Monday, October 27, 2008

Data Leaks & Malware Incidents Rise as Employees Embrace Web 2.0 & Collaborative Internet Applications in the Workplace

For large enterprises, the costs associated with malware now amount to an average of more than $125,000 per month. The costs of repairing malware attacks and corporate data leaks have risen along with employee usage of Web 2.0, and social media at work. These are some of the key findings in the 4th annual independent study commissioned by FaceTime Communications, the leading provider of solutions that control employee use of Internet applications and manage unified communications in the enterprise. The report also confirmed that the use of these applications is widespread with more than 60 percent of all companies surveyed having eight or more of these application in use on their networks.

The research was conducted to determine the impact that collaborative Internet applications have on companies and organizations. Conducted by NewDiligence in September 2008, the survey of more than 500 employees and IT managers tracks the growth of Web 2.0 and employee-initiated applications that contribute to the consumerization of IT. These applications, which introduce compliance, security and data leakage risks, are in use at 97 percent of all organizations, up from 85 percent in 2007. On average, companies report 9.3 such applications in use by employees on the enterprise network. This year's study delved into the use of social media in the enterprise as well as IT's preparedness for electronic discovery requirements.

While email and Web browsing are typically monitored and controlled by IT (79 percent and 65 percent respectively), the extent of the risk associated with Internet applications may be less understood. Fewer than 40 percent of IT respondents report monitoring and managing applications such as P2P and only 25 percent say they are securing and monitoring Web 2.0 applications.

The survey also revealed that fewer than half of IT managers could actively monitor and reproduce specific applications such as instant messaging (IM) communications if asked by corporate attorneys in the event of a lawsuit. In fact, 38 percent of IT managers said they have no such capabilities and only 13 percent said they could do it - but not in any practical time frame. In 2006, the definition of what is considered electronically stored information (ESI), as defined by the Federal Rules for Civil Procedure, expanded to include IM, and other types of electronic communication. In the event of litigation, all ESI – not just email – must be produced as part of the e-Discovery process. Yet, only 31 percent archive IM communications.

More key findings:

--79% of employees use social media (Facebook, LinkedIn, YouTube) at work for business reasons and 51% access social media sites at least once per day.

--IT managers reported an average of 34 security and data leakage incidents per month.

--73% of IT managers report at least one security incident as a result of Internet application usage; viruses, Trojans and worms (59%) are most common, followed by spyware (57%) for a close second.

--37% of companies report an instance of non compliance with corporate or regulatory policy, while 27% report incidents of accidental or unintentional data leakage.

--Despite the new Federal Rules for Civil Procedure, only 31 percent of enterprises store IM communications. One in four has copies of audio conferences (25%), while slightly fewer (20%) archive corporate Web conferences.

Unified Communications

Unified communications suites, such as Microsoft Office Communications Server and IBM Lotus Sametime, are becoming integral to the way employees work today. However, IT managers are finding that their UC rollouts don't significantly reduce employee use of consumer-oriented Web 2.0 applications and public instant messaging networks. Security and compliance controls must extend across all UC modalities in this heterogeneous environment, both enterprise-sanctioned and consumer-oriented.

Unified communications suites, which give enterprises a way to enable employees with multiple communications modalities over an IP infrastructure, exist today at about 29 percent of IT respondent organizations and an additional ten percent have deployed pilots to a limited number of users. Security, compliance and management issues are top of mind among IT managers in organizations with UC deployed.

More information on the service and support industry can be found at www.supportindustry.com

No comments: