Everywhere you turn, people are jumping on the Web 2.0 bandwagon. It's everywhere. There's an allure, a glitziness about it. It's changing the way people and institutions leverage technology to share and manage information — maybe as much as the broad adoption of the World Wide Web did initially, all those years ago. And let's face it — from the purely practical standpoints of information consumption and information management, it can make a lot of sense.
Nonetheless, there is pressure to adopt these technologies quickly for fear that, if you don't, you'll be left behind; kind of a professional peer-pressure for big people. And there may be truth in the fear. There might be an instinct to jump in too quickly, to act first and respond later, to not completely consider the implications. Those who make the early leap get a sneak peek, the inside scoop. I'll call them "rapid adopters." They hit all the speed bumps. All the bugginess is worked out because of them. But there's nothing new there. That happens with any new release of software, right? What is new is the rate at which the masses are adopting technologies that so clearly expose so much information to so many questionable sources. Sure they work, but at what cost to privacy and security?
Add a widget, get a vulnerability. Install an extension, suffer a compromise. Even posting to a forum can expose private information of an unsuspecting person to an audience well beyond the intended one. There is also a potentially massive threat that can easily fly under the radar. That is the huge array of widgets, gadgets, and add-ons which are so easily bolted on to software and applications. Browsers, operating systems, client applications, and web applications are all affording the convenience and flexibility of adding additional functionality in this way. And I haven't yet really touched on Web 2.0 yet. These just integrate Web 2.0 technology into client software. This is what really compounds the threat so vastly.
Who can really know how secure their information is when it's managed via "Web 2.0" technology? And oh, by the way, what exactly is Web 2.0? That's mostly a rhetorical question, since I find that common confusion over the moniker leads to an inherent trust in the development. But as long as I've posed it, I may as well take a stab at it: I'll define it loosely as Web-oriented technology that facilitates a move away from locally managed information, and a move toward remotely managed information. This inherently requires placing more trust in someone you don't know. You may have heard that systems on a Pentagon network were hacked not long ago. If it can happen there, you have to believe it can happen anywhere, and may just be a matter of time.
Take Google desktop for example. It allows a person to search for files on a computer from any other computer. Very convenient, huh? But would you stake your reputation and livelihood on the security of your private data, synchronized to a free service provided by Google? I hope not — it wasn't long after their introduction of the product that they conceded a security risk. In short, you better make sure that whatever you're storing and managing via Web 2.0 technologies could potentially be exposed without causing a problem. And this example could eventually illustrate the same point with GoogleDocs for documents, Gliffy for diagrams and drawings, Flikr for photos, De.Licio.us for bookmarks, Basecamp for collaborative project management, or a myriad of other combinations that require your trust in an external entity.
So should everyone run from Web 2.0, panicked and screaming? I certainly don't mean to suggest that these technologies should not be used. But, if you're a consumer of this technology, meaning you use it but you don't host it, I would encourage you to store only that information that does not contain information deemed to be secure in nature. Don't disclose architectural and security details on public forums (or public listservs for that matter) when getting support to troubleshoot issues. Use fewer add-ons, extensions, widgets, and gadgets, and download them from trusted sources only. Organizationally speaking, if you are expecting your peers or subordinates to utilize these technologies, be sure to consider all the privacy and security implications prior to making it the law of your land. Use centrally endorsed products whenever possible - a lot of testing goes into the selection process. This also goes a long way in facilitating interdepartmental compatibility and productivity.
Finally, if you are responsible for managing Web 2.0 infrastructure, and thus asking people to trust you, what are you doing to establish and communicate your trustworthiness? What are you doing to prove out the technology, or take full advantage of the privacy and security features therein? Consider linking to a statement that explains what kind of information is safe to be managed there, and even the steps you have taken to ensure the privacy of information. Above all, make sure that the technologies you choose for information management do not actually violate University policies or state and federal laws.
Finally, if you are responsible for managing Web 2.0 infrastructure, and thus asking people to trust you, what are you doing to establish and communicate your trustworthiness? What are you doing to prove out the technology, or take full advantage of the privacy and security features therein? Consider linking to a statement that explains what kind of information is safe to be managed there, and even the steps you have taken to ensure the privacy of information. Above all, make sure that the technologies you choose for information management do not actually violate University policies or state and federal laws.
Ready or not, the Web 2.0 train is leaving the station. All aboooaarrrrd!!! (…but be careful!)