Enterprises are embracing Web 2.0, but they’re keeping the technology close to home for now as security and liability concerns remain.
In an exclusive survey conducted for eWEEK by Ziff Davis Enterprise Research, 282 IT professionals were asked about deployments of and plans for Web 2.0 technologies at their companies.
When respondents were asked which groups Web 2.0 technologies were designed to serve, 82 percent said current employees. In addition, when asked to name the two biggest drivers for Web 2.0 at their companies, 71 percent of respondents said improved communication and collaboration among internal staff, while 46 percent said improved communication and collaboration with customers.
Those numbers may reverse in the near future. According to a Forrester Research report released earlier this month, by 2013, investment in customer-facing Web 2.0 technologies will outstrip spending on internal collaboration software by nearly a billion dollars.
Top Apps
Web 2.0 is broadly defined as a category of products and a way of working that is collaborative in nature and provides an open means of sharing information. Products that fall into the Web 2.0 category include blogs, wikis, RSS and social networks.
According to the eWEEK survey, blogs and wikis are the most broadly deployed apps in this category. When asked which Web 2.0 technologies were deployed at their organizations, 49 percent of respondents said blogs and 48 percent said wikis. RSS came in a close third, selected by 43 percent of respondents.
Twenty-seven percent of respondents said they had implemented a social network for use at their company. Free social network platforms such as Ning make it easy to build a social network with just a few clicks, and many companies are leveraging social networking capabilities to help employees share and find knowledge internally.
Enterprises seem to be less enamored of large, public social networks such as Facebook and MySpace. Several IT pros eWEEK spoke with said their companies block these types of social networks altogether, while others said the only sanctioned social network at their company is LinkedIn-widely considered to be the most buttoned-down of social networking platforms.
Security Concerns
Why the trepidation? When asked to name their two biggest concerns with social networks and other Web 2.0 technologies, respondents named security more than any other issue (41 percent), followed by a fear that these open platforms would result in leaks of sensitive company information (35 percent).
Those worries may be warranted, but the problems we’re seeing with Web 2.0 aren’t necessarily new, according to Jeremiah Grossman, chief technology officer at WhiteHat Security.
“While Web 2.0 technologies have added some new attack techniques, they really aren’t the issues we need to be most concerned about when comparing to the existing issues,” Grossman said. “The issues we need to tackle have been firmly rooted into the system since the Web began … What Web 2.0 has done is added additional complexity to the attack surface, which has proved difficult for everyone to fully understand.”
Oliver Friedrichs, director of emerging technologies for Symantec Security Response, agrees that what’s old is new when it comes to Web 2.0 security vulnerabilities.
“When we consider the risks [of Web 2.0], clearly, the underlying Web applications themselves have the same inherent vulnerabilities that Web 1.0 applications had,” Friedrichs said. “The risks themselves are very, very similar to what we’ve seen in the past; it’s just a different set of protocols and client-side functions that are being used.”
Only 15 percent of respondents to the eWeek survey worried that the use of Web 2.0 technologies would cause a hit to employee productivity-or, as one IT pro put it, “Social networks [making] employees too, well, social.”
Respondents to the eWEEK survey were asked whether and how their companies seek to deter employees from accessing external social networks. Forty-seven percent said their companies do block such access, while 53 percent said their companies do not block such access.
Various deterrents were cited in the study among those whose companies do deter employees from external social networks: 62 percent named policies, 62 percent said URL blocking and 61 percent said Web monitoring. Filters and network access controls are also being put into play, by 51 and 49 percent of deterring companies, respectively.
Twenty percent of respondents said they were concerned with the lack of management controls in many Web 2.0 apps, and 9 percent said they were concerned with the lack of technical controls.
These kinds of fears may be allayed as more vendors provide Web 2.0 capabilities in their collaboration platforms. Microsoft SharePoint, for example, offers blog, wiki and RSS features, along with the kinds of access controls and accountability that make the technologies palatable in an enterprise setting.
Innovation Without Permission
One of the benefits to many Web 2.0 technologies-or drawbacks, depending on how you look at it-is the ease and speed with which they can be deployed. In many cases, the IT department isn’t needed at all.
There have always been rogue implementations of technology in companies-Linux servers and Wi-Fi networks were notoriously underground before the technologies became mainstream, for example. But today it’s much easier to do a lot more without the help or permission of IT.
Think about the department in your company that’s using Google Apps to collaborate or the group that’s using Ning for discussions and to share videos and other content. No one had to ask IT to get those apps up and running.
The Forrester report says, “Business buyers want Web 2.0 but depend on IT to make it happen,” which is different from the message of some Web 2.0 technology vendors that are pushing mashup solutions as a way for business users to augment or even circumvent IT and build their own applications.
One such vendor is Serena Software. Ren??« Bonvanie, Serena’s senior vice president of worldwide marketing, partner programs and online services, espouses the innovation-without-permission model.
That model, he said, is being driven by the “millennials” in the work force. These twenty- and early-thirtysomethings have grown up with the tools to set up their own networks, write their own blogs, create their own widgets and so on. They’ve never had to ask for permission to do any of these things and certainly don’t want to now that they’re in the workplace (especially when they may very well know more about Web 2.0 technology than many of the IT staffers).
“You can allow people to innovate within a certain framework-a domain of innovation. Or you can take the other approach-let [technology] appear no matter what it affects or does, and decide which will make it and which will not,” Bonvanie said in an interview with eWEEK earlier this year.
The concept of innovation without permission surely sends chills down the spines of most IT managers.
When asked whether their companies had implemented policies regulating the use of Web 2.0 technologies by employees, 54 percent said no, 28 percent said yes and 18 percent said they didn’t know.
At companies where such policies had been implemented, the success rate is good, albeit with room for improvement. Thirty-seven percent of respondents said the policies were very effective and 53 percent said that the policies were moderately effective. Only 10 percent said the policies were barely effective or not effective at all.
The Web 2.0 apps most widely deployed without IT support and company consent? Blogs and wikis top the list again, but social networks come in third followed by peer-to-peer networking. RSS-No. 3 on the list of sanctioned Web 2.0 apps deployed, according to the eWEEK survey-falls to No. 5 on the list of rogue apps. Nearly half of respondents reported at least one rogue Web 2.0 app at their company.
That said, 56 percent of respondents said that none of the applications listed as responses had been implemented without appropriate company support, and 51 percent said none of the apps had been implemented without IT support.
When a Web 2.0 app is deployed without IT support, it is most often the result of an individual employee deciding on his or her own, according to the survey.
When asked in what ways Web 2.0 apps come to be deployed without IT support, 64 percent of respondents named individual employees as the initiator, 51 percent said midlevel managers encourage staff to deploy the apps and 32 percent said senior executives encourage staff.
A relatively significant percentage of respondents said Web 2.0 apps are deployed without Web 2.0 support at the request of outside customers (26 percent) or outside business partners (21 percent).
The Price of Web 2.0
The Forrester report indicates that the current enterprise Web 2.0 market is small but growing.
The spending by enterprises will reach $764 million in 2008 but grow quickly over the next five years, representing an additional $3.8 billion in spending.
Many Web 2.0 apps are available for free, of course, but only 15 percent of respondents to the eWEEK survey named “reduction in IT costs through the use of free apps” as one of their two biggest drivers for implementing Web 2.0.
Indeed, the Forrester report points out that a key question for software companies is: Who pays for Web 2.0 in the enterprise?
“Three challenges face vendors: IT shops are wary of what they perceive as insecure, consumer-grade technology; ad-supported Web 2.0 tools on the consumer side have set -free’ as a starting point; and Web 2.0 technologies enter a crowded space dominated by legacy software investments,” the report said.
Brian Prince and Darryl K. Taft contributed to this story.