Go2IndiaWeb20.com

Since the day Tim O’Reilly coined the word “Web 2.0″ it has become a widely-used term to describe the perceived ‘second generation of the Internet’, focusing on new collaboration technologies such as blogs, social networking and user generated videos. In early 2007, Clearswift did a research to establish how popular these new Web 2.0 technologies and sites really were among office workers to determine the scale of the potential threat to corporate security. Here is the link to the complete 24 page report (click here). Following is the summary of the same.

Before I get to the summary of the report, read the following news.

Apple
In 2004, websites PowerPage, Apple Insider and Think Secret published details of unreleased products, code-named Asteroid and Q97. Apple sued the sites in an attempt to force them to reveal their sources. (actual news link here)

Google
Mark Jen left Google under unclear circumstances less than a month after joining the company after candid comments on his blog about life at Google caused controversy. (actual news link here) Waterstone’s
Joe Gordon, an employee of eleven years, became the first blogger in Britain to be dismissed because he kept a personal blog, which occasionally included entries about bad days at work and satirising his boss. (actual news link here)

Delta
Ellen Simonetti was sacked from Delta Airlines after posting images of herself in her Delta uniform on her personal blog. (actual news link here)

So it’s somewhat clear that the sensitive data are getting outside of corporate walls by the increased number of employees using the social media and web 2.0 technologies and sites. Here is the summary of report that took place in two phases

Phase 1
Aimed to explore how popular social networking media are in a corporate environment and whether users are discussing sensitive work-related issues and therefore posing a threat to corporate information.

• In the US, 83% of office workers have accessed some form of social media from their place of work.
• Web 2.0 sites such as Wikipedia (46%), video-sharing sites such as YouTube (26%), IM (24%) and blogs (23%) are all accessed by significant numbers of workers.
• While using these social media, almost a third (30%) discussed work-related issues, potentially putting sensitive company information at risk.
• Almost two thirds (63%) of office workers accessed social media at least once a day – with 82% having admitted to accessing them at least a few times a week.
• 50% of those polled felt they should be entitled to access these sites from work, whereas only 36% felt they shouldn’t.

Phase 2
The second phase of the research explored whether businesses are aware of the popularity of social media and whether they were deriving business benefits from Web 2.0 technologies. The respondents were also asked what IT security measures they had in place.

• IT and business decision makers were broadly aware of the popularity of Web 2.0 social media among their employees
• 9.1% of those polled saying their staff did not access any social media
• A small 4.9% admitted to not knowing whether their employees accessed social media or not.
• A significant number were not taking action to protect themselves by educating their staff
• 19.1% of those polled admitted to not maintaining a best practice policy which provided staff with written guidelines on using the Internet, including social media sites.
• 35% of companies didn’t monitor employees’ Internet use
• Almost half of (48.3%) the IT and business decision makers polled didn’t know whether they’d lost confidential corporate information via social media.
• Only 32.1% of companies had content filtering solutions in place that allowed secure access to social media sites.
• Over 40.8% considered social media to be relevant to today’s corporate environment yet only 11.1% were already making use of it from a business perspective.
• 14.6% of organizations were not aware of social media and had no policy on it.
• 11.7% were encouraging employees to blog in order to benefit the business
• 41.6% actively discouraging or forbidding staff to blog and 46.7% not having a policy either way.

What really bothers is that, almost half of (48.3%) the IT and business decision makers polled didn’t know whether they’d lost confidential corporate information via social media and only one third had content filtering solutions to allow secure access to social media sites. Here is the conclusion of the report

Never before has it been more important for companies to consider controlling use of the web as well as email and protecting against outbound threats as well as inbound. There is no doubt Web 2.0, in the form of social networking technologies, is a growing phenomenon and popularity among users continues to increase. The Web 2.0 world brings with it significant data leakage risks and the research clearly shows that the scope of the mass usage of Web 2.0 tools by employees. While it is cause for concern, it is not cause for alarm. By taking a smart approach to web security, businesses will be able to unlock the power of these new Internet services for competitive advantage.