Amid social networking security issues, companies block Web 2.0 apps

Many companies have clamped down on social networking in the face of security concerns, a new report reveals. Is this a long-term trend?

Security concerns are persuading more companies to block the use of social networking in the workplace, even though most see the commercial benefits of using tools such as Facebook and Twitter.

Rather than embracing new channels of communication, companies have clamped down and become overtly defensive, which is consequently stifling potential avenues of growth.

Andrew Wyatt, COO, Clearswift

The 2011 WorkLifeWeb research (.pdf) from email security vendor Clearswift reports  there are signs of what it calls “social media growing pains,” with a growing gap in attitudes between managers and front-line staff.

While Clearswift concluded in the report that managers increasingly want to block, or at least monitor, social networking activity, conversely employees want to be trusted to plan their time and technology use at work, and value that trust in a potential employer.

Illustrating that point, according to the report, younger employees especially avoid employers that restrict their use of social networking. “Younger workers and managers are much more likely to both feel the benefits of the social Web and to have high levels of blur between their work and home lives,” the report reads.

The report is based on responses gathered from 1,529 employees and 906 managers in companies in the UK, US, Australia, Germany, Holland and Japan. The online survey was conducted by London-based research firm Loudhouse during June 2011, and follows a similar study in 2010.

Among 87% of all employers surveyed, concerns over social networking security issues and data loss are preventing adoption of Web 2.0 technology to some extent.

But in the UK the figure was even higher, at 91%. Since 2010, the report noted a 20% increase in the number of UK companies blocking access to social media sites because of concerns over security and data loss. However, UK managers still see social media as crucial to business, especially in communicating with customers and the public: 58% cited Web collaboration as a crucial tool, and 31% of companies plan to invest more in social media this year.

According to the report, 77% of UK managers monitor employees’ Internet activity, and 70% block access to certain social networks. However, the report warns that companies using heavy-handed methods to control usage risk alienating or losing workers, especially younger employees. For example, 55% of 18 to 34 year-old employees felt they should be allowed to use social media for personal reasons while at work. Among 18 to 24 year-olds, only 35% said they would stay at a company if they objected to its Web 2.0 policy.

However, managers' fears -- 57% of whom believed employees were oblivious to security concerns -- seem to be well founded: 18% of employees said they did not think about security using the Web and email, and 36% think security is solely the employer’s responsibility.

Andrew Wyatt, chief operating officer for Clearswift, indicated the figures reflect a short-term move against social media rather than a long-term trend. “Rather than embracing new channels of communication, companies have clamped down and become overtly defensive, which is consequently stifling potential avenues of growth,” he said in a written statement. “However, the research also provides evidence that businesses do recognise the importance of new technologies, which leads me to believe this is a knee-jerk reaction rather than a long-term trend.”

The report concluded the goal of employers and managers should be “to move toward a situation of control and empowerment – with minimal, clearly explained and transparently enforced limits – to harness the benefits of Web 2.0 while managing the risks.”

Ash Patel, country manager for UK and Ireland at IPS vendor Stonesoft, agreed. “Social networks are a valuable tool to communicate and market products, but it is important to have a strict policy in place to ensure no confidential company information is put at risk,” he said. “Employers can ensure this by implementing security solutions such as firewall and IPS appliances, and by making sure all traffic entering and exiting the network is closely monitored at all times.”

Read more on Security policy and user awareness