Mcafee web20-balancingact


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mcafee web20-balancingact

  1. 1. Web 2.0A Complex Balancing ActThe First Global Study on Web 2.0Usage, Risks and Best Practices
  2. 2. Executive SummaryWeb 2.0: A Complex Balancing Act What are Web 2.0’s leading trends in business? Defined broadly as consumerThe First Global Study on Web 2.0 Usage, social media applications such as Facebook, Twitter and YouTube, andRisks and Best Practices specialized Enterprise 2.0 solutions, Web 2.0 has become a term surrounded by many debates: To adopt or not? How can organizations use Web 2.0 technologies? What are the business benefits? Will Web 2.0 use increase or decrease employee productivity? Is the security risk worth the benefits? In collaboration with experts in the fields of security of it; 25 percent monitor use; and 13 percent and social media, McAfee took a close look at these block all social media access. Social network sites questions. Commissioned by McAfee, Professors are regarded as the main security threat of all Mihaela Vorvoreanu and Lorraine Kisselburgh from social media tools. As a result, nearly half of the Purdue University and the Center for Education and organizations we surveyed block Facebook. Research in Information Assurance and Security (CERIAS) undertook extensive research with experts Organizations need to employ a variety of measures from around the globe. to ensure safe use of Web 2.0. Social media policies and technological protection are the two primary International research firm Vanson Bourne surveyed measures used today. Two thirds of organizations more than 1,000 organizational decision-makers worldwide have social media policies for in 17 countries worldwide, and combined with employees, and 71 percent of those use technology expert interviews, we developed an in-depth to enforce them. However, that leaves one third of study of emerging policies and practices into how organizations without a social media policy, and organizations balance the risks and benefits of almost half of the organizations lack a policy for using Web 2.0 technologies. Web 2.0 use on mobile devices. Our findings show high Web 2.0 adoption. Three To address these challenges, many organizations out of four organizations worldwide use Web have increased security protection since introducing 2.0 for a variety of business functions such as IT Web 2.0 applications. Seventy-nine percent (51 percent), marketing and sales (34 percent), increased firewall protection, 58 percent introduced customer relations (29 percent), advertising and greater levels of web filtering, and 53 percent public relations (28 percent) and human resources implemented greater web gateway protection. Two (22 percent). The main driver for Web 2.0 adoption out of five organizations are budgeting for Web is new revenue potential, according to two thirds of 2.0-specific security solutions. our respondents. Only 42 percent of those surveyed felt strongly about the importance of present Security experts strongly recommend a multi- Web 2.0 tools. While organizations acknowledge layer security approach that’s customized for Web revenue potential and business value in Web 2.0 2.0-specific challenges to mitigate adoption risks. technologies, leaders and decision makers debate Eugene Spafford, founder and Executive Director employee use of Web 2.0 in the workplace — of CERIAS at Purdue University, notes that “the either in the office or on the road. best protections are those that don’t get in the way of getting work finished, because users are not CONTENTS Security is the leading issue. Half of the tempted to circumvent those controls. As not all organizations say it is their primary concern for information needs to be protected in the same way, Executive Summary 3 Web 2.0 technologies. For another third, security and not all users are going to interact with Web 2.0 is the main reason they don’t use Web 2.0 more technologies in the same manner, defenses should Introduction 4 widely. Six out of 10 organizations suffered large be tailored to fit the circumstances of use.” Web 2.0 Adoption in Organizations 5 losses averaging $2 million each because of security incidents during the past year. Together, more than Executives and industry experts agree that Employee Use of Web 2.0 10 $1.1 billion was lost by these organizations due to successful organizational use of Web 2.0 is a security incidents. complex balancing act. It requires analyzing Balancing Act 18 challenges and opportunities while mitigating Conclusion 24 One of the main sources of security threats is risks, and combining policy, employee training and employee use of social media. Thirty-three percent technology solutions to ensure security. Appendices 26 of organizations worldwide restrict employee use Web 2.0: A Complex Balancing Act 3
  3. 3. “By 2014, social networking Energy use for spam (kWh/year) per email user services will replace e-mail as the Percent of email received that is spam primary vehicle for interpersonal communications for 20 percent of business users.” [Gartner (2010). “Predicts 2010: Social Software Is an Enterprise Reality.”] Introduction Web 2.0 Adoption in Organizations Web 2.0 — defined here broadly as consumer social media applications such Our survey shows high adoption of Web 2.0 in the enterprise. More than 75 as Facebook, Twitter and YouTube, and specialized Enterprise 2.0 solutions — percent of organizations reported using Web 2.0 solutions for many business has become a term surrounded by many debates: To adopt or not? How can functions. While adoption rates vary across countries, they were high overall, organizations use Web 2.0 technologies? What are the business benefits? and reached 90 percent or higher in Brazil, Spain and India. Web 2.0 adoption Will Web 2.0 use increase or decrease employee productivity? Is the security was lowest in the United States and the Commonwealth countries of the risk worth the benefits? United Kingdom, Australia, and Canada. McAfee, in collaboration with communication emerging technologies at infrastructure and Survey data confirmed market research group Web 2.0 Adoption Rates by Country media and IT security experts, and with the help employee levels. In balancing these challenges Gartner’s anticipated trend: “By 2014, social of international research firm Vanson Bourne, and opportunities, the report discusses measures networking services will replace e-mail as the Organizations who use Web 2.0 for business (%) investigated these questions. A survey of more organizations take to ensure safe use of Web 2.0. primary vehicle for interpersonal communications than 1,000 organizational decision makers The survey data and expert opinions corroborate for 20 percent of business users.” 100% from 17 countries, and in-depth interviews that while Web 2.0 has considerable value, using [Gartner (2010). “Predicts 2010: Social Software Is 80% with experts, paint a complex picture with Web 2.0 applications successfully is a balancing an Enterprise Reality.”] two main Web 2.0 issues: the opportunities act that requires a combination of technology, 60% provided to organizations that have adopted policy and education. Web 2.0 solutions are used for a variety of Web 2.0, and the challenges of embracing business purposes. About half of the organizations 40% surveyed employ Web 2.0 solutions for IT 20% functions, and roughly a third of organizations use them for marketing, sales or customer service. One 0% SNG India Spain Brazil Mexico Japan Canada Sweden UAE USA France Poland Germany Australia UK Italy Benelux in five organizations reported using Web 2.0 for public relations or human resources — especially recruitment. India leads in adoption of Web 2.0 for IT solutions, with about three out of four Indian organizations reporting such use.4 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 5
  4. 4. Crowd-sourcing is one of the ways that companies are leveragingWeb 2.0 to create new revenue streams. InnoCentive is an onlinecrowd-sourcing company where organizations as large as Eli Lilly,DuPont, Boeing, Procter&Gamble and NASA post research problemsin need of solutions. Scientists from all over the world, whether The survey data suggestsamateur, professional, or retired, choose problems to work onand post their solutions. Companies select a winning solution and that in 2010 Web 2.0pay the scientist a cash prize ranging from $5,000 to $1 million, solutions are not perceiveddepending on the problem’s complexity. InnoCentive enables as crucial to organizations.companies to solve difficult research problems at a much lower costthan their own R&D departments, and to have access to a diversityof solutions, ideas and expertise that is unlikely to occur within justone organization. New revenue streams emerged as the highest Frank Gruber, co-founder of TECH cocktail, The survey data suggests that in 2010 driver of Web 2.0 adoption. Three out of four discusses some of the ways that companies Web 2.0 solutions are not perceived as crucial Although Web 2.0 was not organizations that use Web 2.0 reported that are leveraging Web 2.0 technologies — and to organizations. This is not surprising, given considered extremely critical expanded use of Web 2.0 technologies could particularly the people participating in these that some of the technologies have not reached for many organizations in this create new revenue streams for their organizations. platforms — to facilitate production, marketing, maturation, and uses are still being explored. study, for one organization it is This is especially true in Brazil, India, the United and customer service: However, respondents see great potential for vital. charity: water is a nonprofit Arab Emirates and Mexico, where nine out of 10 Web 2.0 in the future, and the data suggests that organization that provides clean and organizations share this belief. Even 65 percent “For example, crowdsourcing has been used for this belief drives adoption. Stowe Boyd, analyst safe drinking water in the developing of organizations in the public sector that already design work, solving difficult problems and even and business strategist, claims the real benefits of world. It directs 100 percent of public use Web 2.0 see revenue potential from using to make product decisions. There are a number Web 2.0 become apparent when adoption rates donations to funding water projects. it. However, perceived importance of Web 2.0 of companies leveraging Web 2.0 technologies reach 90 percent. “The more people use social charity: water does nearly all of its solutions was tempered. Forty-two percent of for social media marketing campaigns and for tools, the more efficient the tools become,” fundraising online and has no budget respondents who reported using Web 2.0 solutions customer service. Ford has been leveraging social states Boyd. for marketing or advertising. charity: agreed they were important to business, but about media and outreach to connect with a newly water has raised more than $7.5 million the same percentage was neutral. invigorated Ford Fiesta. Zappos leverages Web 2.0 In addition to supporting communication and in its first two years of operation for customer service, because every employee collaboration among employees, organizations using mainly an online community has a Twitter account for customer support and recognize the value Web 2.0 technologies bring platform and social media. With the feedback. Intel works with bloggers to spread the to clients and customer relations. About 40 to power of social media alone, in 2009 word about their innovations.” 45 percent of organizations feel that Web 2.0 more than $250,000 was raised in a improves customer service, and 40 percent feel it single day when charity: water was Market pressure was not, overall, a big driver of enhances effective marketing. Three out of four the beneficiary of Twestival Global. Web 2.0 adoption. The exception is India and This resulted in more than 55 water organizations that use Brazil where 78 and 58 percent, respectively, wells in Uganda, Ethiopia and India, Web 2.0 reported that reported that customers and partners are and touched the lives of an estimated requesting organizations to engage in Web 2.0. “The more people expanded use of Web 2.0 17,000 people. “Web 2.0 is the heart of Perceived market pressure was higher in the technologies could create public sector, where almost half of organizations use social tools, the our operation and our primary source of revenue. We’re a Web 2.0 charity,” new revenue streams for feel it, as opposed to only a third in the private more efficient the says charity:water director of digital their organizations. sector. In the largest organizations, the pressure tools become.” engagement, Paull Young. charity:water to engage in Web 2.0 offerings was highest. is a convincing example of the impact Almost half of large organizations reported social media can have on ROI. partner or customer demand, compared to only a third of small organizations.6 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 7
  5. 5. McAfee CTO and vice president, Raj Samani, believes that more What accounts for Brazil’s high Web 2.0companies should be concerned about security. He explains that adoption rate? Brazilian IT consultant andthe security landscape has changed. Whereas 10 to 15 years ICANN member, Vanda Scartezini, explainsago data infiltration was the biggest concern, these days data that Brazilians tend to love novelty and areexfiltration, good data going out, is the primary challenge. In an quick to adopt new technologies. At theeconomy where information is the lifeblood of an organization, same time, Brazil is seeing “huge infectionpreserving the confidentiality, integrity and availability of problems” originating from social media.information is vital. Virus and malware protection is still important, Scartezini recommends that organizationsbut data loss prevention is fast becoming an indispensable use more than one security softwarecomponent of an organization’s technology protection. applications to protect assets. If Web 2.0 is useful for business functions, what Large organizations paid even steeper costs for Virus and malware infections are the most is preventing organizations from using it more? security breaches because of Web 2.0 usage. The common types of security incidents. A third of Security is the leading concern for Web 2.0 average loss for a large organization was $4.5 organizations experienced virus infections and technologies. Half of the respondents name security million, with an average reported loss around $10 almost a quarter experienced malware infections risks as their primary concern with Web 2.0, while million in Japan and Singapore, and more than the previous year. In spite of concerns about data a third identify fear of security issues as the main $8.5 million in Canada. Large organizations in the exfiltration, very few organizations (less than More than $1.1 billion was lost reason Web 2.0 applications are not used more United States have managed their security risks one in 10) reported experiencing data leaks or by organizations surveyed due widely in their business. Trepidation about security better, and reported a relatively lower average loss information overexposure. Security experts found to security incidents caused by is higher than average in India and Brazil, two of $1.7 million. this percentage to be lower than expected, and Web 2.0 technologies. countries with the highest Web 2.0 adoption rates. explain that respondents might be aware of or Large organizations are twice as likely as small Organizations in countries with high Web 2.0 report only the more serious incidents. Pamela organizations to avoid using Web 2.0 because of adoption such as Brazil, India and Mexico were Warren, McAfee cybercrime strategist, stated, security fears. With more employees and more most likely to have experienced security incidents “more data leaks might have happened, but they complex infrastructures to protect, it is no surprise and to report large losses. The average amount are outside organizations’ awareness.” that large organizations perceive higher risks. At lost by Brazilian organizations was $2.5 million. the same time, large organizations report the Japan reported the highest average loss per Beyond security, other factors that account Primary concern about Web 2.0 Concern about Web 2.0 highest benefit from using Web 2.0 tools such as organization at $3 million. Organizations in the for limited use of Web 2.0 in organizations collaborative platforms. United States lost, on average, more than $1.5 include lack of demand and lack of applicability, million due to security breaches. reported by 18 percent of respondents. Lack 9% Fears and concerns about security are well of productivity and legal risks also emerged as founded. Six out of 10 organizations experienced Web 2.0 concerns. However, these reasons lag 15% some sort of security incident the previous year Six out of 10 organizations far behind security fears. Security 49% Productivity because of Web 2.0 technologies — virus and experienced some sort of security Legal risks Despite high adoption rates and strong business malware infections were the most common. incident the previous year because of Reputation The financial loss associated with these security benefits, concern over security remains the 27% Web 2.0 technologies — virus leading factor holding organizations back incidents was high. On average, organizations lost almost $2 million the previous year because of and malware infections were the from exploring the full potential of Web 2.0 security incidents. most common. applications. The cost and risk of security incidents are very high. A large proportion of security fears are related to employee use of social media, both for work and personal purposes.8 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 9
  6. 6. Employee Use of Web 2.0 While Web 2.0 tools were most likely to be considered useful for improving communication, exact same thing happened with e-mail, the exact same thing happened with instant messaging, and survey respondents also reported other benefits: now with social media, especially the stuff that has While organizations see revenue potential and business value in Web 2.0 enhanced customer service, increased productivity, social networks in it, they are saying exactly the technologies, decision makers continue to debate whether or not to allow as well as marketing and branding. For example, same stuff. ‘We’ve got to manage this because half of respondents reported that use of they’re going to be sitting there talking about employee usage of Web 2.0 in the workplace — either in the office or on the road. collaborative platforms improves productivity. fantasy football.’” Forty-two percent of respondents said social network sites enhance customer service. Some organizations emphasize education, Many organizations that do not restrict employee guidelines and usage policies that provide usage report positive results from social media Organizational leaders differed, however, on parameters for appropriate and allowable use of tools including enhanced communication whether they felt Web 2.0 increased employee Mobile social media access can be life saving during large- Web 2.0 technologies for work. In other cases, and increased employee productivity. Most productivity. Only 40 percent of organizations scale natural disaster emergencies, and played a major role in organizations are responding to rising employee organizations rated webmail and collaborative agreed that Web 2.0 tools enhance productivity. relief and recovery efforts during the 2010 Haiti earthquake. and customer demand for making Web 2.0 platforms as the most useful applications. Only However, organizations are more likely to Twitter and Facebook were critical to communicating technologies available, and are less concerned a quarter of organizations rated social network indicate that collaborative platform and information about relief efforts. Shortly following the about employee productivity or security threats. sites and streaming media sites such as YouTube content sharing applications are more useful earthquake, the U.S. State Department began posting assistance as useful. for productivity than streaming media and information on its Facebook page. But many organizational leaders are highly social networking tools. The social nature of concerned with potential threats from Web 2.0 these tools may factor into the reluctance of Agencies, such as the American Red Cross, and citizens used Twitter technologies. They worry about security, data Perceptions of Web 2.0 Utility for Employee Use organizational leaders to embrace adoption, as to provide minute-by-minute status changes on the ground, and integrity, employee productivity, along with the well as their relative novelty in the organization. to mediate communication with those outside the disaster zone reputational, financial, legal and technological RATED USEFUL BY PROVIDED BY WEB 2.0 TOOL ORGANIZATIONS ORGANIZATIONS to assist in relief efforts. Volunteers used mobile GPS and camera- consequences that can occur as a result of Analyst and business strategist, Stowe Boyd, enabled phones to gather photographic and geographic data Web 2.0 usage. WEBMAIL 48% 90% discusses the historical resistance to emerging about roads, buildings and people. The information was posted to a COLLABORATIVE PLATFORMS technologies in organizations. “When American collective Google Maps mashup that allowed emergency personnel In spite of these concerns, 29 percent of 42% 82% businesses after WWII started to think about rolling to locate open roads for relief transportation, and identify “last- organizations do not have policies regarding CONTENT SHARING APPLICATIONS 40% 86% out telephones on everyone’s desks, the biggest seen” locations of individuals seeking family. Building a social media employee usage of Web 2.0 in the office, and STREAMING MEDIA SITES objection that was raised by the senior managers, following during quiet times ensures your message gets across fewer still have policies in private sector and 28% 82% who already had telephones, was that everyone quickly and credibly during a crisis, even if conventional lines of small organizations. Seventy-five percent of SOCIAL NETWORK SITES 25% 77% was going to use these phones for personal use. communication are down. organizations without policies indicate they trust They were going to call mom; they were going to their employees to use tools appropriately, or do gossip. They weren’t going to use them primarily to relief.aspx not consider social media a threat. do business. But [most of the] time, business people use telephones to conduct business because it’s an floods.php efficient, and direct and obvious way to do it. The GE has used internal Web 2.0 collaboration tools for many years now. As a large multinational corporation with a workforce scattered all around the world, GE needed onlineSeventy-five percent of collaboration and social tools. By now, “people have gottenorganizations without so used to them that they’ve come to depend on them,” says Only 40 percent of GE systems engineer Anthony Maiello. GE is going beyondpolicies indicate they your out-of-the box internal social networking solution: organizations agreedtrust their employees to “Those are great for communication, but they do not meet that Web 2.0 toolsuse tools appropriately, our specialized design needs,” explains Maiello. GE is building enhance productivity. sophisticated collaboration tools that enable engineersor do not consider social to collaborate remotely and create complex technicalmedia a threat. designs. “Because new products are being created on this platform, security is a paramount concern. We do not want external parties attacking our network and getting to this information,” says Maiello.10 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 11
  7. 7. Jonathan Grudin of Microsoft Research, who studies computer-supported cooperative work, notes that concerns about emerging General Motors, a major U.S. automobile manufacturer,technologies encroaching on employee productivity are not new. It took empowers employees to promote their latest car models.many organizations about 15 years before accepting e-mail technologies Employees can borrow cars overnight or for the weekendbecause “they had the same concerns about confidentiality and and allow friends and relatives to drive them, as long asproductivity. There were leading industry analysts and organizational an employee is a passenger. Employees can share theirbehavioral theoreticians who claimed in the 1990s that e-mail was experience with the car online. “Maybe they’ll go ontoactually a productivity killer. However, when reliable attachment features Facebook and tell their friends, ‘you know, I just drovewere added to e-mail systems, allowing documents, spreadsheets the new Camaro and man, it’s just an awesome car!’”and slide decks to be e-mailed, “managers saw the value, and then says Holtz, who is not affiliated with GM. This programit became mission critical.” Similarly, Grudin adds, a decade ago, capitalizes on employees’ peer groups and social networks“company executives warned against IM use in the company, claiming to enhance marketing and potentially increase sales.again that it was a productivity killer, and it too is now seen as mission in many organizations. So there is a history of organizations news/2010/plant_city_tour_030110.jspraising concerns about informal modes of communication.”In fact, an increasingly mobile workforce has made Today’s workforce is likely to have access to While IT security experts favor blocking socialinformation and communicative technologies information and communication tools at home as media if it is not applicable to an employee’sessential to communication as well as productivity well as in the workplace. Ubiquitous connectivity job, industry analysts feel strongly otherwise. While IT security experts favor blockingin organizations. Disaster and crisis situations is becoming an expectation of the 21st century, Enterprise 2.0 consultant and writer Dion social media if it is not applicable to anprovide a compelling argument for employee use whether using consumer-owned or organizationally- Hinchcliffe thinks blocking social media is “short employee’s job, industry analysts feelof social media — mobile technologies facilitate provided devices. This poses an additional challenge sighted.” Consultant and writer Shel Holtz feels strongly otherwise.communication when traditional infrastructures to IT security. Indeed, more than half of organizations Eighty-one percent blocking access is “the laziest way to approachfail. When the U.S. Naval base in Millington, Tenn., do not allow employees to use their own software the problem,” and argues that companies of organizationsflooded in 2010, 300 residents were displaced and or hardware in the workplace, and in Canada and should “tease value out of their employees’their mobile phones were their only connection to the United Kingdom 70 percent of organizations indicated that social graph.” Holtz states that employees’ socialthe world. The U.S. Navy used Facebook to keep restrict external hardware or software. We expect they restrict the connections, which they create and maintain While blocking access to social media provides better security, these analysts agree that it isresidents informed and help them get safely to to see this trend decreasing in the near future, as a use of at least through social media, are a great resource that neither feasible nor sustainable in the face ofrestored buildings. growing number of employees from the Millennial organizations should capitalize on. Instead of one Web 2.0 tool emerging use in the 21st century. Instead, we’re Generation enter the workforce and demand blocking social media, Holtz believes organizationsWhile certain organizations embrace Web 2.0 ubiquitous connectivity and more open policies because they are should have safe systems in place for using living in a future were organizations must planusage by employees, the majority of organizations toward consumer devices and social media. concerned about Web 2.0. Employees can use social media and design environments with less control oftrend differently: eighty-one percent of employee activities. JP Rangaswami, CIO and security. not only for marketing, but also for getting Chief Scientist of British Telecom, recommendedorganizations indicated that they restrict the use At the most extreme, 13 percent of organizations quick feedback, testing ideas and helping withof at least one Web 2.0 tool because they are block social media access at the infrastructure level. recruitment. “I guarantee you your engineers in a recent keynote presentation to the E2.0 2010concerned about security. Organizations in the Blocking usage is more prevalent in the public sector know who the next best engineering hire is, conference: “The organization has to design forUnited Kingdom, Germany, Canada, Sweden and and in larger organizations, where it was reported by because they network with other engineers and a loss of control.” Charlene Li, industry analystSingapore are less likely than other countries to 20 percent of organizations. they know who has the right set of skills and and CEO of Altimeter Group, notes that “therestrict use of particular tools. Larger organizations knowledge and background, and who brings the sense of control you have to give up is significant,are more likely to place restrictions on social media right experience to the job and who would be a and executives in particular are not going to Patterns of Blocking Social Mediausage than the smallest organizations (87 percent good cultural fit in the organization,” says Holtz. invest in something unless they know it’s goingversus 67 percent, respectively). to add particular value to the company.” The 100% 90% value of Web 2.0 technologies, Li points out,Organizations restrict social media usage through 80% comes in focusing upon the relationships thatpolicy, technology and controlling use of user- 70% No policy can be formed, not the technology. “It’s not soowned devices. More than half of organizations 60% Monitor use “The organization has to much about being on Twitter as the purpose and 50%do not allow employees to use their own software Control/restrict the reason, and the connections you can form 40% design for a loss of control.”or hardware in the workplace, and 25 percent 30% Block access with people. It is about the human aspect ofof organizations restrict social media usage to 20% technologies, and this is nowhere more importantspecifically authorized individuals. 10% than in using social technologies.” 0% Small Medium Large (<100) (100-1000) (>1000) Organization size (number of employees)12 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 13
  8. 8. The primary concern that organizations have Some security concerns are specific to about employee usage of Web 2.0 technologies Web 2.0 tools used by employees. For example, is security. This concern is a specific obstacle technologies that are perceived to facilitate work to adoption and integration of social media in productivity, such as webmail, collaborative Facebook is banned by nearly organizations. The top four perceived threats platforms and content sharing applications, are half of the organizations, from employee use of Web 2.0 are malicious less likely to raise concern than the mainstream software (35 percent), viruses (15 percent), social media tools such as Facebook, LinkedIn, especially mid — to overexposure of information (11 percent) and YouTube and Twitter, which are not allowed by large-sized ones. spyware (10 percent). 40 to 50 percent of organizations. There are regional differences, as well, in which tools are Top Perceived Security Threat from Employee considered useful for employees. Organizations Web 2.0 Usage in Brazil and Singapore, where overall adoption Social network sites are is high, are much more likely to rate webmail perceived as the riskiest of TOP PERCEIVED SECURITY THREAT FROM useful than organizations in the United all Web 2.0 tools from a EMPLOYEE WEB 2.0 USAGE Kingdom. However, the United Kingdom reports security standpoint. MALWARE INTRODUCTION 35% higher adoption of collaborative platforms and content sharing tools. Adoption of streaming VIRUS INTRODUCTION 15% media and social network sites is fairly consistent INFORMATION OVEREXPOSURE 11% across all countries. SPYWARE INCREASE 10% Industry analyst Charlene Li notes that SPAM VOLUME INCREASE differences in social media usage by country 6% are less about cultural differences than EXPOSED ENTRY POINTS 6% about differences in access and social media DATA LEAKS penetration rates. Li says that because of high 7% penetration rates, “South Korea and Brazil BOTNET INTRODUCTION 5% are more likely to be producing content, while SPAM USE INCREASE other countries like the U.S. lean more towards 4% content sharing.” Web 2.0 Applications Adoption by Country 80% 70% 60% 50% Webmail 40% Content sharing Collaborative platforms 30% Streaming media Social network sites 20% 10% Italy SNG Japan Australia UAE Canada Spain Brazil Sweden Benelux UK USA France Mexico India Germany Poland Webmail “If it’s popular, it’s going to be popular with Content sharing Collaborative platforms the bad guys, not just the good guys.” Streaming media Social network sites 14 Web 2.0: A Complex Balancing Act Italy SNG Japan ustralia UAE anada Spain Brazil weden enelux UK USA France Mexico India rmanyPoland
  9. 9. Close to half of the leaders surveyed felt that One in fouremployees are most prone to using social media respondents didinappropriately by accident, perhaps due to lack not have concernsof awareness, or when they are dissatisfied with about employeescompensation or management. using social media inappropriately. Social network sites are more likely to be linked In some cases, organizations are concerned about There are both real and perceived consequences of to security issues than other technologies. Among situations that might give rise to employees inappropriate Web 2.0 and social media use: Legal risks are a major concern for respondents who have experienced security inappropriately using social media. Close to half highly regulated industries such as incidences in their organizations, half suspected of the leaders surveyed felt that employees are • The financial consequence for security incidents healthcare or financial services. One social network sites as the cause, and 44 percent most prone to using social media inappropriately (including downtime, information and revenue hospital system, however, found a way to suspected webmail. In contrast, only 20 to 25 by accident, perhaps due to lack of awareness, loss) is an estimated average of $2 million for use social media successfully while staying percent of organizations suggested content sharing or when they are dissatisfied with compensation all Web 2.0 technologies. within the limits of the Health Insurance and collaborative platform tools as the cause of or management. Concerns about inappropriate Portability and Accountability Act (HIPAA). • Sixty percent of companies report that the security incidents. usage caused by managerial disputes are higher Scott & White Healthcare is one of the largest most significant potential consequences from in Spain, Brazil, Mexico and India, while pay healthcare systems in the United States, These statistics suggest that many organizations inappropriate social media usage are loss of disputes cause more concern to organizations operating 10 hospitals in the Texas area. Scott perceive employee usage of Web 2.0 to be non- reputation, brand, or client confidence. in the United Kingdom and Australia. Concerns & White uses Facebook, YouTube, Twitter and productive and potentially detrimental to business about accidental misuse are highest in the United • One in three organizations reported unplanned blogs to communicate with the public. On goals. Facebook is banned by nearly half of the Kingdom and Canada. investments related to “work-arounds” Nov. 5, 2009, a soldier opened fire at the Fort organizations, especially mid — to large-sized ones. necessary for implementing social media in Hood military base in Texas, killing 13 people In certain European countries like Benelux, Italy and In contrast, one in four respondents did not their organization. and wounding dozens of others (CNN, 2009). Spain, more than 60 percent of organizations restrict have concerns about employees using social Scott & White Memorial Hospital in Temple, usage. In contrast, only a third of organizations in media inappropriately. Respondents from small • Fourteen percent of organizations report Texas, was the closest Level 1 trauma center Japan, Germany and Brazil restrict Facebook. organizations and from Sweden, Germany, Japan litigation or legal threats caused by employees and received the highest number of Fort and the United Arab Emirates were the least likely disclosing confidential or sensitive information, Security experts explain that negative media Hood casualties. Steve Widmann, director of to be concerned that employees would use social with more than 61 percent of those threats coverage of Facebook over unilateral privacy web services at Scott & White, used Twitter, a media inappropriately, where approximately 40 caused by social media disclosures. changes might account for some of this concern. blog and YouTube to issue continuous updates percent of leaders were unconcerned. Also, the more users a tool has, the more likely throughout the day about access to the Organizational leaders are facing real it is to be a target. “If it’s popular, it’s going to hospital’s emergency room, hospital operation consequences when adopting Web 2.0 be popular with the bad guys, not just the good status and to keep the media and public technologies, but they recognize a growing guys,” said an IT security professional from a major informed. Both the local media and the public demand for employee usage. They continue to global nonprofit. showed support and gratitude for being kept seek the right balance to ensure technological up-to-date on developments. security while embracing and integrating the opportunities presented by Web 2.0 technologies. hood.investigation/index.html php?/weblog/comments/the_hobson_holtz_ report_-_podcast_503_november_23_2009/16 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 17