More than 80% of security administrators think that Web 2.0 applications — social networking tools, widgets, instant messaging programs, and their ilk — are undermining enterprise security. Furthermore, one in five think that employees rarely or never consider the consequences to corporate security of engaging in such activities as downloading applications from the Internet, streaming video, or using peer-to-peer file-sharing sites.
Those results come from a new survey of more than 2,100 IT security administrators in the United States, United Kingdom, France, Japan, and Australia. The survey was conducted by the Ponemon Institute and sponsored by Check Point Software Technologies.
“Our research finds security can be seen as an afterthought for corporate users of Web 2.0 applications; the growing number and sophistication of security threats, coupled with the proliferation of online and easily downloadable tools, is exacerbating the challenges of protecting sensitive information,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement.
The survey also found that nearly half of security managers think that minimizing Web 2.0 risks is an urgent priority. According to respondents, the top threats posed by Web 2.0 applications are, in order, poor workplace productivity, malware, data loss, and viruses.
But so far, spending on Web 2.0 security technology lags. “While this is an issue that must be addressed through strategic investment in technology and awareness, our research also shows that most IT administrators do not believe their organizations have sufficient resources dedicated to securing critical web applications,” according to Ponemon.
On a related note, Check Point Monday announced its forthcoming release of Application Control Software Blade, which can control and manage the use of Web 2.0 applications in the enterprise. The product will use the Check Point AppWiki, which catalogs more than 50,000 Web 2.0 widgets and more than 4,500 Internet applications, including social networking, instant messaging, and media streaming tools. The tool can be centrally managed — together with other Check Point “software blades” — from a single Check Point console, and will also integrate with any of the company’s security gateways, such as UTM-1 or Power-1.
Check Point plans to release the Application Control Software Blade by the end of the year.