State of Web 2.0 use, policies and security worldwide

Websense revealed the findings from a global survey of 1,300 information technology managers across ten countries, asking about their perceptions of Web 2.0 in the workplace, testing their understanding of Web 2.0 technologies and assessing their organizations’ level of security preparedness.

Web 2.0 sites and applications allow user-generated content and comprise the majority of the top 100 most visited sites on the Internet, including search engines like Google and Yahoo!, resources like Wikipedia and news sites like CNN. Key findings from the Web2.0@Work survey include:

Web 2.0 in business is here to stay

Web 2.0 has made an impact in the workplace and will continue to change the way organizations conduct business as more Web 2.0 applications make their way into the corporate environment. Though many Web 2.0 services were designed for consumer use rather than business use, organizations across all industries are already using them to increase collaboration and information exchange, streamline processes, engage key stakeholders and generate revenue. Specifically:

• 95 percent of respondents currently allow employee access to some Web 2.0 sites and applications – most commonly webmail, mashups and wikis
• 62 percent of IT managers believe that Web 2.0 is necessary to their business.

IT experiences pressure from all sides

Employees are clamoring for even more use of Web 2.0 in the workplace, leaving IT departments to find the right balance between preventing security risks while still allowing safe and flexible access. The pressure for more Web 2.0 access is coming not from rogue employees, but rather from lines of business and top-level executives:

• 86 percent of IT managers reported feeling pressured to allow more access to more types of Web 2.0 sites and technologies
• 30 percent of respondents reported pressure coming from C-level executives and director level staff
• 34 percent reported pressure coming from marketing departments
• 32 percent reported pressure coming from sales departments.

IT professionals are overconfident in their security

Though many organizations already allow access to some types of Web 2.0 sites and applications, a dangerous security gap exists. The majority of respondents reported feeling confident in their organization’s Web security, though they admit to not having the necessary security solutions to protect from all threat vectors. Additionally, a surprising number of respondents appear to be confused on what exactly constitutes Web 2.0 – and what they don’t know could put their organizations at risk.

• 80 percent of respondents reported feeling confident in their organization’s Web security, despite the fact that the numbers show they are ill-equipped to protect from Web 2.0 security threats
• There is confusion even among IT professionals about what constitutes Web 2.0: Only 17 percent of respondents correctly identified all the items in the survey that can be considered Web 2.0
• Only half identified wikis, video uploading sites like YouTube and hosted software/cloud computing sites like Google Docs to be Web 2.0
• 47 percent of respondents report that users in their organization try to bypass their Web security policies, demonstrating that new policies are needed to provide the flexibility for employees to access the Web for their jobs while preventing inappropriate use or security threats.

Research from Websense Security Labs shows that 57 percent of data-stealing attacks are conducted over the Web. The nature of Web 2.0 sites, which allow users to create and post their own content, provides an easy vector for cyber criminals to launch their attacks on a large number of users. With more than 90 percent of organizations around the world reportedly lacking the security solutions necessary to prevent dynamic Web threats and data loss across all threat vectors, consumers should be wary of which businesses they trust with their personal data.

Say “yes” to Web 2.0 at work

Findings from the Web2.0@Work survey demonstrate that IT professionals around the globe are struggling to strike a balance between taking advantage of the benefits of Web 2.0 while mitigating the security risks. The reality of the business environment today is that organizations can no longer simply block access to Web 2.0. With members of the “millennial” generation now in the workforce, employees not only expect access to Web 2.0, but some even use it as their preferred method of communication.

Research methodology

Independent research firm Dynamic Markets was commissioned by Websense to conduct 1,300 interviews with IT managers in Australia, Canada, China, France, Germany, Hong Kong, India, Italy, the UK and the US. One hundred interviews were collected in all countries, except the US where 400 were collected. Before and during the interviews, participants were not aware that Websense had commissioned the research. Respondents confirmed that their organizations had 250 or more PC users and also confirmed their level of seniority: 32 percent operate at CIO/director level and 68 percent are at manager level. None of the sample are clerical or admin-level IT staff.