March 13, 2008 00:01 ET
MADE IN IBM LABS: IBM Cracks Web 2.0 Security Concerns With "SMash"
IBM Contributes Secure Mashup Technology to OpenAjax Alliance
ARMONK, NY--(Marketwire - March 13, 2008) - IBM (NYSE: IBM) today announced new technology to secure "mashups," web applications
that pull information from multiple sources, such as Web sites, enterprise
databases or emails, to create one unified view. Mashups are attractive for
business use, as they allow non-technical users to gain insight on complex
situations in minutes, but as with all Web-based initiatives, security has
been a concern.
IBM is helping businesses realize the value of these situational
applications without all the risk, through a new technology created by IBM
researchers, codenamed "SMash." Short for secure mashup, this technology
allows information from different sources to talk to each other, but keeps
them separate so malicious code cannot creep into enterprise systems.
In order to give consumer and business users the opportunity to take
advantage of mashup technology, IBM is contributing the SMash technology to
the OpenAjax Alliance. The OpenAjax
Alliance is an organization of vendors, open source projects and companies
using Ajax that are dedicated to the successful adoption of open and
interoperable Ajax-based Web technologies. A founding member of the
OpenAjax Alliance, IBM continues to work with the industry to create
standards that will support innovation and wide-spread adoption of Web 2.0
"Web 2.0 is fundamentally about empowering people, and has created a
societal shift in the way we organize, access and use information," said
Rod Smith, IBM Fellow & Vice President. "Security concerns can't be a
complete inhibitor or clients lose out on the immense benefit mashups
bring. The same way you wouldn't buy a car and then later decide to have
the seatbelts or airbags installed, as an industry we've learned how to
build security into business operations from the ground up instead of
tacking it on after the fact."
In February, IBM's prominent X-Force Security Team
released the findings of a report, detailing a disturbing rise in the
sophistication of attacks by cyber criminals on Web browsers worldwide.
According to the study, by attacking a computer user's browser, cyber
criminals are able to steal their identity and control the computer without
their knowledge. Additionally, when attackers invade an enterprise machine,
they could steal sensitive company information or use the compromised
machine to gain access to other corporate assets behind the firewall.
SMash addresses a key part of the browser mashup security issue by keeping
code and data from each of the sources separated, while allowing controlled
sharing of the data through a secure communication channel. Performance
evaluations have shown that SMash can be used in common enterprise mashup
applications. In fact, IBM plans to include SMash technology in select
WebSphere products as well as its commercial mashup maker, Lotus
Mashups, expected in the summer. IBM Lotus Mashups is IBM's first
commercial mashup maker for business, and will allow non-technical users to
create and share mashups in a secure way.
"Each new wave of technology presents new opportunities for the bad guys to
poke holes in the integrity of your business," said Michael Pinette, board
member for the Open Ajax Alliance and VP of Business Development at Zend
Technologies. "The Open Ajax Alliance is thrilled IBM is donating its SMash
technology to the industry to inspire innovation with less risk."
Future of Secure Web 2.0
To truly empower the Web community, which is an underlying tenet of this
new phase of Web usage and application development, the community first has
to be able to share a common access method to a given application. IBM
recognizes that the ongoing development of standards-based technologies is
a key to enabling more enterprises utilize Web 2.0 technologies.
Mashups provide us with a glimpse into the future of work and how business
will be conducted in the 21st century. IBM is in the best position to help
clients understand the challenges and opportunities that affect a
globally-integrated enterprise. Global integration has become embedded in
IBM's workforce, strategy, leadership and operations -- affecting how the
company collaborates across time zones and cultures and locates its
operations, functions and leadership anywhere in the world based on the
right skills and business environment.
A detailed description of SMash will appear in the 17th International World Wide Web Conference, to
be held in Bejing, China, in April 2008.
For more information about IBM's Web 2.0 initiatives, please visit:
Click here to play
IBM's interactive game, "Combat Training for the Evolving Web Threat"