IBM Aims to ‘SMash’ Web 2.0 Threats

IBM today announced a technology to secure enterprise mashups — the applications built from cobbling together data from multiple sources.

SMash — short for “Secure Mashup” — compartmentalizes the underlying code of the applications combined in a mashup. The partitioned code is then brought together through a secured channel.

Mashups are a part of IBM’s broader agenda of infusing business applications with Web 2.0 features to improve workplace collaboration, data accessibility and, ultimately, the business decisions that companies make.

“Web 2.0 is fundamentally about empowering people, and has created a societal shift in the way we organize, access and use information,” IBM Fellow and Vice President Rod Smith said in a statement.

“Security concerns can’t be a complete inhibitor or clients lose out on the immense benefit mashups bring,” he said.

In October, IBM first unveiled its Mashup Starter Kit, a suite of tools for non-technical workers to create mashup applications through an intuitive series of mouse clicks.

Using an enterprise mashup, companies could — for instance — pair real-time traffic or weather data with distribution schedules to ensure that shipping routes are not disrupted.

A recent study conducted by IBM’s X-Force Security Team highlighted the need for securing Web browsers, finding that they are becoming the entry point to sensitive data for increasingly sophisticated cyber criminals. Hacking a browser would enable crooks to access data behind the company’s firewall.

Clearly, if Web 2.0 is going to catch on in the enterprise as IBM is expecting it will, the fundamental security issues will need to be addressed. Chief among those is that in applications like mashups, the origins of the data are often unknown, and therefore unsecured.

IBM thinks it has that problem solved. The company said that it has put SMash through extensive testing, and that it will incorporate the technology in some of its WebSphere products.

The technology also will wind up in its forthcoming Lotus Mashups offering, scheduled for release in the summer.

IBM also plans to give the technology behind SMash to the OpenAjax Alliance, a group of businesses and developers working to create interoperable Ajax-based Web tools. Big Blue is a founding member of the two-year-old Alliance, along with Oracle, BEA, Zend and others.