The explosion of consumer and Web 2.0 applications being utilized by end-users within businesses will cause a new paradigm for corporate information security, where blocking URLs and setting firewalls won\u2019t be nearly enough to control a company\u2019s intellectual property and data, according to a panel of chief information security officers (CISOs) and vendors today at the RSA Conference in San Francisco. Instead, they argued, companies will have to do a better job at tracking what types of applications their employees use, how they access them, and for what reasons. Patrick Heim, CISO of Kaiser Permanente, says he has also been reluctant to block too many applications at the health care organization because it risks stifling innovation and turning away younger employees. \u201cWe need to be very careful about how we implement controls,\u201d he says. \u201cWe need to recruit the next large generation to come and get work done. They [younger workers] have grown up with 50 different flavors of IM and many different apps.\u201d Due to the various workarounds and the adeptness with which many consumer apps on the web can find an open port in the firewall, blocking URLs has become a near exercise in futility, says Nir Zuk, founder and CTO, of Palo Alto Networks. \u201cYou can do as much as filtering as you want,\u201d he says. \u201cYou can\u2019t stop it. If you have a single port open on your firewall, anything can go to that port,\u201d he says. As an example, he noted that Google\u2019s IM service, Google Talk, can run in a web-based version on top of Gmail, rather than the user actually typing in a URL that a company could guard against if they didn\u2019t want an employee to use the service.