Though many Web 2.0 services were designed for consumer use rather than business use, organisations across all industries are already using them to increase collaboration and information exchange, streamline processes, engage key stakeholders and generate revenue.

This is the main finding of an independent, global study into the state of Web 2.0 use, policies and security conducted by security software vendor Websense.

The report is based on a global survey of 1,300 information technology managers across ten countries, asking about their perceptions of Web 2.0 in the workplace, testing their understanding of these technologies and assessing their organisations' level of security preparedness.

Ninety-five per cent of respondents currently allow employee access to some Web 2.0 sites and applications - most commonly webmail, mashups and wikis.

Sixty-two per cent of IT managers believe that Web 2.0 is necessary to their business. Clearly social media in business is here to stay.

That said, employees want even more use of Web 2.0 at work, leaving IT departments to find the right balance between preventing security risks while still allowing safe and flexible access.

The pressure for more Web 2.0 access is coming not from some employees, but rather from lines of business and top-level executives. An overwhelming majority, 86 per cent of IT managers reported feeling pressured to allow more access to more types of Web 2.0 sites and technologies.

Almost a third of respondents said the pressure is coming from C-level executives and director level team members. A third said the pressure is coming from the marketing department, and a third said it was coming from sales.

The worrying thing, revealed by the survey, is that IT professionals are overconfident in their security. The majority of respondents reported feeling confident in their organisation's Web security, though they admit not to having implemented security solutions.

• 68 per cent do not have real-time analysis of Web content



• 59 per cent cannot prevent URL re-directs



• 53 per cent do not have security solutions that stop spyware from sending information to bots



• 52 per cent do not have solutions to detect embedded malicious code on trusted Web sites



• 45 per cent do not have data loss prevention technology to stop company-confidential information from being uploaded to sites like blogs and wikis, hosted on unauthorized cloud computing sites, or leaked as a result of spyware and phishing attacks.

Additionally, a surprising number of respondents seem to be confused on what exactly constitutes Web 2.0. Only 17 per cent of respondents correctly identified all the items a list of what can be considered part of the interactive web.

Shockingly, only half identified wikis, video uploading sites like YouTube and hosted software/cloud computing sites like Google Docs to be part of the trend. Almost half reported that users in their organisations try to bypass web security which shows new policies are needed if you are going to be flexible enough to meet the needs of modern workers while maintaining secure systems.

At the same time, 57 per cent of data-stealing attacks are conducted over the Web including on social websites, which allow users to create and post their own content.

With more than 90 per cent of organisations around the world reportedly lack the security solutions necessary to prevent dynamic Web threats and data loss. When you think about it, we all should be careful about who to trust with personal data.

Clearly, it's tough to find the right balance between getting the benefits of Web 2.0 and to mitigate the security risks. But let's face it.

It's no longer viable to just block access to these sites; today's modern workers prefer to use social applications and to deprive them access would be to deprive the organisation of the full range of people's talents and skills.

It's not surprising that Websense provides a whole range of software solutions, many of them free, to help organisations get to grips with Web 2.0 risks and there's a range of solutions available from hundreds of software vendors. Here are some guidelines for IT managers struggling to get the balance right:

• Check with legal and HR advisors and only block social networking sites if there is significant corporate risk that can't be mitigated any other way.



• Use perimeter web security software to filter inbound pages for spyware, viruses and inappropriate content. Scan outbound traffic to prevent data leaks.



• Work with HR and legal to update employee guidelines to support acceptable Internet use, policies and guidelines.



• Educate the workforce about the risks and hazards of some social media and train them in best practice.

----------

Sherrilynne Starkie is the managing partner of Strive Public Relations, a strategic communications consultancy serving the Isle of Man. Visit her business blog, www.strivepr.com/notes or follow her on twitter.com/sherrilynne