Secure Web Collaboration

Angus McDonaldTechnical DirectorElcom Technology

HINDSIGHTTHOSE WERE THE DROIDS YOU WERE

LOOKING FOR

Web 2.0 Apps = Security issues

Web 2.0 Apps = Collaboration

Collaboration examples

• Tender and deal making sites• Customer training• Customer service portals• Partner portals• Custom-built collaborative web apps

Business wants more collaboration

You could just say “Tough.”

But they’ll just use free web apps

And that isn’t safe!

Solutions?

Don’t hire net gen?

But grownups use Web 2.0 too!

Ban Facebook?

Tallest eruption EVER, on Jupiter’s moon Io

500 km

Best Strategy is to Mitigate the Risks

Offer business a secure platform

Maintain control over Web 2.0

Give them power with safety

Maintain accountability

Increase collaboration

What Does a Secure Web 2.0 Platform Need?

Secure authentication and authorisation

Business control

• Branding• Users• Content creation• Content permissions

IT control

• Internal users already known(e.g. Active Directory)

• Easy to run secure• Scalable architecture• Auditable

Appropriate licensing

• Does it suit your needs?– External vs Internal access

• Does cost vary with utility?• What is the expected ROI?

Collaborative tools

A Wordle from the Wikipedia page on Collaboration Platform

Flexibility and extensibility

So, Do YouBuild, Rent or Buy?

Build

• E.g. Java, .NET• Lots of control• Lots of work• Lots of risk• Greater cost

(even if you have developers)

Rent (SaaS)

• E.g. Salesforce.com, NetSuite• Less risk• Much less control• Costs spread out• Hostage to service provider

That sure looks like

Angus McDonald!

Buy

• E.g. Community Manager.NET, SharePoint Portal Server

• Greater control• Less risk• Less cost• Work on core benefits, not infrastructure

What about SharePoint?

SharePoint pros

• Good for internal use• Standard site structures• Microsoft Office 2003/2007 integration

SharePoint cons

• External access (licensing costs)• Branding• Content publishing• Search speed• Advanced features significantly increase

final cost

What aboutCommunity Manager.NET?

Highly brandable

External access does not change cost

It’s built to be secure

Is It Really Secure?

• Wine Selectors required PCI Compliance• Built to be secure (OWASP and PCI DSS)• Actively developed and improved• Simple to configure securely• Business user-proof• Built on .NET 3.5 and SQL Server 2005

Hugely useful features out of the box

Some of the highlights• Document management• Forums• Wikis• Blogs• Online training• RSS Reader and publishers• Developer framework and API

Great built-in search

Community Manager.NET is a secure platform

In summary

If you need Web 2.0 apps

• Be aware of the security risks• Choose a mitigation strategy• Decide to Build, Rent or Buy• Talk to Elcom Technology

Thank you!Angus McDonald

angusm@elcom.com.auhttp://falkayn.blogspot.com

Some photos from flickr.com and sxc.hu, used with permission.

Photo sourceshttp://flickr.com/photos/24973901@N04/2762458387/sizes/o/ http://flickr.com/photos/gee01/871748560/sizes/l/in/set-72157600952832235/http://flickr.com/photos/hryckowian/2376600916/sizes/l/http://www.flickr.com/photos/marcopako/2391747442/http://www.flickr.com/photos/lumaxart/2137737248/http://www.flickr.com/photos/dalbera/2738452057/http://sxc.hu (various)