In-Depth

Security: IT Shops Unprepared to Police Social Media in the Enterprise

Few IT organizations are prepared to manage the use of social media in the enterprise. This is particularly true from a security perspective.

Call it a case of cognitive dissonance. On the one hand, IT organizations recognize that social media can be -- and to an extent, already is -- an important tool for business. On the other, few IT organizations say they're prepared to manage the use of social media.

This is particularly true from a security perspective.

That's perhaps the biggest takeaway from the Global Survey on Social Media Risks, a report published last month by security researcher The Ponemon Institute. According to Ponemon, almost two-thirds of respondents (63 percent) believe the use of social media tools by rank-and-file employees poses a security risk. At the same time, under a one-third (29 percent) say they've implemented security controls to safeguard against this risk.

Survey respondents cited a range of hot-button concerns, such as the downloading of unauthorized or unvetted social media apps or widgets and the posting of uncensored content or blog entries to social media Web sites.

"Most respondents agree that the use of social media in the workplace is important to achieving business objectives," the report indicates. "[T]hey also believe these tools put their organizations at risk and they do not have the necessary security controls and enforceable policies to address the risk."

Most shops believe social media can help boost collaboration between and among employees. For similar reasons, an overwhelming majority of organizations (89 percent) worry that social media might also sap workforce productivity. (In this case, they have only themselves to blame: more than half -- 55 percent -- of shops say it's acceptable for employees to use social media to interact with friends or family outside of work.)

Also of note: more than three-quarters (77 percent) say they're concerned that social media could sap bandwidth away from their IT departments.

Most shops have already had to put out social media-related fires. More than half (53 percent) say they've experienced viral or malware attacks as a result of employees using social media, for example.

Just as enterprise social media usage varies wildly from country to country, so, too, do does enterprise social media preparedness. Three-fifths (60 percent) of German respondents say their organizations have a policy in place to address the acceptable use of social media in the enterprise. In the U.S., this number is less than one-third (32 percent).

Germany also leads all other countries in the use of social media as a tool for business, at 66 minutes a day; Ponemon pegs non-business use of social media in Germany at 19 minutes a day. This, too, was the lowest -- and best, from a business perspective -- showing among the 12 sample countries.

In the U.S., business-oriented use of social media averages works out, on average, to about 37 minutes per day, with non-business use accounting for 62 minutes. Non-business use is highest in the UK, at about 69 minutes a day. UK workers use social media for business on average about 30 minutes a day.

Must Read Articles