Enterprise 2.0 applications have become the poster children of a flat world. They provide rapid and agile collaboration, sharing and information integration capabilities never seen before in enterprises. But, unlike enterprise applications, Enterprise 2.0 applications weren't born in the enterprise world. Most started out as consumer-centric capabilities for searching, linking and tagging, and then moved on to authoring, networking and sharing. Almost all are accessible through a browser, and have no trouble crossing over from the consumer world into the enterprise world.
So, today we see Facebook and Twitter in over 95 percent of organizations worldwide. We see the penetration of Google Docs jump nearly threefold to over 80 percent in 2009, and the use of Twitter explode nearly eightfold in terms of bandwidth. But that's not the dark side.
The real issue surrounding Enterprise 2.0 applications is their highly evasive nature. Their developers knew the enterprise security infrastructure very well and found ways around it. Using techniques such as port hopping, tunneling and encryption, they ensured that these applications could get through.
They also "overloaded" them with features. For example, 70 percent of Enterprise 2.0 applications are capable of transferring files, even though that may not be their obvious use. On top of that, the users have learned how to work around enterprise security. For example, if they hit a URL that gets filtered, they will find a public proxy to get through. Little do they know that 28 percent of Enterprise 2.0 applications propagate malware and 64 percent have known vulnerabilities.
However, this situation doesn't justify an all-or-nothing decision. To flat-out block everything isn't the answer because it destroys any business value. But to flat-out allow everything is clearly too risky. IT needs to actively participate in the Enterprise 2.0 movement and provide safe enablement through smart policies it closely manages.