Wednesday, May 27, 2009

New Websense Survey Reveals State of Web 2.0 Use, Policies and Security at Businesses Worldwide

| Brett D. Arion |
Websense Delivers Free Tools to Help IT Professionals Enable Web 2.0 in the Workplace While Mitigating Security Risks

Websense, Inc. (NASDAQ: WBSN) today revealed the findings from a global survey of 1,300 information technology managers across ten countries, asking about their perceptions of Web 2.0 in the workplace, testing their understanding of Web 2.0 technologies and assessing their organizations' level of security preparedness. Web 2.0 sites and applications allow user-generated content and comprise the majority of the top 100 most visited sites on the Internet, including search engines like Google and Yahoo!, resources like Wikipedia and news sites like CNN. Key findings from the Web2.0@Work(TM) survey include:

Web 2.0 in Business is Here to Stay

Web 2.0 has made an impact in the workplace and will continue to change the way organizations conduct business as more Web 2.0 applications make their way into the corporate environment. Though many Web 2.0 services were designed for consumer use rather than business use, organizations across all industries are already using them to increase collaboration and information exchange, streamline processes, engage key stakeholders and generate revenue. Specifically:

-- 95 percent of respondents currently allow employee access to some Web
2.0 sites and applications -- most commonly webmail, mashups and wikis
-- 62 percent of IT managers believe that Web 2.0 is necessary to their
business


IT Experiences Pressure from All Sides

Employees are clamoring for even more use of Web 2.0 in the workplace, leaving IT departments to find the right balance between preventing security risks while still allowing safe and flexible access. The pressure for more Web 2.0 access is coming not from rogue employees, but rather from lines of business and top-level executives:

-- 86 percent of IT managers reported feeling pressured to allow more
access to more types of Web 2.0 sites and technologies
-- 30 percent of respondents reported pressure coming from C-level
executives and director level staff
-- 34 percent reported pressure coming from marketing departments
-- 32 percent reported pressure coming from sales departments


IT Professionals Are Overconfident in Their Security

Though many organizations already allow access to some types of Web 2.0 sites and applications, a dangerous security gap exists. The majority of respondents reported feeling confident in their organization's Web security, though they admit to not having the necessary security solutions to protect from all threat vectors. Additionally, a surprising number of respondents appear to be confused on what exactly constitutes Web 2.0 -- and what they don't know could put their organizations at risk.

-- 80 percent of respondents reported feeling confident in their
organization's Web security, despite the fact that the numbers show
they are ill-equipped to protect from Web 2.0 security threats:
-- 68 percent do not have real-time analysis of Web content
-- 59 percent cannot prevent URL re-directs
-- 53 percent do not have security solutions that stop spyware
from sending information to bots
-- 52 percent do not have solutions to detect embedded malicious
code on trusted Web sites
-- 45 percent do not have data loss prevention technology to stop
company-confidential information from being uploaded to sites
like blogs and wikis, hosted on unauthorized cloud computing
sites, or leaked as a result of spyware and phishing attacks
-- Only 9 percent report having security solutions in place to
cover all threat vectors
-- There is confusion even among IT professionals about what constitutes
Web 2.0: Only 17 percent of respondents correctly identified all the
items in the survey that can be considered Web 2.0
-- Only half identified wikis, video uploading sites like YouTube and
hosted software/cloud computing sites like Google Docs to be Web 2.0
-- 47 percent of respondents report that users in their organization try
to bypass their Web security policies, demonstrating that new policies
are needed to provide the flexibility for employees to access the Web
for their jobs while preventing inappropriate use or security threats.

Research from Websense® Security Labs™ shows that 57 percent of data-stealing attacks are conducted over the Web. The nature of Web 2.0 sites, which allow users to create and post their own content, provides an easy vector for cyber criminals to launch their attacks on a large number of users. With more than 90 percent of organizations around the world reportedly lacking the security solutions necessary to prevent dynamic Web threats and data loss across all threat vectors, consumers should be wary of which businesses they trust with their personal data.

Say "Yes" to Web 2.0 at Work

Findings from the Web2.0@Work survey demonstrate that IT professionals around the globe are struggling to strike a balance between taking advantage of the benefits of Web 2.0 while mitigating the security risks. The reality of the business environment today is that organizations can no longer simply block access to Web 2.0. With members of the "millennial" generation now in the workforce, employees not only expect access to Web 2.0, but some even use it as their preferred method of communication.

"We've heard from many organizations that want guidance on establishing Web 2.0 usage policies and help determining the right Web 2.0 security solutions," said Jim Haskin, senior vice president of marketing and chief information officer, Websense. "For that reason, Websense is introducing free tools and best practice strategies to assist IT professionals in their desire to enable safe Web 2.0 access in the workplace. With our industry-leading secure Web gateway and Web 2.0 early threat detection and protection technology, Websense is uniquely qualified to help businesses say 'Yes' to appropriate use of Web 2.0 at work."

Free tools for Safely Enabling Web 2.0 at Work

Visit www.websense.com/Web2.0atWork to register for a free analyst report and a June 10 webcast on best practices for Web 2.0 at work. The complete 2009 Web2.0@Work survey results are also available on the site. Additionally, Websense has launched the "Web2.0@Work - Powered by Websense" page on Facebook as an interactive community for employees, employers and IT professionals to discuss the benefits and risks associated with Web 2.0, share stories of their organization's successful use of Web 2.0 and to read additional research on the topic.

Research Methodology

Independent research firm Dynamic Markets was commissioned by Websense to conduct 1,300 interviews with IT managers in Australia, Canada, China, France, Germany, Hong Kong, India, Italy, the UK and the US. One hundred interviews were collected in all countries, except the US where 400 were collected. Before and during the interviews, participants were not aware that Websense had commissioned the research. Respondents confirmed that their organizations had 250 or more PC users and also confirmed their level of seniority: 32 percent operate at CIO/director level and 68 percent are at manager level. None of the sample are clerical or admin-level IT staff.

Full details on the survey methodology can be found in the report "Web2.0@Work" on www.websense.com/Web2.0atWork.

About Websense, Inc.

Websense, Inc. (NASDAQ: WBSN), a global leader in integrated Web, data and email security solutions, provides Essential Information Protection™ for more than 44 million product seats under subscription. Distributed through its global network of channel partners, Websense software and hosted security solutions help organizations block malicious code, prevent the loss of confidential information and enforce Internet use and security policies. For more information, visit www.websense.com.

Websense is a registered trademark of Websense, Inc. in the United States and certain international markets. Websense has numerous other registered and unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.

Free Security Magazines