IBM Cracks Web 2.0 Security Concerns With 'SMash'

Mar 13, 2008

IBM today announced new technology to secure "mashups," web applications that pull information from multiple sources, such as Web sites, enterprise databases or emails, to create one unified view. Mashups are attractive for business use, as they allow non-technical users to gain insight on complex situations in minutes, but as with all Web-based initiatives, security has been a concern.

IBM is helping businesses realize the value of these situational applications without all the risk, through a new technology created by IBM researchers, codenamed "SMash." Short for secure mashup, this technology allows information from different sources to talk to each other, but keeps them separate so malicious code cannot creep into enterprise systems.

In order to give consumer and business users the opportunity to take advantage of mashup technology, IBM is contributing the SMash technology to the OpenAjax Alliance (openajax.org/). The OpenAjax Alliance is an organization of vendors, open source projects and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. A founding member of the OpenAjax Alliance, IBM continues to work with the industry to create standards that will support innovation and wide-spread adoption of Web 2.0 technologies.

"Web 2.0 is fundamentally about empowering people, and has created a societal shift in the way we organize, access and use information," said Rod Smith, IBM Fellow & Vice President. "Security concerns can't be a complete inhibitor or clients lose out on the immense benefit mashups bring. The same way you wouldn't buy a car and then later decide to have the seatbelts or airbags installed, as an industry we've learned how to build security into business operations from the ground up instead of tacking it on after the fact."

In February, IBM's prominent X-Force Security Team released the findings of a report, detailing a disturbing rise in the sophistication of attacks by cyber criminals on Web browsers worldwide. According to the study, by attacking a computer user's browser, cyber criminals are able to steal their identity and control the computer without their knowledge. Additionally, when attackers invade an enterprise machine, they could steal sensitive company information or use the compromised machine to gain access to other corporate assets behind the firewall.

SMash addresses a key part of the browser mashup security issue by keeping code and data from each of the sources separated, while allowing controlled sharing of the data through a secure communication channel. Performance evaluations have shown that SMash can be used in common enterprise mashup applications. In fact, IBM plans to include SMash technology in select WebSphere products as well as its commercial mashup maker, Lotus Mashups, expected in the summer. IBM Lotus Mashups is IBM's first commercial mashup maker for business, and will allow non-technical users to create and share mashups in a secure way.

"Each new wave of technology presents new opportunities for the bad guys to poke holes in the integrity of your business," said Michael Pinette, board member for the Open Ajax Alliance and VP of Business Development at Zend Technologies. "The Open Ajax Alliance is thrilled IBM is donating its SMash technology to the industry to inspire innovation with less risk."

Future of Secure Web 2.0

To truly empower the Web community, which is an underlying tenet of this new phase of Web usage and application development, the community first has to be able to share a common access method to a given application. IBM recognizes that the ongoing development of standards-based technologies is a key to enabling more enterprises utilize Web 2.0 technologies.

Mashups provide us with a glimpse into the future of work and how business will be conducted in the 21st century. IBM is in the best position to help clients understand the challenges and opportunities that affect a globally-integrated enterprise. Global integration has become embedded in IBM's workforce, strategy, leadership and operations -- affecting how the company collaborates across time zones and cultures and locates its operations, functions and leadership anywhere in the world based on the right skills and business environment.

A detailed description of SMash will appear in the 17th International World Wide Web Conference, to be held in Bejing, China, in April 2008.

Source: IBM

Explore further: Technology to help people with disabilities to learn and communicate

add to favorites email to friend print save as pdf

Related Stories

Amazon Web business jumps 40 percent

Nov 13, 2014

Amazon Web Services, which sells computing services to companies over the Internet, grew more than 40 percent in revenue last year, the business' top executive told a Las Vegas conference Wednesday morning.

States ascend into the cloud

Oct 24, 2014

Seven years ago, the state of Delaware started moving computer servers out of closets and from under workers' desks to create a consolidated data center and a virtual computing climate.

Mobile revolution shakes up Silicon Valley

Oct 07, 2014

Smartphones, tablets and other gadgets aren't just changing the way we live and work. They are shaking up Silicon Valley's balance of power and splitting up businesses. Long-established companies such as ...

IBM Advances Web 2.0 Platform for Business

Jan 23, 2008

Today at Lotusphere, IBM unveiled a range of Web 2.0 and collaboration tools to enable enterprise mashups and social software, and help clients improve agility and speed decision-making for an increasingly virtual, global ...

Recommended for you

BPG image format judged awesome versus JPEG

Dec 17, 2014

If these three letters could talk, BPG, they would say something like "Farewell, JPEG." Better Portable Graphics (BPG) is a new image format based on HEVC and supported by browsers with a small Javascript ...

Atari's 'E.T.' game joins Smithsonian collection

Dec 15, 2014

One of the "E.T." Atari game cartridges unearthed this year from a heap of garbage buried deep in the New Mexico desert has been added to the video game history collection at the Smithsonian.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.