in TechCrunch's 40, but I feel like developing in a web 2.0 world for several years I have seen what works and what doesn't. The last thing you want is for your great idea to flop, when someone who put in an extra 30 minutes makes it big. My last piece of advice is ACT FACT!!!, most likely someone else has your idea or will very soon. The old adage still follows: The early bird gets the worm.
John
Subscribe to:
Posts (Atom)
