One of the key findings of the McAfee report is that security is the leading roadblock for many businesses when it comes to implementing Web 2.0 services and embracing social networking. Half of the respondents named security as their primary concern for Web 2.0. The top four perceived security threats from Web 2.0 tools and social networking are malicious software (35 percent), viruses (15 percent), overexposure of information (11 percent) and spyware (10 percent).
“Web 2.0 technologies are impacting all aspects of the way businesses work,” said George Kurtz, chief technology officer for McAfee. “As Web 2.0 technologies gain popularity, organizations are faced with a choice–they can allow them to propagate unchecked, they can block them, or they can embrace them and the benefits they provide while managing them in a secure way.”
Historically speaking, the third option that Kurtz suggests is the one that will ultimately win out. Allowing new technologies to spread through an organization without any policies or controls is often a recipe for disaster, and banning new technologies simply makes them “forbidden fruit” that users want even more, and that many circumvent the IT department and implement on a rogue basis anyway.
Each wave of new technology seems to be greeted with open arms by consumers, but cautious skepticism or outright disdain by IT admins. The conflict lies with the fact that those consumers have jobs–they are the users that IT admins support, and the executive management that IT admins answer to.
When it comes to technologies like instant messaging, or the invasion of the Apple iPhone, the tipping point seems to be finding the business value. As long as the technology is perceived as pure entertainment or distraction, it has no place in the office. But, once a valid business case can be made for how the new technology improves efficiency or productivity, it is embraced by IT.
The concern is about more than simple IT admin paranoia, though. Organizations fall under a diverse array of regulatory and industry mandates regarding how information is handled and how data must be protected. In order to meet compliance requirements, IT admins have to exercise some diligence to understand how information will be shared, and put controls and tools in place to monitor those resources and protect company data.
“Web 2.0 and social networking technologies can be used effectively for some business purposes,” said Eugene H. Spafford, founder and Executive Director of CERIAS. “But to reap the benefits of Web 2.0, organizations must be proactive about understanding and managing the corresponding challenges. That involves putting the right policies in place, and deploying the technology that can enforce those policies.”