A spate of recent research has highlighted the business benefits of using Web 2.0 tools and social networking sites, but some experts have cautioned that enterprise IT teams must also be wary of the security risks of using this new technology.

IT services firm Infosys recently undertook a benchmarking exercise to evaluate Web 2.0 initiatives in the enterprise. They were evaluated according to three dimensions ­ content, commerce and collaboration ­ and given a score depending on the success of their implementation of features such as podcasts, tags, mashups, blogs and wikis.

Online retailers scored particularly highly thanks to their use of rich internet applications, store locator mashups, and qualitative as well as quantitative product reviews, according to Infosys’s Jai Ganesh.

“Amazon scored very highly in content, collaboration and commerce, and has a very rich user experience,” he explained. “But one thing we noticed is very few retailers have adopted wikis for their sites ­ maybe because a wiki is more of a knowledge destination than a blog is.”

A new study by Microsoft also shows the increasing popularity of social networking sites, with 33 per cent of workers surveyed saying they use the tools and eight out of 10 of these users saying that they find real business benefits in using them. Benefits cited included giving users greater confidence in using technology, making business contacts and even winning new business, the report found.

Users blind to risks
IT professionals led the way in terms of usage, with over 60 per cent saying they used such tools, although many seem to be unaware of the risks. Around half said they do not monitor employee use of the tools while forty per cent said they do not see any security risks in using them.

But the risks are multifold, according to Stephen Lamb, IT security evangelist at Microsoft UK. They include users visiting web pages embedded with malicious content, potentially exposing their personal information to fraudsters, or posting libellous or inappropriate content that may cause legal problems for their employer.

“The opportunity to harvest personal information has been exacerbated by social networking sites,” Lamb said. “I use it to have a closer relationship with partners, customers and even competitors, but people need to understand that they must be very careful what they put in the public domain.”

IT teams have a responsibility to co-ordinate staff education to ensure risks associated with using social networking sites are minimised, advised Chris Boyd, security research manager of messaging security specialist Facetime Communications.

For example, many users do not know about the privacy or security settings on sites such as Facebook, which could help to protect their online identities better, he explained. “The walled garden that exists in social networking sites gives people a false sense of security ­ they think they’re all hidden away but they’re not,” he said. “But blanket bans are never the answer ­ it’s better to control, lock down and then moderate usage rather than stick your head in the sand.”

From a technology perspective, too, there are potential threats arising from staff visiting social media sites, as increasingly these sites are becoming home to malicious content that could download keylogging software or Trojans onto a user’s PC. To combat these threats, IT teams should ensure enterprise-wide content filtering and scanning software is deployed, Boyd said.

Threats from apps
Many of the applications associated with social media sites also present a potential risk, Boyd added.

“A lot of the applications on social sites such as Facebook and Flickr are made by third parties, so there’s no way to decide which are trustworthy,” he added. “They expect the user to make a leap of faith ­ the emphasis is always on the end user.”

Finally, collaboration between IT and HR teams is important in ensuring the organisation has minimised the risks of its staff using social media sites at work, said Microsoft’s Lamb. The potential for contractual or legal issues to arise from content posted by individuals means firms need to create and communicate clear usage policies, which will require input from both IT and HR.

“It makes sense to get HR involved at this level so they understand what their staff are doing,” Lamb said. “It’s about looking at the risks and identifying the steps that mitigate that risk ­ explaining clearly what you can and can’t do.”

A recent survey by security vendor Clearswift highlighted the need for involvement from HR. It found one in five HR decision makers is unfamiliar with Web 2.0 technologies such as social networking sites, while 65 per cent said they deny employee access to these sites.

Penny Davis, head of HR at T-Mobile, said she was surprised that so many HR professionals were unaware of Web 2.0 technologies, as things such as Facebook groups can be used reach out to new starters in “a creative way that enhances your reputation as an employer”.

Davis added that rather than impose blanket bans on such sites, organisations could either limit usage according to individuals’ roles, or set up cyber cafes where staff can have access during their lunch break.

Despite the increasing popularity of social media and Web 2.0 tools among staff, senior managers are lagging behind, according to consulting firm Parity.

A recent survey produced by the firm found that half of senior managers do not understand the benefits of promoting Web 2.0 in the workplace and a third of IT managers said they lack understanding of this new area of technology.

“There is confusion about what Web 2.0 is among business decision makers and IT,” argued Parity client relationship manager Rob Banathy. “There seems to be a difference between the business drivers used to support the business cases for these solutions and the benefits that are reported when they are implemented.”
Banathy encouraged IT managers to proactively educate business decision makers about how these technologies can support newer, more efficient and productive ways of working.

“They should be looking to hook up with a business sponsor and pitch the technology and get change working,” he added.