What do LinkedIn, Twitter, Blogging and Wikis have in common? According to this article, they are increasingly used within enterprises with a quarter of organizations actually rolling out these types of tools across all departments, up from 12% in the previous survey. The survey also points out the blended use of these applications for both business and professional purposes.
July 14 update - Two more proof points on why companies need to positively enable applications. Both articles talk about how new employees are pressing employers for more lenient web surfing policies. The balance of course is allowing not only web use, but the use of non-web based applications, in a secure manner.
It's no different than spending too much time around the water cooler or making too many personal phone calls. Do you take those away? No," says Gary Rudman, president of GTR Consulting, a market research firm that tracks the habits of young people. "These two worlds will continue to collide until There's a mutual understanding that performance, not Internet usage, is what really matters."
This is, after all, a generation of young people known for what University of Toronto sociologist Barry Wellman calls "media multiplexity." College students he has studied tell him how they sleep with their smart phones and, in some cases, consider their gadgets to be like a part of their bodies. They're also less likely to fit the traditional 9-to-5 work mode and are willing to put in time after hours in exchange for flexibility, including online time.
So, Wellman and others argue, why not embrace that working style when possible, rather than fight it?
It's not hard to figure out why, really. First, allowing for a good balance between the two allows workers to take short mental breaks which allows them to be more fully focused on work when needed. On top of that, they don't have to worry about personal things while at work, but can take care of issues quickly and easily. Finally, and most importantly, many start using social networking and other online tools to help them work. After all, despite what naysayers say, these tools can be very useful in many different jobs.
More interesting is the fact that while most companies have security and approval policies for the use of corporate tools such as email and press releases, very few have the same for the use of these applications.
“…we found that whereas nearly all businesses have policies on the use and content of emails, only 30% set similar policies for blogs, wikis and forums.” [see full report here– registration required].
This policy discrepancy strengthens the case for what we call positive application enablement. A process by which the security team, in conjunction with the business units perform the following:
• Identify the application and what it is being used for.
• Determine who is using it.
• Decide whether or not to allow it – if so, under what conditions and parameters.
• Scan the allowed content.
• Log and report on the activity.
As we have said before, the days of blocking applications that might not be “approved” are gone. These applications are here to stay. The applications themselves are not risks, but make no mistake, they can introduce risks and as such, need to be secured right along side Oracle, SAP, SharePoint and other business applications.
Thanks for reading.