UiPath Community: AI for UiPath Automation Developers
Mcafee web20-balancingact
1. Web 2.0
A Complex Balancing Act
The First Global Study on Web 2.0
Usage, Risks and Best Practices
2. Executive Summary
Web 2.0: A Complex Balancing Act What are Web 2.0’s leading trends in business? Defined broadly as consumer
The First Global Study on Web 2.0 Usage, social media applications such as Facebook, Twitter and YouTube, and
Risks and Best Practices specialized Enterprise 2.0 solutions, Web 2.0 has become a term surrounded
by many debates: To adopt or not? How can organizations use Web 2.0
technologies? What are the business benefits? Will Web 2.0 use increase or
decrease employee productivity? Is the security risk worth the benefits?
In collaboration with experts in the fields of security of it; 25 percent monitor use; and 13 percent
and social media, McAfee took a close look at these block all social media access. Social network sites
questions. Commissioned by McAfee, Professors are regarded as the main security threat of all
Mihaela Vorvoreanu and Lorraine Kisselburgh from social media tools. As a result, nearly half of the
Purdue University and the Center for Education and organizations we surveyed block Facebook.
Research in Information Assurance and Security
(CERIAS) undertook extensive research with experts Organizations need to employ a variety of measures
from around the globe. to ensure safe use of Web 2.0. Social media policies
and technological protection are the two primary
International research firm Vanson Bourne surveyed measures used today. Two thirds of organizations
more than 1,000 organizational decision-makers worldwide have social media policies for
in 17 countries worldwide, and combined with employees, and 71 percent of those use technology
expert interviews, we developed an in-depth to enforce them. However, that leaves one third of
study of emerging policies and practices into how organizations without a social media policy, and
organizations balance the risks and benefits of almost half of the organizations lack a policy for
using Web 2.0 technologies. Web 2.0 use on mobile devices.
Our findings show high Web 2.0 adoption. Three To address these challenges, many organizations
out of four organizations worldwide use Web have increased security protection since introducing
2.0 for a variety of business functions such as IT Web 2.0 applications. Seventy-nine percent
(51 percent), marketing and sales (34 percent), increased firewall protection, 58 percent introduced
customer relations (29 percent), advertising and greater levels of web filtering, and 53 percent
public relations (28 percent) and human resources implemented greater web gateway protection. Two
(22 percent). The main driver for Web 2.0 adoption out of five organizations are budgeting for Web
is new revenue potential, according to two thirds of 2.0-specific security solutions.
our respondents. Only 42 percent of those surveyed
felt strongly about the importance of present Security experts strongly recommend a multi-
Web 2.0 tools. While organizations acknowledge layer security approach that’s customized for Web
revenue potential and business value in Web 2.0 2.0-specific challenges to mitigate adoption risks.
technologies, leaders and decision makers debate Eugene Spafford, founder and Executive Director
employee use of Web 2.0 in the workplace — of CERIAS at Purdue University, notes that “the
either in the office or on the road. best protections are those that don’t get in the way
of getting work finished, because users are not
CONTENTS Security is the leading issue. Half of the tempted to circumvent those controls. As not all
organizations say it is their primary concern for information needs to be protected in the same way,
Executive Summary 3 Web 2.0 technologies. For another third, security and not all users are going to interact with Web 2.0
is the main reason they don’t use Web 2.0 more technologies in the same manner, defenses should
Introduction 4
widely. Six out of 10 organizations suffered large be tailored to fit the circumstances of use.”
Web 2.0 Adoption in Organizations 5 losses averaging $2 million each because of security
incidents during the past year. Together, more than Executives and industry experts agree that
Employee Use of Web 2.0 10 $1.1 billion was lost by these organizations due to successful organizational use of Web 2.0 is a
security incidents. complex balancing act. It requires analyzing
Balancing Act 18 challenges and opportunities while mitigating
Conclusion 24 One of the main sources of security threats is risks, and combining policy, employee training and
employee use of social media. Thirty-three percent technology solutions to ensure security.
Appendices 26 of organizations worldwide restrict employee use
Web 2.0: A Complex Balancing Act 3
3. “By 2014, social networking
Energy use for spam (kWh/year) per email user
services will replace e-mail as the
Percent of email received that is spam
primary vehicle for interpersonal
communications for 20 percent of
business users.” [Gartner (2010).
“Predicts 2010: Social Software Is
an Enterprise Reality.”]
Introduction Web 2.0 Adoption in Organizations
Web 2.0 — defined here broadly as consumer social media applications such Our survey shows high adoption of Web 2.0 in the enterprise. More than 75
as Facebook, Twitter and YouTube, and specialized Enterprise 2.0 solutions — percent of organizations reported using Web 2.0 solutions for many business
has become a term surrounded by many debates: To adopt or not? How can functions. While adoption rates vary across countries, they were high overall,
organizations use Web 2.0 technologies? What are the business benefits? and reached 90 percent or higher in Brazil, Spain and India. Web 2.0 adoption
Will Web 2.0 use increase or decrease employee productivity? Is the security was lowest in the United States and the Commonwealth countries of the
risk worth the benefits? United Kingdom, Australia, and Canada.
McAfee, in collaboration with communication emerging technologies at infrastructure and Survey data confirmed market research group Web 2.0 Adoption Rates by Country
media and IT security experts, and with the help employee levels. In balancing these challenges Gartner’s anticipated trend: “By 2014, social
of international research firm Vanson Bourne, and opportunities, the report discusses measures networking services will replace e-mail as the Organizations who use Web 2.0 for business (%)
investigated these questions. A survey of more organizations take to ensure safe use of Web 2.0. primary vehicle for interpersonal communications
than 1,000 organizational decision makers The survey data and expert opinions corroborate for 20 percent of business users.” 100%
from 17 countries, and in-depth interviews that while Web 2.0 has considerable value, using [Gartner (2010). “Predicts 2010: Social Software Is 80%
with experts, paint a complex picture with Web 2.0 applications successfully is a balancing an Enterprise Reality.”]
two main Web 2.0 issues: the opportunities act that requires a combination of technology, 60%
provided to organizations that have adopted policy and education. Web 2.0 solutions are used for a variety of
Web 2.0, and the challenges of embracing business purposes. About half of the organizations 40%
surveyed employ Web 2.0 solutions for IT 20%
functions, and roughly a third of organizations use
them for marketing, sales or customer service. One 0%
SNG
India
Spain
Brazil
Mexico
Japan
Canada
Sweden
UAE
USA
France
Poland
Germany
Australia
UK
Italy
Benelux
in five organizations reported using Web 2.0 for
public relations or human resources — especially
recruitment. India leads in adoption of Web 2.0
for IT solutions, with about three out of four
Indian organizations reporting such use.
4 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 5
4. Crowd-sourcing is one of the ways that companies are leveraging
Web 2.0 to create new revenue streams. InnoCentive is an online
crowd-sourcing company where organizations as large as Eli Lilly,
DuPont, Boeing, Procter&Gamble and NASA post research problems
in need of solutions. Scientists from all over the world, whether
The survey data suggests
amateur, professional, or retired, choose problems to work on
and post their solutions. Companies select a winning solution and that in 2010 Web 2.0
pay the scientist a cash prize ranging from $5,000 to $1 million, solutions are not perceived
depending on the problem’s complexity. InnoCentive enables as crucial to organizations.
companies to solve difficult research problems at a much lower cost
than their own R&D departments, and to have access to a diversity
of solutions, ideas and expertise that is unlikely to occur within just
one organization. http://www2.innocentive.com
New revenue streams emerged as the highest Frank Gruber, co-founder of TECH cocktail, The survey data suggests that in 2010
driver of Web 2.0 adoption. Three out of four discusses some of the ways that companies Web 2.0 solutions are not perceived as crucial Although Web 2.0 was not
organizations that use Web 2.0 reported that are leveraging Web 2.0 technologies — and to organizations. This is not surprising, given considered extremely critical
expanded use of Web 2.0 technologies could particularly the people participating in these that some of the technologies have not reached for many organizations in this
create new revenue streams for their organizations. platforms — to facilitate production, marketing, maturation, and uses are still being explored. study, for one organization it is
This is especially true in Brazil, India, the United and customer service: However, respondents see great potential for vital. charity: water is a nonprofit
Arab Emirates and Mexico, where nine out of 10 Web 2.0 in the future, and the data suggests that organization that provides clean and
organizations share this belief. Even 65 percent “For example, crowdsourcing has been used for this belief drives adoption. Stowe Boyd, analyst safe drinking water in the developing
of organizations in the public sector that already design work, solving difficult problems and even and business strategist, claims the real benefits of world. It directs 100 percent of public
use Web 2.0 see revenue potential from using to make product decisions. There are a number Web 2.0 become apparent when adoption rates donations to funding water projects.
it. However, perceived importance of Web 2.0 of companies leveraging Web 2.0 technologies reach 90 percent. “The more people use social charity: water does nearly all of its
solutions was tempered. Forty-two percent of for social media marketing campaigns and for tools, the more efficient the tools become,” fundraising online and has no budget
respondents who reported using Web 2.0 solutions customer service. Ford has been leveraging social states Boyd. for marketing or advertising. charity:
agreed they were important to business, but about media and outreach to connect with a newly water has raised more than $7.5 million
the same percentage was neutral. invigorated Ford Fiesta. Zappos leverages Web 2.0 In addition to supporting communication and in its first two years of operation
for customer service, because every employee collaboration among employees, organizations using mainly an online community
has a Twitter account for customer support and recognize the value Web 2.0 technologies bring platform and social media. With the
feedback. Intel works with bloggers to spread the to clients and customer relations. About 40 to power of social media alone, in 2009
word about their innovations.” 45 percent of organizations feel that Web 2.0 more than $250,000 was raised in a
improves customer service, and 40 percent feel it single day when charity: water was
Market pressure was not, overall, a big driver of enhances effective marketing.
Three out of four the beneficiary of Twestival Global.
Web 2.0 adoption. The exception is India and
This resulted in more than 55 water
organizations that use Brazil where 78 and 58 percent, respectively,
wells in Uganda, Ethiopia and India,
Web 2.0 reported that reported that customers and partners are
and touched the lives of an estimated
requesting organizations to engage in Web 2.0. “The more people
expanded use of Web 2.0 17,000 people. “Web 2.0 is the heart of
Perceived market pressure was higher in the
technologies could create public sector, where almost half of organizations
use social tools, the our operation and our primary source
of revenue. We’re a Web 2.0 charity,”
new revenue streams for feel it, as opposed to only a third in the private more efficient the
says charity:water director of digital
their organizations. sector. In the largest organizations, the pressure tools become.” engagement, Paull Young. charity:water
to engage in Web 2.0 offerings was highest.
is a convincing example of the impact
Almost half of large organizations reported
social media can have on ROI.
partner or customer demand, compared to only a
third of small organizations.
6 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 7
5. McAfee CTO and vice president, Raj Samani, believes that more
What accounts for Brazil’s high Web 2.0
companies should be concerned about security. He explains that
adoption rate? Brazilian IT consultant and
the security landscape has changed. Whereas 10 to 15 years
ICANN member, Vanda Scartezini, explains
ago data infiltration was the biggest concern, these days data
that Brazilians tend to love novelty and are
exfiltration, good data going out, is the primary challenge. In an
quick to adopt new technologies. At the
economy where information is the lifeblood of an organization,
same time, Brazil is seeing “huge infection
preserving the confidentiality, integrity and availability of
problems” originating from social media.
information is vital. Virus and malware protection is still important,
Scartezini recommends that organizations
but data loss prevention is fast becoming an indispensable
use more than one security software
component of an organization’s technology protection.
applications to protect assets.
If Web 2.0 is useful for business functions, what Large organizations paid even steeper costs for Virus and malware infections are the most
is preventing organizations from using it more? security breaches because of Web 2.0 usage. The common types of security incidents. A third of
Security is the leading concern for Web 2.0 average loss for a large organization was $4.5 organizations experienced virus infections and
technologies. Half of the respondents name security million, with an average reported loss around $10 almost a quarter experienced malware infections
risks as their primary concern with Web 2.0, while million in Japan and Singapore, and more than the previous year. In spite of concerns about data
a third identify fear of security issues as the main $8.5 million in Canada. Large organizations in the exfiltration, very few organizations (less than More than $1.1 billion was lost
reason Web 2.0 applications are not used more United States have managed their security risks one in 10) reported experiencing data leaks or by organizations surveyed due
widely in their business. Trepidation about security better, and reported a relatively lower average loss information overexposure. Security experts found to security incidents caused by
is higher than average in India and Brazil, two of $1.7 million. this percentage to be lower than expected, and
Web 2.0 technologies.
countries with the highest Web 2.0 adoption rates. explain that respondents might be aware of or
Large organizations are twice as likely as small Organizations in countries with high Web 2.0 report only the more serious incidents. Pamela
organizations to avoid using Web 2.0 because of adoption such as Brazil, India and Mexico were Warren, McAfee cybercrime strategist, stated,
security fears. With more employees and more most likely to have experienced security incidents “more data leaks might have happened, but they
complex infrastructures to protect, it is no surprise and to report large losses. The average amount are outside organizations’ awareness.”
that large organizations perceive higher risks. At lost by Brazilian organizations was $2.5 million.
the same time, large organizations report the Japan reported the highest average loss per Beyond security, other factors that account Primary concern about Web 2.0
Concern about Web 2.0
highest benefit from using Web 2.0 tools such as organization at $3 million. Organizations in the for limited use of Web 2.0 in organizations
collaborative platforms. United States lost, on average, more than $1.5 include lack of demand and lack of applicability,
million due to security breaches. reported by 18 percent of respondents. Lack 9%
Fears and concerns about security are well of productivity and legal risks also emerged as
founded. Six out of 10 organizations experienced Web 2.0 concerns. However, these reasons lag 15%
some sort of security incident the previous year Six out of 10 organizations far behind security fears.
Security
49% Productivity
because of Web 2.0 technologies — virus and experienced some sort of security Legal risks
Despite high adoption rates and strong business
malware infections were the most common. incident the previous year because of Reputation
The financial loss associated with these security benefits, concern over security remains the 27%
Web 2.0 technologies — virus leading factor holding organizations back
incidents was high. On average, organizations lost
almost $2 million the previous year because of and malware infections were the from exploring the full potential of Web 2.0
security incidents. most common. applications. The cost and risk of security
incidents are very high. A large proportion of
security fears are related to employee use of social
media, both for work and personal purposes.
8 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 9
6. Employee Use of Web 2.0 While Web 2.0 tools were most likely to be
considered useful for improving communication,
exact same thing happened with e-mail, the exact
same thing happened with instant messaging, and
survey respondents also reported other benefits: now with social media, especially the stuff that has
While organizations see revenue potential and business value in Web 2.0 enhanced customer service, increased productivity, social networks in it, they are saying exactly the
technologies, decision makers continue to debate whether or not to allow as well as marketing and branding. For example, same stuff. ‘We’ve got to manage this because
half of respondents reported that use of they’re going to be sitting there talking about
employee usage of Web 2.0 in the workplace — either in the office or on the road.
collaborative platforms improves productivity. fantasy football.’”
Forty-two percent of respondents said social
network sites enhance customer service.
Some organizations emphasize education, Many organizations that do not restrict employee
guidelines and usage policies that provide usage report positive results from social media Organizational leaders differed, however, on
parameters for appropriate and allowable use of tools including enhanced communication whether they felt Web 2.0 increased employee Mobile social media access can be life saving during large-
Web 2.0 technologies for work. In other cases, and increased employee productivity. Most productivity. Only 40 percent of organizations scale natural disaster emergencies, and played a major role in
organizations are responding to rising employee organizations rated webmail and collaborative agreed that Web 2.0 tools enhance productivity. relief and recovery efforts during the 2010 Haiti earthquake.
and customer demand for making Web 2.0 platforms as the most useful applications. Only However, organizations are more likely to Twitter and Facebook were critical to communicating
technologies available, and are less concerned a quarter of organizations rated social network indicate that collaborative platform and information about relief efforts. Shortly following the
about employee productivity or security threats. sites and streaming media sites such as YouTube content sharing applications are more useful earthquake, the U.S. State Department began posting assistance
as useful. for productivity than streaming media and information on its Facebook page.
But many organizational leaders are highly
social networking tools. The social nature of
concerned with potential threats from Web 2.0
these tools may factor into the reluctance of Agencies, such as the American Red Cross, and citizens used Twitter
technologies. They worry about security, data Perceptions of Web 2.0 Utility for Employee Use
organizational leaders to embrace adoption, as to provide minute-by-minute status changes on the ground, and
integrity, employee productivity, along with the
well as their relative novelty in the organization. to mediate communication with those outside the disaster zone
reputational, financial, legal and technological RATED USEFUL BY PROVIDED BY
WEB 2.0 TOOL
ORGANIZATIONS ORGANIZATIONS
to assist in relief efforts. Volunteers used mobile GPS and camera-
consequences that can occur as a result of Analyst and business strategist, Stowe Boyd, enabled phones to gather photographic and geographic data
Web 2.0 usage. WEBMAIL 48% 90% discusses the historical resistance to emerging about roads, buildings and people. The information was posted to a
COLLABORATIVE PLATFORMS technologies in organizations. “When American collective Google Maps mashup that allowed emergency personnel
In spite of these concerns, 29 percent of 42% 82%
businesses after WWII started to think about rolling to locate open roads for relief transportation, and identify “last-
organizations do not have policies regarding CONTENT SHARING APPLICATIONS 40% 86% out telephones on everyone’s desks, the biggest seen” locations of individuals seeking family. Building a social media
employee usage of Web 2.0 in the office, and
STREAMING MEDIA SITES objection that was raised by the senior managers, following during quiet times ensures your message gets across
fewer still have policies in private sector and 28% 82%
who already had telephones, was that everyone quickly and credibly during a crisis, even if conventional lines of
small organizations. Seventy-five percent of SOCIAL NETWORK SITES 25% 77% was going to use these phones for personal use. communication are down.
organizations without policies indicate they trust
They were going to call mom; they were going to http://fcw.com/articles/2010/01/14/social-media-haiti-earthquake-
their employees to use tools appropriately, or do
gossip. They weren’t going to use them primarily to relief.aspx
not consider social media a threat.
do business. But [most of the] time, business people http://www.readwriteweb.com/archives/social_media_red_cross_
use telephones to conduct business because it’s an floods.php
efficient, and direct and obvious way to do it. The
GE has used internal Web 2.0 collaboration tools for many
years now. As a large multinational corporation with a
workforce scattered all around the world, GE needed online
Seventy-five percent of collaboration and social tools. By now, “people have gotten
organizations without so used to them that they’ve come to depend on them,” says
Only 40 percent of GE systems engineer Anthony Maiello. GE is going beyond
policies indicate they your out-of-the box internal social networking solution:
organizations agreed
trust their employees to “Those are great for communication, but they do not meet
that Web 2.0 tools
use tools appropriately, our specialized design needs,” explains Maiello. GE is building
enhance productivity. sophisticated collaboration tools that enable engineers
or do not consider social
to collaborate remotely and create complex technical
media a threat. designs. “Because new products are being created on this
platform, security is a paramount concern. We do not want
external parties attacking our network and getting to this
information,” says Maiello.
10 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 11
7. Jonathan Grudin of Microsoft Research, who studies computer-
supported cooperative work, notes that concerns about emerging General Motors, a major U.S. automobile manufacturer,
technologies encroaching on employee productivity are not new. It took empowers employees to promote their latest car models.
many organizations about 15 years before accepting e-mail technologies Employees can borrow cars overnight or for the weekend
because “they had the same concerns about confidentiality and and allow friends and relatives to drive them, as long as
productivity. There were leading industry analysts and organizational an employee is a passenger. Employees can share their
behavioral theoreticians who claimed in the 1990s that e-mail was experience with the car online. “Maybe they’ll go onto
actually a productivity killer. However, when reliable attachment features Facebook and tell their friends, ‘you know, I just drove
were added to e-mail systems, allowing documents, spreadsheets the new Camaro and man, it’s just an awesome car!’”
and slide decks to be e-mailed, “managers saw the value, and then says Holtz, who is not affiliated with GM. This program
it became mission critical.” Similarly, Grudin adds, a decade ago, capitalizes on employees’ peer groups and social networks
“company executives warned against IM use in the company, claiming to enhance marketing and potentially increase sales.
again that it was a productivity killer, and it too is now seen as mission
http://www.gm.com/corporate/responsibility/community/
critical in many organizations. So there is a history of organizations
news/2010/plant_city_tour_030110.jsp
raising concerns about informal modes of communication.”
In fact, an increasingly mobile workforce has made Today’s workforce is likely to have access to While IT security experts favor blocking social
information and communicative technologies information and communication tools at home as media if it is not applicable to an employee’s
essential to communication as well as productivity well as in the workplace. Ubiquitous connectivity job, industry analysts feel strongly otherwise. While IT security experts favor blocking
in organizations. Disaster and crisis situations is becoming an expectation of the 21st century, Enterprise 2.0 consultant and writer Dion social media if it is not applicable to an
provide a compelling argument for employee use whether using consumer-owned or organizationally- Hinchcliffe thinks blocking social media is “short
employee’s job, industry analysts feel
of social media — mobile technologies facilitate provided devices. This poses an additional challenge sighted.” Consultant and writer Shel Holtz feels
strongly otherwise.
communication when traditional infrastructures to IT security. Indeed, more than half of organizations Eighty-one percent blocking access is “the laziest way to approach
fail. When the U.S. Naval base in Millington, Tenn., do not allow employees to use their own software the problem,” and argues that companies
of organizations
flooded in 2010, 300 residents were displaced and or hardware in the workplace, and in Canada and should “tease value out of their employees’
their mobile phones were their only connection to the United Kingdom 70 percent of organizations indicated that social graph.” Holtz states that employees’ social
the world. The U.S. Navy used Facebook to keep restrict external hardware or software. We expect they restrict the connections, which they create and maintain While blocking access to social media provides
better security, these analysts agree that it is
residents informed and help them get safely to to see this trend decreasing in the near future, as a use of at least through social media, are a great resource that
neither feasible nor sustainable in the face of
restored buildings. growing number of employees from the Millennial organizations should capitalize on. Instead of
one Web 2.0 tool emerging use in the 21st century. Instead, we’re
Generation enter the workforce and demand blocking social media, Holtz believes organizations
While certain organizations embrace Web 2.0 ubiquitous connectivity and more open policies because they are should have safe systems in place for using living in a future were organizations must plan
usage by employees, the majority of organizations toward consumer devices and social media. concerned about Web 2.0. Employees can use social media and design environments with less control of
trend differently: eighty-one percent of employee activities. JP Rangaswami, CIO and
security. not only for marketing, but also for getting
Chief Scientist of British Telecom, recommended
organizations indicated that they restrict the use At the most extreme, 13 percent of organizations quick feedback, testing ideas and helping with
of at least one Web 2.0 tool because they are block social media access at the infrastructure level. recruitment. “I guarantee you your engineers in a recent keynote presentation to the E2.0 2010
concerned about security. Organizations in the Blocking usage is more prevalent in the public sector know who the next best engineering hire is, conference: “The organization has to design for
United Kingdom, Germany, Canada, Sweden and and in larger organizations, where it was reported by because they network with other engineers and a loss of control.” Charlene Li, industry analyst
Singapore are less likely than other countries to 20 percent of organizations. they know who has the right set of skills and and CEO of Altimeter Group, notes that “the
restrict use of particular tools. Larger organizations knowledge and background, and who brings the sense of control you have to give up is significant,
are more likely to place restrictions on social media right experience to the job and who would be a and executives in particular are not going to
Patterns of Blocking Social Media
usage than the smallest organizations (87 percent good cultural fit in the organization,” says Holtz. invest in something unless they know it’s going
versus 67 percent, respectively). to add particular value to the company.” The
100%
90%
value of Web 2.0 technologies, Li points out,
Organizations restrict social media usage through 80% comes in focusing upon the relationships that
policy, technology and controlling use of user- 70% No policy can be formed, not the technology. “It’s not so
owned devices. More than half of organizations 60% Monitor use “The organization has to much about being on Twitter as the purpose and
50%
do not allow employees to use their own software Control/restrict the reason, and the connections you can form
40% design for a loss of control.”
or hardware in the workplace, and 25 percent 30%
Block access
with people. It is about the human aspect of
of organizations restrict social media usage to 20% technologies, and this is nowhere more important
specifically authorized individuals. 10%
than in using social technologies.”
0%
Small Medium Large
(<100) (100-1000) (>1000)
Organization size (number of employees)
12 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 13
8. The primary concern that organizations have Some security concerns are specific to
about employee usage of Web 2.0 technologies Web 2.0 tools used by employees. For example,
is security. This concern is a specific obstacle technologies that are perceived to facilitate work
to adoption and integration of social media in productivity, such as webmail, collaborative Facebook is banned by nearly
organizations. The top four perceived threats platforms and content sharing applications, are
half of the organizations,
from employee use of Web 2.0 are malicious less likely to raise concern than the mainstream
software (35 percent), viruses (15 percent), social media tools such as Facebook, LinkedIn, especially mid — to
overexposure of information (11 percent) and YouTube and Twitter, which are not allowed by large-sized ones.
spyware (10 percent). 40 to 50 percent of organizations. There are
regional differences, as well, in which tools are
Top Perceived Security Threat from Employee considered useful for employees. Organizations
Web 2.0 Usage in Brazil and Singapore, where overall adoption Social network sites are
is high, are much more likely to rate webmail perceived as the riskiest of
TOP PERCEIVED SECURITY THREAT FROM useful than organizations in the United all Web 2.0 tools from a
EMPLOYEE WEB 2.0 USAGE
Kingdom. However, the United Kingdom reports
security standpoint.
MALWARE INTRODUCTION 35% higher adoption of collaborative platforms and
content sharing tools. Adoption of streaming
VIRUS INTRODUCTION 15%
media and social network sites is fairly consistent
INFORMATION OVEREXPOSURE 11% across all countries.
SPYWARE INCREASE 10% Industry analyst Charlene Li notes that
SPAM VOLUME INCREASE
differences in social media usage by country
6%
are less about cultural differences than
EXPOSED ENTRY POINTS 6% about differences in access and social media
DATA LEAKS
penetration rates. Li says that because of high
7%
penetration rates, “South Korea and Brazil
BOTNET INTRODUCTION 5% are more likely to be producing content, while
SPAM USE INCREASE
other countries like the U.S. lean more towards
4%
content sharing.”
Web 2.0 Applications Adoption by Country
80%
70%
60%
50%
Webmail
40%
Content sharing
Collaborative platforms
30% Streaming media
Social network sites
20%
10%
Italy
SNG
Japan
Australia
UAE
Canada
Spain
Brazil
Sweden
Benelux
UK
USA
France
Mexico
India
Germany
Poland
Webmail
“If it’s popular, it’s going to be popular with Content sharing
Collaborative platforms
the bad guys, not just the good guys.” Streaming media
Social network sites
14 Web 2.0: A Complex Balancing Act
Italy
SNG
Japan
ustralia
UAE
anada
Spain
Brazil
weden
enelux
UK
USA
France
Mexico
India
rmany
Poland
9. Close to half of the leaders surveyed felt that One in four
employees are most prone to using social media respondents did
inappropriately by accident, perhaps due to lack not have concerns
of awareness, or when they are dissatisfied with about employees
compensation or management. using social media
inappropriately.
Social network sites are more likely to be linked In some cases, organizations are concerned about There are both real and perceived consequences of
to security issues than other technologies. Among situations that might give rise to employees inappropriate Web 2.0 and social media use: Legal risks are a major concern for
respondents who have experienced security inappropriately using social media. Close to half highly regulated industries such as
incidences in their organizations, half suspected of the leaders surveyed felt that employees are • The financial consequence for security incidents
healthcare or financial services. One
social network sites as the cause, and 44 percent most prone to using social media inappropriately (including downtime, information and revenue
hospital system, however, found a way to
suspected webmail. In contrast, only 20 to 25 by accident, perhaps due to lack of awareness, loss) is an estimated average of $2 million for
use social media successfully while staying
percent of organizations suggested content sharing or when they are dissatisfied with compensation all Web 2.0 technologies.
within the limits of the Health Insurance
and collaborative platform tools as the cause of or management. Concerns about inappropriate Portability and Accountability Act (HIPAA).
• Sixty percent of companies report that the
security incidents. usage caused by managerial disputes are higher Scott & White Healthcare is one of the largest
most significant potential consequences from
in Spain, Brazil, Mexico and India, while pay healthcare systems in the United States,
These statistics suggest that many organizations inappropriate social media usage are loss of
disputes cause more concern to organizations operating 10 hospitals in the Texas area. Scott
perceive employee usage of Web 2.0 to be non- reputation, brand, or client confidence.
in the United Kingdom and Australia. Concerns & White uses Facebook, YouTube, Twitter and
productive and potentially detrimental to business about accidental misuse are highest in the United • One in three organizations reported unplanned blogs to communicate with the public. On
goals. Facebook is banned by nearly half of the Kingdom and Canada. investments related to “work-arounds” Nov. 5, 2009, a soldier opened fire at the Fort
organizations, especially mid — to large-sized ones.
necessary for implementing social media in Hood military base in Texas, killing 13 people
In certain European countries like Benelux, Italy and In contrast, one in four respondents did not
their organization. and wounding dozens of others (CNN, 2009).
Spain, more than 60 percent of organizations restrict have concerns about employees using social
Scott & White Memorial Hospital in Temple,
usage. In contrast, only a third of organizations in media inappropriately. Respondents from small • Fourteen percent of organizations report Texas, was the closest Level 1 trauma center
Japan, Germany and Brazil restrict Facebook. organizations and from Sweden, Germany, Japan litigation or legal threats caused by employees and received the highest number of Fort
and the United Arab Emirates were the least likely disclosing confidential or sensitive information,
Security experts explain that negative media Hood casualties. Steve Widmann, director of
to be concerned that employees would use social with more than 61 percent of those threats
coverage of Facebook over unilateral privacy web services at Scott & White, used Twitter, a
media inappropriately, where approximately 40 caused by social media disclosures.
changes might account for some of this concern. blog and YouTube to issue continuous updates
percent of leaders were unconcerned.
Also, the more users a tool has, the more likely throughout the day about access to the
Organizational leaders are facing real
it is to be a target. “If it’s popular, it’s going to hospital’s emergency room, hospital operation
consequences when adopting Web 2.0
be popular with the bad guys, not just the good status and to keep the media and public
technologies, but they recognize a growing
guys,” said an IT security professional from a major informed. Both the local media and the public
demand for employee usage. They continue to
global nonprofit. showed support and gratitude for being kept
seek the right balance to ensure technological
up-to-date on developments.
security while embracing and integrating the
opportunities presented by Web 2.0 technologies. http://www.cnn.com/2009/CRIME/11/12/fort.
hood.investigation/index.html
http://www.forimmediaterelease.biz/index.
php?/weblog/comments/the_hobson_holtz_
report_-_podcast_503_november_23_2009/
16 Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancing Act 17