Enterprises Diving into Web 2.0 Waters

Exclusive eWEEK research shows that deployments are mostly internal; security is the biggest concern.

Enterprises are embracing Web 2.0, but they're keeping the technology close to home for now as security and liability concerns remain.

In an exclusive survey conducted for eWEEK by Ziff Davis Enterprise Research, 282 IT professionals were asked about deployments of and plans for Web 2.0 technologies at their companies.

When respondents were asked which groups Web 2.0 technologies were designed to serve, 82 percent said current employees. In addition, when asked to name the two biggest drivers for Web 2.0 at their companies, 71 percent of respondents said improved communication and collaboration among internal staff, while 46 percent said improved communication and collaboration with customers.

Those numbers may reverse in the near future. According to a Forrester Research report released earlier this month, by 2013, investment in customer-facing Web 2.0 technologies will outstrip spending on internal collaboration software by nearly a billion dollars.

Top Apps

Web 2.0 is broadly defined as a category of products and a way of working that is collaborative in nature and provides an open means of sharing information. Products that fall into the Web 2.0 category include blogs, wikis, RSS and social networks.

According to the eWEEK survey, blogs and wikis are the most broadly deployed apps in this category. When asked which Web 2.0 technologies were deployed at their organizations, 49 percent of respondents said blogs and 48 percent said wikis. RSS came in a close third, selected by 43 percent of respondents.

Twenty-seven percent of respondents said they had implemented a social network for use at their company. Free social network platforms such as Ning make it easy to build a social network with just a few clicks, and many companies are leveraging social networking capabilities to help employees share and find knowledge internally.

Enterprises seem to be less enamored of large, public social networks such as Facebook and MySpace. Several IT pros eWEEK spoke with said their companies block these types of social networks altogether, while others said the only sanctioned social network at their company is LinkedIn-widely considered to be the most buttoned-down of social networking platforms.

Security Concerns

Why the trepidation? When asked to name their two biggest concerns with social networks and other Web 2.0 technologies, respondents named security more than any other issue (41 percent), followed by a fear that these open platforms would result in leaks of sensitive company information (35 percent).

Those worries may be warranted, but the problems we're seeing with Web 2.0 aren't necessarily new, according to Jeremiah Grossman, chief technology officer at WhiteHat Security.

"While Web 2.0 technologies have added some new attack techniques, they really aren't the issues we need to be most concerned about when comparing to the existing issues," Grossman said. "The issues we need to tackle have been firmly rooted into the system since the Web began ... What Web 2.0 has done is added additional complexity to the attack surface, which has proved difficult for everyone to fully understand."

Oliver Friedrichs, director of emerging technologies for Symantec Security Response, agrees that what's old is new when it comes to Web 2.0 security vulnerabilities.

"When we consider the risks [of Web 2.0], clearly, the underlying Web applications themselves have the same inherent vulnerabilities that Web 1.0 applications had," Friedrichs said. "The risks themselves are very, very similar to what we've seen in the past; it's just a different set of protocols and client-side functions that are being used."

Only 15 percent of respondents to the eWeek survey worried that the use of Web 2.0 technologies would cause a hit to employee productivity-or, as one IT pro put it, "Social networks [making] employees too, well, social."

Respondents to the eWEEK survey were asked whether and how their companies seek to deter employees from accessing external social networks. Forty-seven percent said their companies do block such access, while 53 percent said their companies do not block such access.

Various deterrents were cited in the study among those whose companies do deter employees from external social networks: 62 percent named policies, 62 percent said URL blocking and 61 percent said Web monitoring. Filters and network access controls are also being put into play, by 51 and 49 percent of deterring companies, respectively.

Twenty percent of respondents said they were concerned with the lack of management controls in many Web 2.0 apps, and 9 percent said they were concerned with the lack of technical controls.

These kinds of fears may be allayed as more vendors provide Web 2.0 capabilities in their collaboration platforms. Microsoft SharePoint, for example, offers blog, wiki and RSS features, along with the kinds of access controls and accountability that make the technologies palatable in an enterprise setting.