IT Pros Are Overconfident in Their Web Security, Survey Says
Web 2.0 technologies are changing the security game for businesses, and IT providers are struggling to balance access with protection. Here’s what you should look for. †
By Cecilia Galvinalvin
IT professionals around the globe are struggling to strike a balance between taking advantage of the benefits of Web 2.0 technology while mitigating its security risks. That’s one of the findings of Web2.0@Work, a new study by research firm Dynamic Markets of 1,300 IT managers in 10 countries with 250 or more PC users in their organizations. The study, commissioned by security vendor Websense Inc. but not identified to participants, also notes that businesses today can’t simply block access to Web 2.0–employees expect access and some even use it as their preferred method of communication.
Though many Web 2.0 services were designed for consumers rather than business users, organizations across all industries are already using them to increase collaboration and information exchange, streamline processes, engage key stakeholders, and generate revenue. So it’s not surprising that 95 percent of survey respondents allow access to some Web 2.0 sites and applications–notably Webmail, mashups, and wikis. Further, 62 percent of IT managers recognize that Web 2.0 is necessary for their businesses. What is somewhat surprising, though, is that pressure for more Web 2.0 access is coming from C-level executives: 30 percent of respondents reported getting pressure from such executives as well as from director-level staff.
But what about security? Unfortunately, IT professionals are overconfident in their Web security, despite the fact that the survey says they shouldn’t be:
- 68 percent do not have real-time analysis of Web content
- 59 percent cannot prevent URL redirects
- 53 percent do not have security solutions that stop spyware from sending information to bots
- 52 percent do not have solutions to detect embedded malicious code on trusted Web sites
- 45 percent do not have data loss prevention technology to stop confidential information from being uploaded to sites like blogs and wikis, hosted on unauthorized cloud computing sites, or leaked as a result of spyware and phishing attacks
In fact, only 9 percent of IT managers report having security solutions in place to cover all of these threats, and understandably so: Only 17 percent correctly identified all the items in the survey that can be considered Web 2.0. Those most overlooked were video uploading sites such as YouTube, hosted software/cloud computing sites such as Google Docs, and wikis.
To help get IT providers up to speed, Websense is offering the complete survey results, a free analyst report, and a June 10 Webcast on Web 2.0 best practices at www.websense.com/content/web20-at-work.aspx. Another resource is the Web2.0@Work – Powered by Websense page on Facebook, which enables employees, employers, and IT pros to discuss the benefits and risks associated with Web 2.0, share stories of their organization’s successful use of Web 2.0, and read more research on the topic.