YouTube, Blogspot security 'ineffective', claims Websense

Peter Dinham
Sunday, 31 May 2009 10:52

Business IT - Security

New research findings have revealed that Google’s YouTube and Blogspot community-driven security tools are 65 to 75 percent ineffective in protecting Web users from objectionable content and security risks, according to a claim by Web security vendor, Websense.

Websense claims it reviewed more than 60,000 YouTube pages and more than 250,000 blogs on Blogspot, by using an automated Web crawler to roam over YouTube looking for known adult keywords, as well as sampling known Blogspot domains to observe their status. The study also included a URL lookup in the Websense master database and analysis by “advanced Websense content inspection technologies.”

According to Websene’s senior director, advanced content research, Charles Renert, the findings of ineffective protection for users of YouTube and Blogspot, present legal liability and compliance risks and point to the need for secure Web gateways that feature unique abilities to manage and protect users from specific content on Web 2.0 sites.

Renert asserts that Web 2.0 sites that allow user-generated content are “hotbeds for emerging security threats” and inappropriate content that, he says, “violate many corporate policies.”

The March study by Websense, researched the effectiveness of community-driven, self-policing security tools used on sites like YouTube and Blogspot, and, according to Renert, the company’s security experts who analysed the results of the study, estimated that these tools successfully identify between only 25 percent and 35 percent of objectionable content , “leaving a gap in Web security protection for both individual users and businesses that allow their employees to visit and use these sites.”

Renert says that, despite the inherent risks, Web 2.0 technologies, with their ability to let users create and share content and collaborate with other employees, customers and partners, are powerful tools and most organisations are already allowing at least some access to these sites.
 
“Additionally, IT managers are feeling pressure from various business owners to open up access to these sites. In fact, in the recent Websense Web 2.0 @ Work global survey of IT managers , it was found that 94 percent of respondents currently allow access to some form of Web 2.0 and an overwhelming 86 percent responded that they feel pressure to allow more access.”

Renert says that, although Websense applaud the efforts of Google’s YouTube and Blogspot Web 2.0 communities to protect themselves through user-policing technologies, ”a significant amount of objectionable content is falling through the holes,” which, he claims, creates a “false sense of security on social networking Web properties, pointing to the growing need for organisations to adopt real-time Web security gateway technology in order to protect from malicious threats and inappropriate content, reduce risk and maintain compliance.”

Of course, as you’d expect from a Web security vendor, Renert claims that Websene’s secure Web gateway is the “only solution that categorises specific content on Web pages such as Google’s YouTube, Blogspot and "mash ups -- not just the Web pages themselves.”