Analysis: Browser Security
Posted by
Roger Beall
March 02, 2007
|
Default assumption: Browsers are insecure. If we had a dollar for every flaw we've seen exploited--repeatedly--that let malware overrun our networks, we might have enough to cover cleanup efforts. Last year, 51 exploits targeted poorly designed ActiveX controls alone, according to Symantec. That's up from just 15 in 2005. Yes, ActiveX is off in Internet Explorer 7 by default, but if your end users need Adobe Reader or Flash functionality, you're back in the line of fire.
And users want every scrap of functionality. Information workers have made Web browsers the workhorse for knowledge exchange. Gartner estimates that demand for software as a service will grow more than 20 percent every year through 2010, and in our own recent SOA/Web services reader poll, nearly 80 percent of respondents said their enterprises currently use Web services--yet fewer than half secure both internal- and external-facing services (for more on SaaS, see our cover story).
Can IT resolve this dichotomy?
As with liberty, the price of Web browser security is eternal vigilance ... and a risk-management strategy, and attention to advances in security capabilities, and end user education, and strong centralized management.
