Web 2.0: Workers See Friend, Employers See Foe - InformationWeek
IoT
IoT
Infrastructure
News
5/24/2007
04:18 PM
50%
50%
RELATED EVENTS
The Real Impact of a Data Security Breach
Aug 02, 2017
In this webcast, experts discuss the real losses associated with a breach, both in the data center ...Read More>>

Web 2.0: Workers See Friend, Employers See Foe

Most companies are more concerned with blocking Web site categories, such as those labeled "adult" or "gambling," than with targeting individual Web sites, a new report notes.

When the Defense Department recently banned department personnel from visiting social networking and entertainment sites such as MySpace, YouTube, and 11 others, it cited bandwidth constraints and security concerns as the primary criteria. In the business world, however, while these sites don't exactly boost productivity, companies are much more concerned with shutting out banner and pop-up ads as well as adware likely to install cookies on company-owned PCs.

Barracuda Networks, a maker of e-mail and Web filtering technology, this week reported that the top sites its customers blocked over the past month demonstrate this trend. The top 10 sites blocked -- including Doubleclick.net, Googlesyndication.com, Omniture Inc.'s 2o7.net, Rad.msn.com, and Atwola.com -- are all related to marketing and advertising to Internet users. Meanwhile, sites like MySpace, World of Warcraft, and YouTube are still likely to be blocked by Barracuda customers, but none of them make the company's Top 20 list of most blocked sites.

Web-based content is blocked for three reasons primarily: to avoid legal liability for any illegal activity in which their workers might be engaged, to reduce the risk of malware infections, and to prevent drops in productivity that accompany access to nonessential Web content.

Although it's almost intuitive that a company would want to block any site that promotes worker procrastination, the fact is most companies are more concerned with blocking Web site categories, such as those labeled "adult" or "gambling," than with targeting individual Web sites like MySpace or YouTube, said Stephen Pao, Barracuda's VP of product management.

"Companies will block applications under the category 'streaming media' rather specifically block YouTube or XMRadio.com, although this does ultimately block access to those sites," Pao said.

Another school of thought is that Web 2.0 sites that promote social networking and multimedia content have some value to workers despite any distractions they might cause. Half of the 162 customers that security research firm and vendor Sophos polled between May 16 and 22 said that employees should be able to access MySpace and that the key message is that good productivity is the result of good management, whereas access to a wide variety of Web sites isn't necessarily to blame for poor productivity. One-quarter of the respondents to the Web-based poll were opposed to blocking access to MySpace because the effort would be too complicated and time consuming, while the rest of the respondents worried about employee "backlash" at having MySpace access taken away, meaning they might try to circumvent Web filters or try to access the site in some other way.

This doesn't mean that opening corporate networks up to social networking or gaming sites is a good idea. As end users become hip to more mainstream threats like phishing (does anyone still click on random e-mails from PayPal or financial institutions?), malware writers are building threats directly into Web sites that user frequent.

"Interactive Web sites have become a vector by which infections can occur," said Ron O'Brien, Sophos senior security analyst. In April alone, Sophos identified 245,790 Web pages hosting malicious code, and that total grows daily.

In March, Sophos issued an advisory to warn companies about the ongoing threat of malicious code being posted to MySpace, in particular the SpaceStalk spyware Trojan horse embedded in a QuickTime movie on the MySpace page of MAMASAID, a French rock band. SpaceStalk's JavaScript code downloaded from the Net additional malicious code onto users' computers to steal information.

Companies have to weigh carefully the benefits of how much rope they give their users. It was once debatable whether Web-based apps like VoIP, P2P networking, and IM had any business value, yet these emerging technologies have for the most part become a good fit in today's work environments. With the right amount of foresight and security precautions, the same might someday be said of MySpace and YouTube.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll