Web 2.0: A Complex Balancing Act – The First Global Study on Web 2.0 Usage, Risks and Best...
-
Upload
eric-prenen -
Category
Documents
-
view
214 -
download
0
Transcript of Web 2.0: A Complex Balancing Act – The First Global Study on Web 2.0 Usage, Risks and Best...
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
1/15
Web 2.0
A Complex Balancing ActThe First Global Study on Web 2.0
Usage, Risks and Best Practices
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
2/15
In collaboration with experts in the elds o security
and social media, McAee took a close look at these
questions. Commissioned by McAee, Proessors
Mihaela Vorvoreanu and Lorraine Kisselburgh rom
Purdue University and the Center or Education and
Research in Inormation Assurance and Security
(CERIAS) undertook extensive research with experts
rom around the globe.
International research rm Vanson Bourne surveyedmore than 1,000 organizational decision-makers
in 17 countries worldwide, and combined with
expert interviews, we developed an in-depth
study o emerging policies and practices into how
organizations balance the risks and benets o
using Web 2.0 technologies.
Our ndings show high Web 2.0 adoption. Three
out o our organizations worldwide use Web
2.0 or a variety o business unctions such as IT
(51 percent), marketing and sales (34 percent),
customer relations (29 percent), advertising and
public relations (28 percent) and human resources
(22 percent). The main driver or Web 2.0 adoption
is new revenue potential, according to two thirds o
our respondents. Only 42 percent o those surveyed
elt strongly about the importance o present
Web 2.0 tools. While organizations acknowledge
revenue potential and business value in Web 2.0
technologies, leaders and decision makers debate
employee use o Web 2.0 in the workplace
either in the oce or on the road.
Security is the leading issue. Hal o the
organizations say it is their primary concern or
Web 2.0 technologies. For another third, securityis the main reason they dont use Web 2.0 more
widely. Six out o 10 organizations suered large
losses averaging $2 million each because o security
incidents during the past year. Together, more than
$1.1 billion was lost by these organizations due to
security incidents.
One o the main sources o security threats is
employee use o social media. Thirty-three percent
o organizations worldwide restrict employee use
o it; 25 percent monitor use; and 13 per
block all social media access. Social netw
are regarded as the main security threat o
social media tools. As a result, nearly hal
organizations we surveyed block Faceboo
Organizations need to employ a variety o
to ensure sae use o Web 2.0. Social me
and technological protection are the two
measures used today. Two thirds o organworldwide have social media policies or
employees, and 71 percent o those use t
to enorce them. However, that leaves on
organizations without a social media polic
almost hal o the organizations lack a po
Web 2.0 use on mobile devices.
To address these challenges, many organ
have increased security protection since in
Web 2.0 applications. Seventy-nine perce
increased rewall protection, 58 percent
greater levels o web ltering, and 53 pe
implemented greater web gateway prote
out o ve organizations are budgeting o
2.0-specic security solutions.
Security experts strongly recommend a m
layer security approach thats customized
2.0-specic challenges to mitigate adopt
Eugene Spaord, ounder and Executive
o CERIAS at Purdue University, notes tha
best protections are those that dont get
o getting work nished, because users a
tempted to circumvent those controls. As
inormation needs to be protected in the
and not all users are going to interact wittechnologies in the same manner, deens
be tailored to t the circumstances o use
Executives and industry experts agree tha
successul organizational use o Web 2.0
complex balancing act. It requires analyzi
challenges and opportunities while mitiga
risks, and combining policy, employee tra
technology solutions to ensure security.
Web 2.0: A Complex Balancing Act
he First Global Study on Web 2.0 Usage,
sks and Best Practices
Executive Summary 3
Introduction 4
Web 2.0 Adoption in Organizations 5
Employee Use o Web 2.0 10
Balancing Act 18
Conclusion 24
Appendices 26
CONTENTS
Executive Summary
What are Web 2.0s leading trends in business? Dened broadly as co
social media applications such as Facebook, Twitter and YouTube, and
specialized Enterprise 2.0 solutions, Web 2.0 has become a term surro
by many debates: To adopt or not? How can organizations use Web 2
technologies? What are the business benets? Will Web 2.0 use incre
decrease employee productivity? Is the security risk worth the benet
Web 2.0: A Complex Balancin
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
3/15
80%
40%
0%
100%
60%
20%
USA
Australia
Canada
UK
Japan
Germany
Benelux
Sweden
UAE
France
Poland
Italy
E r r r r il r
rc il r c i i
Mexico
SNG
India
Spain
Brazil
Organizations who use Web 2.0 for business (%)
Web 2.0 Adoption Rates by Country
Web 2.0: A Complex Balancing Act
Survey data conrmed market research group
Gartners anticipated trend: By 2014, social
networking services will replace e-mail as the
primary vehicle or interpersonal communications
or 20 percent o business users.
[Gartner (2010). Predicts 2010: Social Sotware Is
an Enterprise Reality.]
Web 2.0 solutions are used or a variety o
business purposes. About hal o the organizations
surveyed employ Web 2.0 solutions or IT
unctions, and roughly a third o organizations use
them or marketing, sales or customer service. One
in ve organizations reported using Web 2.0 or
public relations or human resources especially
recruitment. India leads in adoption o Web 2.0
or IT solutions, with about three out o our
Indian organizations reporting such use.
Introduction
Web 2.0 dened here broadly as consumer social media applications such
as Facebook, Twitter and YouTube, and specialized Enterprise 2.0 solutions
has become a term surrounded by many debates: To adopt or not? How can
organizations use Web 2.0 technologies? What are the business benets?
Will Web 2.0 use increase or decrease employee productivity? Is the security
risk worth the benets?
McAee, in collaboration with communication
media and IT security experts, and with the help
o international research rm Vanson Bourne,
investigated these questions. A survey o more
than 1,000 organizational decision makers
rom 17 countries, and in-depth interviews
with experts, paint a complex picture with
two main Web 2.0 issues: the opportunities
provided to organizations that have adopted
Web 2.0, and the challenges o embracing
emerging technologies at inrastructure and
employee levels. In balancing these challenges
and opportunities, the report discusses measures
organizations take to ensure sae use o Web 2.0.
The survey data and expert opinions corroborate
that while Web 2.0 has considerable value, using
Web 2.0 applications successully is a balancing
act that requires a combination o technology,
policy and education.
Web 2.0 Adoption in Organizations
Our survey shows high adoption o Web 2.0 in the enterprise. More than 75
percent o organizations reported using Web 2.0 solutions or many business
unctions. While adoption rates vary across countries, they were high overall,
and reached 90 percent or higher in Brazil, Spain and India. Web 2.0 adoption
was lowest in the United States and the Commonwealth countries o the
United Kingdom, Australia, and Canada.
By 2014, social networking
services will replace e-mail as the
primary vehicle or interpersonal
communications or 20 percent o
business users. [Gartner (2010).
Predicts 2010: Social Sotware Is
an Enterprise Reality.]
Web 2.0: A Complex Balancin
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
4/15
Web 2.0: A Complex Balancing Act
Three out o our
organizations that use
Web 2.0 reported that
expanded use o Web 2.0
technologies could create
new revenue streams or
their organizations.
New revenue streams emerged as the highest
driver o Web 2.0 adoption. Three out o our
organizations that use Web 2.0 reported that
expanded use o Web 2.0 technologies could
create new revenue streams or their organizations.
This is especially true in Brazil, India, the United
Arab Emirates and Mexico, where nine out o 10
organizations share this belie. Even 65 percent
o organizations in the public sector that already
use Web 2.0 see revenue potential rom using
it. However, perceived importance o Web 2.0
solutions was tempered. Forty-two percent o
respondents who reported using Web 2.0 solutions
agreed they were important to business, but about
the same percentage was neutral.
Frank Gruber, co-ounder o TECH cocktail,
discusses some o the ways that companies
are leveraging Web 2.0 technologies and
particularly the people participating in these
platorms to acilitate production, marketing,
and customer service:
For example, crowdsourcing has been used or
design work, solving dicult problems and even
to make product decisions. There are a number
o companies leveraging Web 2.0 technologies
or social media marketing campaigns and or
customer service. Ford has been leveraging social
media and outreach to connect with a newly
invigorated Ford Fiesta. Zappos leverages Web 2.0
or customer service, because every employee
has a Twitter account or customer support and
eedback. Intel works with bloggers to spread the
word about their innovations.
Market pressure was not, overall, a big driver o
Web 2.0 adoption. The exception is India and
Brazil where 78 and 58 percent, respectively,
reported that customers and partners are
requesting organizations to engage in Web 2.0.Perceived market pressure was higher in the
public sector, where almost hal o organizations
eel it, as opposed to only a third in the private
sector. In the largest organizations, the pressure
to engage in Web 2.0 oerings was highest.
Almost hal o large organizations reported
partner or customer demand, compared to only a
third o small organizations.
The survey data suggests that in 2010
Web 2.0 solutions are not perceived as crucial
to organizations. This is not surprising, given
that some o the technologies have not reached
maturation, and uses are still being explored.
However, respondents see great potential or
Web 2.0 in the uture, and the data suggests that
this belie drives adoption. Stowe Boyd, analyst
and business strategist, claims the real benets o
Web 2.0 become apparent when adoption rates
reach 90 percent. The more people use social
tools, the more ecient the tools become,
states Boyd.
In addition to supporting communication and
collaboration among employees, organizations
recognize the value Web 2.0 technologies bring
to clients and customer relations. About 40 to
45 percent o organizations eel that Web 2.0
improves customer service, and 40 percent eel it
enhances eective marketing.
Web 2.0: A Complex Balancin
The survey data suggests
that in 2010 Web 2.0
solutions are not perceived
as crucial to organizations.
owd-sourcing is one o the ways that companies are leveraging
eb 2.0 to create new revenue streams. InnoCentive is an online
owd-sourcing company where organizations as large as Eli Lilly,
Pont, Boeing, Procter&Gamble and NASA post research problems
need o solutions. Scientists rom all over the world, whether
mateur, proessional, or retired, choose problems to work on
d post their solutions. Companies select a winning solution and
y the scientist a cash prize ranging rom $5,000 to $1 million,
pending on the problems complexity. InnoCentive enables
mpanies to solve dicult research problems at a much lower cost
an their own R&D departments, and to have access to a diversity
solutions, ideas and expertise that is unlikely to occur within just
e organization. http://www2.innocentive.com
The more peopleuse social tools, the
more ecient the
tools become.
Although Web 2.0 was not
considered extremely critical
or many organizations in thisstudy, or one organization it i
vital. charity: wateris a nonpro
organization that provides clean a
sae drinking water in the develop
world. It directs 100 percent o pu
donations to unding water proje
charity: waterdoes nearly all o itsundraising online and has no bud
or marketing or advertising. char
waterhas raised more than $7.5 m
in its frst two years o operation
using mainly an online community
platorm and social media. With thpower o social media alone, in 20
more than $250,000 was raised in
single day when charity: waterwa
the benefciary o Twestival Globa
This resulted in more than 55 wate
wells in Uganda, Ethiopia and Indi
and touched the lives o an estima17,000 people. Web 2.0 is the hea
our operation and our primary sou
o revenue. Were a Web 2.0 charit
says charity:waterdirector o digit
engagement, Paull Young. charity:
is a convincing example o the impsocial media can have on ROI.
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
5/15
I Web 2.0 is useul or business unctions, what
is preventing organizations rom using it more?
Security is the leading concern or Web 2.0
technologies. Hal o the respondents name security
risks as their primary concern with Web 2.0, while
a third identiy ear o security issues as the main
reason Web 2.0 applications are not used more
widely in their business. Trepidation about security
is higher than average in India and Brazil, two
countries with the highest Web 2.0 adoption rates.
Large organizations are twice as likely as small
organizations to avoid using Web 2.0 because o
security ears. With more employees and more
complex inrastructures to protect, it is no surprise
that large organizations perceive higher risks. At
the same time, large organizations report the
highest benet rom using Web 2.0 tools such as
collaborative platorms.
Fears and concerns about security are well
ounded. Six out o 10 organizations experienced
some sort o security incident the previous year
because o Web 2.0 technologies virus and
malware inections were the most common.
The nancial loss associated with these security
incidents was high. On average, organizations lost
almost $2 million the previous year because o
security incidents.
49%
27%
15%
9%
Security
Productivity
Legal risks
Reputation
Primary concern about Web 2.0
Large organizations paid even steeper costs or
security breaches because o Web 2.0 usage. The
average loss or a large organization was $4.5
million, with an average reported loss around $10
million in Japan and Singapore, and more than
$8.5 million in Canada. Large organizations in the
United States have managed their security risks
better, and reported a relatively lower average loss
o $1.7 million.
Organizations in countries with high Web 2.0
adoption such as Brazil, India and Mexico were
most likely to have experienced security incidents
and to report large losses. The average amount
lost by Brazilian organizations was $2.5 mil lion.
Japan reported the highest average loss per
organization at $3 million. Organizations in the
United States lost, on average, more than $1.5
million due to security breaches.
More than $1.1 billion was los
by organizations surveyed due
to security incidents caused by
Web 2.0 technologies.
Virus and malware inections are the most
common types o security incidents. A third o
organizations experienced virus inections and
almost a quarter experienced malware inections
the previous year. In spite o concerns about data
exltration, very ew organizations (less than
one in 10) reported experiencing data leaks or
inormation overexposure. Security experts ound
this percentage to be lower than expected, and
explain that respondents might be aware o or
report only the more serious incidents. Pamela
Warren, McAee cybercrime strategist, stated,
more data leaks might have happened, but they
are outside organizations awareness.
Beyond security, other actors that account
or limited use o Web 2.0 in organizations
include lack o demand and lack o applicability,
reported by 18 percent o respondents. Lack
o productivity and legal risks also emerged as
Web 2.0 concerns. However, these reasons lag
ar behind security ears.
Despite high adoption rates and strong business
benets, concern over security remains theleading actor holding organizations back
rom exploring the ull potential o Web 2.0
applications. The cost and risk o security
incidents are very high. A large proportion o
security ears are related to employee use o social
media, both or work and personal purposes.
Web 2.0: A Complex Balancing Act
Six out o 10 organizations
experienced some sort o security
incident the previous year because o
Web 2.0 technologies virus
and malware inections were the
most common.
Web 2.0: A Complex Balancin
cAee CTO and vice president, Raj Samani, believes that more
mpanies should be concerned about security. He explains that
e security landscape has changed. Whereas 10 to 15 years
o data inltration was the biggest concern, these days data
ltration, good data going out, is the primary challenge. In an
onomy where inormation is the lieblood o an organization,
eserving the condentiality, integrity and availability o
ormation is vital. Virus and malware protection is still important,
t data loss prevention is ast becoming an indispensable
mponent o an organizations technology protection.
What accounts or Brazils high Web 2.0
adoption rate? Brazilian IT consultant an
ICANN member, Vanda Scartezini, explai
that Brazilians tend to love novelty and a
quick to adopt new technologies. At the
same time, Brazil is seeing huge inecti
problems originating rom social media
Scartezini recommends that organization
use more than one security sotware
applications to protect assets.
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
6/15
Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancin
Employee Use o Web 2.0
While organizations see revenue potential and business value in Web 2.0
technologies, decision makers continue to debate whether or not to allow
employee usage o Web 2.0 in the workplace either in the oce or on the road.
Some organizations emphasize education,
guidelines and usage policies that provide
parameters or appropriate and allowable use o
Web 2.0 technologies or work. In other cases,
organizations are responding to rising employee
and customer demand or making Web 2.0
technologies available, and are less concerned
about employee productivity or security threats.
But many organizational leaders are highly
concerned with potential threats rom Web 2.0
technologies. They worry about security, data
integrity, employee productivity, along with thereputational, nancial, legal and technological
consequences that can occur as a result o
Web 2.0 usage.
In spite o these concerns, 29 percent o
organizations do not have policies regarding
employee usage o Web 2.0 in the oce, and
ewer still have policies in private sector and
small organizations. Seventy-ve percent o
organizations without policies indicate they trust
their employees to use tools appropriately, or do
not consider social media a threat.
Perceptions o Web 2.0 Utility or Employee Use
WEB 2.0 TOOLRATED USEFUL BYORGANIZATIONS
PROVIDED BYORGANIZATIONS
WEBMAIL 48% 90%
COLLABORATIVE PLATFORMS 42% 82%
CONTENT SHARING APPLICATIONS 40% 86%
STREAMING MEDIA SITES 28% 82%
SOCIAL NETWORK SITES 25% 77%
Many organizations that do not restrict employee
usage report positive results rom social media
tools including enhanced communication
and increased employee productivity. Most
organizations rated webmail and collaborative
platorms as the most useul applications. Only
a quarter o organizations rated social network
sites and streaming media sites such as YouTube
as useul.
While Web 2.0 tools were most likely to be
considered useul or improving communication,
survey respondents also reported other benets:
enhanced customer service, increased productivity,
as well as marketing and branding. For example,
hal o respondents reported that use o
collaborative platorms improves productivity.
Forty-two percent o respondents said social
network sites enhance customer service.
Organizational leaders diered, however, on
whether they elt Web 2.0 increased employee
productivity. Only 40 percent o organizations
agreed that Web 2.0 tools enhance productivity.
However, organizations are more likely to
indicate that collaborative platorm and
content sharing applications are more useul
or productivity than streaming media and
social networking tools. The social nature o
these tools may actor into the reluctance o
organizational leaders to embrace adoption, as
well as their relative novelty in the organization.
Analyst and business strategist, Stowe Boyd,
discusses the historical resistance to emerging
technologies in organizations. When American
businesses ater WWII started to think about rolling
out telephones on everyones desks, the biggest
objection that was raised by the senior managers,
who already had telephones, was that everyone
was going to use these phones or personal use.
They were going to call mom; they were going to
gossip. They werent going to use them primarily to
do business. But [most o the] time, business people
use telephones to conduct business because its an
ecient, and direct and obvious way to do it. The
exact same thing happened with e-mail, the exact
same thing happened with instant messaging, and
now with social media, especially the stu that has
social networks in it, they are saying exactly the
same stu. Weve got to manage this because
theyre going to be sitting there talking about
antasy ootball.
GE has used internal Web 2.0 collaboration tools or many
years now. As a large multinational corporation with a
workorce scattered all around the world, GE needed onlin
collaboration and social tools. By now, people have gotte
so used to them that theyve come to depend on them, sa
GE systems engineer Anthony Maiello. GE i s going beyond
your out-o-the box internal social networking solution:
Those are great or communication, but they do not meet
our specialized design needs, explains Maiello. GE i s build
sophisticated collaboration tools that enable engineers
to collaborate remotely and create complex technical
designs. Because new products are being created on this
platorm, security is a paramount concern. We do not wan
external parties attacking our network and getting to this
inormation, says Maiello.
venty-ve percent o
ganizations without
olicies indicate theyust their employees to
e tools appropriately,
do not consider social
edia a threat.
Only 40 percent o
organizations agreed
that Web 2.0 tools
enhance productivity.
Mobile social media access can be lie saving during larg
scale natural disaster emergencies, and played a major r
relie and recovery eorts during the 2010 Haiti earthqu
Twitter and Facebook were critical to communicating
inormation about relie eorts. Shortly ollowing the
earthquake, the U.S. State Department began posting assistan
inormation on its Facebook page.
Agencies, such as the American Red Cross, and citizens used Tw
to provide minute-by-minute status changes on the ground, a
to mediate communication with those outside the disaster zo
to assist in relie eorts. Volunteers used mobile GPS and cam
enabled phones to gather photographic and geographic data
about roads, buildings and people. The inormation was post
collective Google Maps mashup that allowed emergency pers
to locate open roads or relie transportation, and identiy la
seen locations o individuals seeking amily. Building a social
ollowing during quiet times ensures your message gets acros
quickly and credibly during a crisis, even i conventional lines o
communication are down.
http://cw.com/articles/2010/01/14/social-media-haiti-earthqua
relie.aspx
http://www.readwriteweb.com/archives/social_media_red_cro
foods.php
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
7/15
Web 2.0: A Complex Balancing Act
Large(>1000)
Medium(100-1000)
Small(
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
8/15
Web 2.0: A Complex Balancing Act
Top Perceived Security Threat rom EmployeeWeb 2.0 Usage
TOP PERCEIVED SECURITY THREAT FROMEMPLOYEE WEB 2.0 USAGE
MALWARE INTRODUCTION 35%
VIRUS INTRODUCTION 15%
INFORMATION OVEREXPOSURE 11%
SPYWARE INCREASE 10%
SPAM VOLUME INCREASE 6%
EXPOSED ENTRY POINTS 6%
DATA LEAKS 7%
BOTNET INTRODUCTION 5%
SPAM USE INCREASE 4%
The primary concern that organizations have
about employee usage o Web 2.0 technologies
is security. This concern is a specic obstacle
to adoption and integration o social media i n
organizations. The top our perceived threats
rom employee use o Web 2.0 are malicious
sotware (35 percent), viruses (15 percent),
overexposure o inormation (11 percent) and
spyware (10 percent).
Some security concerns are specic to
Web 2.0 tools used by employees. For example,
technologies that are perceived to acilitate work
productivity, such as webmail, collaborative
platorms and content sharing applications, are
less likely to raise concern than the mainstream
social media tools such as Facebook, LinkedIn,
YouTube and Twitter, which are not allowed by
40 to 50 percent o organizations. There are
regional dierences, as well, in which tools are
considered useul or employees. Organizations
in Brazil and Singapore, where overall adoption
is high, are much more likely to rate webmail
useul than organizations in the United
Kingdom. However, the United Kingdom reports
higher adoption o collaborative platorms and
content sharing tools. Adoption o streaming
media and social network sites is airly consistent
across all countries.
Industry analyst Charlene Li notes thatdierences in social media usage by country
are less about cultural dierences than
about dierences in access and social media
penetration rates. Li says that because o high
penetration rates, South Korea and Brazil
are more likely to be producing content, while
other countries like the U.S. lean more towards
content sharing.
Web 2.0 Applications Adoption by Country
60%
40%
20%
50%
30%
10%
70%
80%
Sweden
Germany
Poland
Benelux
UAE
Japan
Mexico
Canada
Australia U
K
USA
India
France
Italy
SNG
Spain
Brazil
il
i
ll i l
i i
i l i
I its popular, its going to be popular with
the bad guys, not just the good guys.
lE
i li
I
i
F
I
l i il
Webmail
Content sharing
Collaborative platforms
Streaming media
Social network sites
Social network sites are
perceived as the riskiest o
all Web 2.0 tools rom a
security standpoint.
Facebook is banned by nearly
hal o the organizations,
especially mid to
large-sized ones.
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
9/15
Social network sites are more likely to be linked
to security issues than other technologies. Among
respondents who have experienced security
incidences in their organizations, hal suspected
social network sites as the cause, and 44 percent
suspected webmail. In contrast, only 20 to 25
percent o organizations suggested content sharing
and collaborative platorm tools as the cause o
security incidents.
These statistics suggest that many organizations
perceive employee usage o Web 2.0 to be non-
productive and potentially detrimental to business
goals. Facebook is banned by nearly hal o the
organizations, especially mid to large-sized ones.
In certain European countries like Benelux, Italy and
Spain, more than 60 percent o organizations restrict
usage. In contrast, only a third o organizations in
Japan, Germany and Brazil restrict Facebook.
Security experts explain that negative media
coverage o Facebook over unilateral privacy
changes might account or some o this concern.
Also, the more users a tool has, the more likely
it is to be a target. I its popular, its going to
be popular with the bad guys, not just the good
guys, said an IT security proessional rom a major
global nonprot.
One in our
respondents did
not have concer
about employee
using social med
inappropriately.
Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancin
In some cases, organizations are concerned about
situations that might give rise to employees
inappropriately using social media. Close to hal
o the leaders surveyed elt that employees are
most prone to using social media i nappropriately
by accident, perhaps due to lack o awareness,
or when they are dissatised with compensation
or management. Concerns about inappropriate
usage caused by managerial disputes are higher
in Spain, Brazil, Mexico and India, while pay
disputes cause more concern to organizations
in the United Kingdom and Australia. Concerns
about accidental misuse are highest in the United
Kingdom and Canada.
In contrast, one in our respondents did not
have concerns about employees using social
media inappropriately. Respondents rom small
organizations and rom Sweden, Germany, Japan
and the United Arab Emirates were the least likely
to be concerned that employees would use social
media inappropriately, where approximately 40
percent o leaders were unconcerned.
ose to hal o the leaders surveyed elt that
mployees are most prone to using social media
appropriately by accident, perhaps due to lack
awareness, or when they are dissatised with
ompensation or management.
There are both real and perceived consequences o
inappropriate Web 2.0 and social media use:
The nancial consequence or security incidents
(including downtime, inormation and revenue
loss) is an estimated average o $2 million or
all Web 2.0 technologies.
Sixty percent o companies report that the
most signicant potential consequences rom
inappropriate social media usage are loss o
reputation, brand, or client condence.
One in three organizations reported unplanned
investments related to work-arounds
necessary or implementing social media in
their organization.
Fourteen percent o organizations report
litigation or legal threats caused by employees
disclosing condential or sensitive inormation,
with more than 61 percent o those threats
caused by social media disclosures.
Organizational leaders are acing real
consequences when adopting Web 2.0
technologies, but they recognize a growingdemand or employee usage. They continue to
seek the right balance to ensure technological
security while embracing and integrating the
opportunities presented by Web 2.0 technologies.
Legal risks are a major concern o
highly regulated industries such as
healthcare or fnancial services. One
hospital system, however, ound a w
use social media successully while sta
within the limits o the Health Insurance
Portability and Accountability Act (HIPAA
Scott & White Healthcare is one o the la
healthcare systems in the United States,
operating 10 hospitals in the Texas area
& White uses Facebook, YouTube, Twitte
blogs to communicate with the public. O
Nov. 5, 2009, a soldier opened fre at the
Hood military base in Texas, killing 13 pe
and wounding dozens o others (CNN, 2
Scott & White Memorial Hospital in Tem
Texas, was the closest Level 1 trauma cen
and received the highest number o For
Hood casualties. Steve Widmann, directo
web services at Scott & White, used Twitt
blog and YouTube to issue continuous u
throughout the day about access to the
hospitals emergency room, hospital ope
status and to keep the media and public
inormed. Both the local media and the showed support and gratitude or being
up-to-date on developments.
http://www.cnn.com/2009/CRIME/11/12
hood.investigation/index.html
http://www.orimmediaterelease.biz/in
php?/weblog/comments/the_hobson_h
report_-_podcast_503_november_23_20
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
10/15
Web 2.0: A Complex Balancing Act Web 2.0: A Complex Balancin
40%
20%
0%
50%
30%
10%
UK
Brazil
India
M
exico
Spain
P
oland
Be
nelux
Au
stralia
Japan
USA
Sing
apore
Canada
Italy
France
UAE
Sw
eden
Germany
60%
Organizations without social media policies
Balancing Act
Globally, leaders o organizations agree that security concerns and issues
with employee use o social media are the two major barriers or successul
implementation o Web 2.0 in their organizations. In order to maximize the
benets rom Web 2.0, organizations need to take measures to mitigate
these risks.
Shel Holtz, consultant and writer, summarizes the
balance or which organizations should strive:
Between shutting everybody o altogether
and opening everything up to every risk possible
theres a lot o room in between those two
extremes to nd a balance. The balance is a
combination o technical solutions and training and
education. Ultimately, i you arm your employees
with the knowledge they need to protect the
organizations assets and engage eectively when
theyre talking about work and connecting rom
work, youre likely to experience very ew o these
issues. Organizations do risk benet analyses
every single day in other dimensions o business
and decide that the benet o doing something
is worth the risk. I dont see why Web 2.0 should
be any dierent. I we can, or example, reduce
our customer service costs by 10 million dollars a
year, by having our employees engaging through
these social channels, and we calculate the risk at
being one million dollars, thats a nine million dollar
addition to your bottom line. And I dont know
an organization that wouldnt be willing to risk a
million dollars to make nine.
A third o organizations have no
social media policies in place, and
close to hal do not have policies or
social media use on mobile devices.
We vehemently encourage ev
one o our clients to have a so
media policy beore anybody
engages in social media.
Matthew Gain, Head o DigitalCommunications, Edelman Australia
Our research indicates that risk mitigation
measures most commonly include social
policy combined with protection through
technology. Seventy-one percent o orga
have a workplace social media policy in p
Both security experts and industry analyst
agree that social media policies are very
important, although some argue that exi
policies can extend to emerging contexts
channels o communication. However, a
o organizations have no social media po
in place, and close to hal do not have po
or social media use on mobile devices. B
Holtz and Pamela Warren, McAee cybercstrategist, argue that social media policies
are not sucient and must be supplemen
employee education and training.
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
11/15
Implemented Security Measures Post-Web 2.0
USAGE
INCREASED FIREWALL PROTECTION 79%
INTRODUCED GREATER LEVELS OF WEB FILTERING 58%
GREATER WEB GATEWAY PROTECTION 53%
APPLIED SITE VERIFICATION/AUTHENTICATION 31%
INTRODUCED ELECTRONIC POLICIES 27%
Many organizations choose to restrict social media
use or some employees, and give unlimited access
to their marketing or public relations departments.
For hal o the organizations surveyed, social
media policies varied by department, but an equal
number applied the same policy to all employees.
Private sector organizations, which have greater
marketing needs, are more likely to vary social
media policies across departments. Respondents
seem to be sensitive to the ast-changing Web 2.0
landscape, and almost hal o them anticipatemodiying their social media policies within a year.
Industry experts agree that in addition to policy,
organizations need one or more levels o
technology to protect the organization and its
assets. The organizations we surveyed reported
using several types o technology solutions to
enorce social media policies. O the nearly three
quarters that reported using technology solutions,
our out o ve use web ltering and rewall
technology. Two thirds reported using endpoint
security such as antivirus sotware, and 41 percent
said they protect against data leakage.
Seventy-one percent o
organizations have a workplace
social media policy in place.
Policy Enorcement Technology
USAGE
WEB FILTERING TECHNOLOGY 83%
APPLICATIONS FIREWALL TECHNOLOGY 78%
ENDPOINT SECURITY (E.G. ANTIVIRUS) 63%
DATA LEAKAGE PROTECTION 41%
Industry experts caution that social media policies
should be enabling, not restrictive or punitive.
Most social media policies I see are bad to begin
with, says Dion Hinchclie. They are pages upon
pages o though shalt not, and by the time youre
done reading, you dont know what you CAN talk
about. A good policy is short and to the point
Stowe Boyds avorite is Microsots Blog smart.
Hinchclie recommends including examples in
social media policies, so that employees are exposed
to a range o possible situations.
Web 2.0: A Complex Balancin
We asked organizations that do not have a social
media policy in place the reasons why. Trust in
employees and an unperceived threat were equally
important reasons, each mentioned by more than
a third o respondents. Several countries have
high trust in employees. About 50 percent o
respondents rom Singapore, Poland and India
reported trusting employees to know what is in
the companys best interest. Threat perception
related to social media also varies signicantly
across countries. Seventy percent o respondents
in the United Arab Emirates, and about hal o
respondents rom Mexico, Brazil and Sweden do
not perceive any threats. However, the reported
costs o recent security incidents in Mexico and
Brazil suggest that social media is more o a threat
than perceived by this group o respondents. Only
7 percent o organizations without social media
policies reported intending to introduce them in
the near uture.
For the more than two thirds o surveyed
organizations with social media policies in place,
coverage typically includes employee liability in the
case o inappropriate use, along with guidelines
or approved social media sites.
Social Media Policy Coverage
TERMS OF POLICY COVERAGE
EMPLOYEE LIABILITIES IF INAPPROPRIATE USE OCCURS 54%
GUIDELINES ON COMPANY-APPROVED SOCIAL MEDIA SITES 45%
GUIDELINES ON SECURITY ISSUES OF SOCIAL MEDIA 39%
GUIDELINES ON COMMERCIAL DANGERS OF SOCIAL MEDIA 38%
COMPANY LIABILITIES IF INAPPROPRIATE USE OCCURS 37%
GUIDELINES ON REPRESENTING THE COMPANY USING SOCIAL MEDIA 30%
ONLY CIO-AUTHORIZED STAFF USAGE ALLOWED 26%
Web 2.0: A Complex Balancing Act
More than hal o surveyed organizations have
increased security measures since allowing access
to Web 2.0 applications. These results suggest
emerging trends in security measures that provide
enhanced protection or Web 2.0 challenges.
Increased rewall protection was the most
commonly reported measure, but, organizations
use a combination o technologies.
Web 2.0 applications are deployed in the
cloud and accessed with desktop, laptop, and
mobile devices over both wired and wireless
inrastructures. This represents a challenge or
security practices that have ocused on endpoint
and network-level inrastructure controls. Trends
indicate a growing interest and implementation
o web ltering and web gateway solutions i n the
organizations we surveyed, and roughly
55 percent o the organizations have adopted one
or both o these measures since allowing access
or employees.
Eugene Spaord, Executive Director o CERIAS,
cautions that because the Web 2.0 technology in
use is evolving quickly. It is oten deployed without
sucient thought as to how it may be abused,
alone or in combination with other deployed
technologies. There is great incentive or the bad
guys to develop attacks, and they do, oten with
great creativity and speed.
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
12/15
Because Web 2.0 applications are particularly
vulnerable to exploitation, industry and security
experts recommend proactive countermeasures and
multi-layered security solutions that include:
Application control: Granular application control,
based upon the business and regulatory requirements
o the organization, gives organizations the ability to
create access policies specic to user identities, and to
reduce risks or some employees without restricting
participation or others.
Next-generation frewalls: Many rewalls today
dont provide eective protection or Web 2.0
technologies. Organizations should consider next-
generation rewalls that provide more sophisticated
discovery, control, and visualization o applications,
along with predictive threat protection or network
inrastructures.
Endpoint protection: The shared and highly
participatory nature o Web 2.0 requires that
businesses protect their endpoints against multiple
threats, including spam, viruses, malicious sotware,
spyware, rootkits, and hacker attacks. Endpointprotection remains a critical piece o inormation
assurance and security in organizations.
Data loss protection: Data exltration is a
continuing challenge o organizations participating
in the Web 2.0 environment. Protecting the
integrity and condentiality o organizational
inormation rom thet and inadvertent loss is a key
issue today. Data loss protection guards private,
sensitive, and condential inormation and data
rom accidental or malicious loss.
Encryption: Important data at rest should be
encrypted, as should communication channels,
with keying material kept separate rom the
encrypted material. Compromise or loss o
endpoints should not automatically give access to
sensitive inormation.
Authentication : Strong, non-password based
authentication should be deployed and used or
access to sensitive inormation and resources.
Web2.0 applications usually employ weak
authentication, and are targets or a chain o
penetration and social engineering attacks that
can compromise valuable resources. Requiring
appropriate token-based or biometric authentication
at key points can help to prevent incidents.
Integrity Monitoring and Whitelisting: Many
current attacks against Web2.0-enabled hosts
involve the installation or modication o code to
enable access, or to install malware. Traditional
anti-malware technologies are not sucient to
prevent these threats, so additional methods
that use conguration integrity monitoring or
application whitelisting should be considered.Solutions that monitor and control patching and
upgrades should also be considered.
Gateway Anti-malware: Proactive scanning
o code in web pages or malicious intent. By
analyzing the code at the web gatewaya
gateway located physically in the enterprise or
in the cloud as a hosted service, malware can
be detected and blocked beore it reaches the
endpoint or other network assets.
Web 2.0: A Complex Balancing Act
Eugene Spaord notes the importance o
understanding the continuing evolution o the
technology, alongside the new norm o heterogeneity
and specicity in organizational contexts:
The key to eective use o new technologies is to
apply them in the correct contexts. For instance,
applying social media to marketing and sales
may result in increased connectivity with clients
and business partners. However, applying those
same applications in sensitive nancial services
and proprietary R&D has the potential to lead
to signicant losses. Organizations that are still
in single network everywhere, same sotware
everywhere mode will have the most diculty
adjusting to this new paradigm, and to those that
ollow. Many decision-makers believe that having
a homogeneous and uniorm environment is
less expensive to procure, maintain, and provide
employee education. However, there is a longer-
term cost in exposure and vulnerability that is
now coming into clearer ocus; heterogeneity and
specicity allow more tailored protections and
uses. Understanding dierences in application,
technology, policy and users is perhaps the most
important actor in success and saety in Web 2.0
environments and beyond.
The power o Web 2.0 technologies as methods
o communication, connection, sharing and
participation, is seductive, causing some people
(and organizations) to adopt tools without
considering the potential consequences. This
report shows both the widespread interest and
some o the widespread concern about Web 2.0
technologies. Both are warranted, as increased
sharing not only has the potential to augment
business and personal relationships, but also to
enable new methods o raud and attack.
While industry experts recommend both policy and
technology solutions, as many as 60 percent o
organizations do not budget or Web 2.0-specic
security solutions, and some have incurred high,
unanticipated losses. Organizations in India
and Brazil, which have seen high l osses rom
security incidents, are most likely to budget or
Web 2.0-specic security solutions. Three quarters
o Indian organizations and more than hal o
Brazilian organizations do so.
Experts agree that the benets o using Web 2.0
exceed the risks. The benets are there and
theyre real. There is a strong desire by those
who are worried about security to avoid risk.
There might be areas where that is a rational
way to do it, but you cannot NOT communicate
rom these platorms today. I you dont, youare at a serious disadvantage no matter what
kind o organization you are. You have to strike
that balance or your organization, explains
Commander Scott McIlnay, Director o Emerging
Media Integration or the U.S. Navy.
Even in organizations or which security is a
topmost concern the U.S. Department o
Deense, the U.S. Navy and national intelligence
agencies the benets outweigh the risks, and
these organizations have embraced social media at
several levels.
You can allow employee use o Web 2.0 and
absolutely embrace Web 2.0 or your corporate
and government goals. But contemplate user
behavior and control what goes in and out o
your network, and that can be done through both
administrative and technical controls, advises
McAee cybercrime strategist, Pamela Warren.
Both IT security experts and industry analysts
emphasize the importance o weaving complex
security solutions that i nclude policy, technology
and education help employees to make good
decisions. Echoing cybercrime strategist Warrens
comments, industry analyst Dion Hinchclie
believes writing a social media policy is not
enough. Just as employees went through digital
literacy training when they rst l earned how
to use email and computerized productivity
tools, they now need education about Web 2.0.
Throwing things out to workers and not
explaining the implications, not explaining how to
use them properly, is, o course, a ri sk. Education
is hal o the challenge o ensuring that things we
dont want to have happen wont happen.
Web 2.0: A Complex Balancin
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
13/15
Web 2.0: A Complex Balancin
As we enter the second decade o the 21st century, the landscape o
communication, inormation and organizational technologies continues
to refect emerging technological capabilities as well as changing user
demands and needs. Web 2.0 is a convenient term used to describe the
social technologies o the 21st century that infuence the way we interact.
But technological development moves along a continuum, and human
creativity and advancements in technology will continue to push the
boundaries o how we communicate, share, and interact as implied
by the word Web itsel. Cloud computing, immersive reality, geotagging
and location-aware computing, ad hoc networking, agent/avatar-based
computing, multicore chips, quantum computing, and more are all in
research labs or being deployed by early adopters.
These advancements will continue to bring new opportunities and threats,
thus requiring agility and continued evolution o resources. Successul
organizations will be those that determine where and how to embrace
these emergent tools to add new value and agility to their organizations.
Success will require careul, on-going eorts to saeguard assets, including
inrastructure, data, and employees, along with measured and educated
adoption o new cyber technologies.
Conclusion
Overall, research suggests that successul organizational use o Web 2.0 is a
complex balancing act that requires analyzing challenges and opportunities,
mitigating risks, and combining policy, employee education and technology
solutions to ensure security.
While the next generation security solutions
will be specifc to the organizations mission,
industry, size, and locale, there are general
best practices that we recommend or all
organizations that adopt Web 2.0 solutions:
Policy: Web 2.0 environments have created new
organizational contexts that challenge traditional
norms o proessional behavior. Clear social media
policies enable employees to make good decisions
about their behaviors in these new contexts,
and provide examples and guidelines regarding
potential threats.
Technology: Web 2.0 applications andtechnologies require multi-layered security
solutions that provide protection against data
loss, endpoint security, application control, and
inrastructure rewalls.
Education: As new threats and problems emerge
it is vital that all users in the organization are
made aware o how to protect resources. Social
media require a new level o digital literacy,
and organizations need to educate employees
about the risks and benets o accessing and
participating in these contexts.
Practices: Organizations must acknowledge the
21st century work practices o employees that
are global, mobile, and constantly connected.
Policies and technology solutions must be device-
independent, whether access comes rom the
desktop, laptop, handheld, or even wearable
or embedded devices, and must be location-independent as well. Organizational practices
must protect employees and institutional data no
matter what they use, and where they are.
Adaptability: Web 2.0 and social media
technologies are notable or their rapid change
and evolution. Organizations must be alert to new
risks, but also adaptable to changes, and open to
seeing opportunities or new value that can be
embraced or organizational success.
Web 2.0: A Complex Balancing Act
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
14/15
Recruitment and Sampling
Participants were recruited rom multiple sources,including a panel o senior IT decision makers orthe UK, an online global B2B sample partner, GlobalMarket Insite and Survey Sampling International. Therecruitment sample was pre-screened using criteriaestablished to represent decision-makers, and screenedat a second level with initial questions in the survey,to ensure respondents met the criteria or appropriatelevels o authority in their organization. Sampling wasbalanced across organizational size, sector and country.Sixty respondents were sampled rom each o 17
countries. Respondents were also sampled rom threeorganizational sizes to achieve a balanced response romsmall (< 100 PC users), medium (100-1000 PC users) andlarge (> 1000 PC users) organizations. There was a 19percent total response rate or the survey, varying rom 8to 42 percent by country.
Interviews
All interviews were conducted in accordance withPurdue Universitys Institutional Review Board rulesor the protection o human subjects. Interviews wereconducted with the consent and knowledge o theparticipants, who gave permission to be identiedand quoted in this report. For quotes and case studiesavailable in the public domain, see citation notes ororiginal source.
Respondent Profle
A total o 1055 organizational leaders and decisionmakers rom 17 countries around the globe respondedto our survey about current practices and attitudesabout Web 2.0 technologies in their organizations.Predominantly CIOs (79 percent) and CEOs (21 percent),the respondents were decision-makers at executive(38 percent), global (15 percent) and national (13percent) levels in their organizations. Providing a globalview, leaders rom organizations in 17 countries weresurveyed, including respondents rom North America(United States, Canada, Mexico), Europe (United
Kingdom, Sweden, France, Germany, Benelux, Italy,Spain, Poland), South America (Brazil), Asia (Japan, India,Singapore), Australia and the Middle East (United ArabEmirates). Respondents represented both private sector(63 percent) and public sector (37 percent) organizations,and were drawn equally rom small (
-
8/8/2019 Web 2.0: A Complex Balancing Act The First Global Study on Web 2.0 Usage, Risks and Best Practices
15/15
The inormation in this document is provided only or educational purposes and or the convenience o McAee customers.
The inormation contained herein is subject to change without notice, and is provided AS IS without guarantee or warranty as to
the accuracy or applicability o the inormation to any speciic situation or circumstance. McAee and the McAee logo are registered
trademarks or trademarks o McAee, Inc. or its subsidiaries in the United States and other countries. Other names and brand may be
claimed as the property o others. 2010 McAee, Inc.
About McAee, Inc.
McAee, Inc., headquartered in Santa Clara,
Caliornia, is the worlds largest dedicated security
technology company. McAee delivers proactive
and proven solutions and services that help securesystems, networks, and mobile devices around
the world, allowing users to saely connect to the
Internet, browse and shop the Web more securely.
Backed by unrivaled Global Threat Intelligence,
McAee creates innovative products that
empower home users, businesses, the public
sector and service providers by enabling them to
prove compliance with regulations, protect data,
prevent disruptions, identiy vulnerabilities, and
continuously monitor and improve their security.
McAee secures your digital world.
For more inormation, visit:http://www.mcaee.com
McAee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
888 847 8766
www.mcaee.com 12001rpt_web2.0-global_0910