Web 2.0: Security threat to your company?
Throwing Sheep in the Boardroom
It's too early to talk about a tipping point in corporations, but Web 2.0 platforms, like blogs and wikis, are starting to reshape the operations of many companies.
Many CEOs are intrigued by the business case for Enterprise 2.0. Surveys conducted by consulting firms like McKinsey and Forrester Research reveal that executives are showing increasing openness to web-based collaboration and social networking tools. Forrester forecasts robust corporate spending on Web 2.0 software – including blogs, social networks, mashups, podcasts, RSS, widgets and wikis. It projects consolidated Web 2.0 spending growth at 43 percent annually – from $764 million in 2008 to $4.6 billion in 2013.
Still, it can hardly be claimed that Fortune 500 companies – with the exception of a small clutch of leading-edge giants like IBM and Intel – are stampeding to join a Web 2.0 juggernaut. Moreover, while $4.6 billion looks like a big number, it's only a tiny fraction – less than one percent – of global corporate spending on enterprise software.
In many companies, there is still deep-seated reluctance toward Web 2.0 tools. While many agree on the potential upside, most also are concerned about the obvious downside.
Evangelists tend to emphasis the productivity benefits from deploying Web 2.0 platforms to encourage horizontal collaboration, harness collective intelligence, foster open innovation, and build brand awareness. A solid “ROI” case can be made for Web 2.0 tools, they say, if they boost employee morale, increase productivity, and create better products.
On the other hand, skeptics argue that Web 2.0 tools are fraught with dangers. Much of the focus has been on time-wasting at the workplace, and every week there are media reports about employees getting either disciplined or dismissed for logging on to Facebook or YouTube at the office. The list of other potential downside risks is alarming: virus and spyware infections, data leaks, illegal activities, reputational damage, to name only a few. Another potential pitfall that receives less attention is the risk to corporate data security.
The fear factor about data security has led many companies to ban social networking sites outright. The clampdown has been spearheaded by big financial companies like Credit Suisse and Dresdner Kleinwort, which use security systems to block access to social networking sites. Financial powerhouses Citigroup, Goldman Sachs, JPMorgan and UBS also restrict access to Facebook. In the U.K., British Gas and Lloyds TSB use firewall software to block access to social networking sites. Many government bureaucracies also ban social networking sites.
Barracuda Networks, a leading maker of software security systems, has reported that more than half the companies using its Web filters are blocking either MySpace or Facebook. Barracuda's chief executive, Dean Draco, declared confidently: “You won't see a lot of financial institutions running to get their employees on Facebook. Maybe someday, but not now.”
There can be no doubt that web security specialists have made a booming business from playing on the worst fears of corporate managers. Yet the concerns they raise are often valid. Corporate security experts warn that companies risk losing control of their data when they adopt open software platforms. With Web 2.0 deployment, corporate IT departments no longer exercise tight controls of information flows, including products (smart phones, laptops, desktops) that are connected to the company network. This explains why many IT departments resist, if not oppose, Web 2.0 adoptions – open, horizontal software platforms mean less control for them, if not bypassing them entirely.
Indeed, resistance to Web 2.0 doesn't necessarily come from top executive suites, but rather from middle managers and especially from corporate IT departments. One reason middle managers oppose information sharing and open collaboration is because these innovations usurp their traditional role as information gatekeepers and drafters of internal reports. Don't count on Web 2.0 buy-in from IT departments either. Like middle managers, they fear that Web 2.0 tools will threaten their monopoly over specific functions. When information flows are diffused horizontally, the gatekeeper function of IT managers is effectively bypassed.
Some believe that Web 2.0 tools will be more enthusiastically embraced by young companies without legacy systems to integrate, whereas established organizations with entrenched power structures and conservative corporate cultures, can easily thwart Web 2.0 adoption in order to neutralize its threat.
Indeed, even if a networked Enterprise 2.0 model guarantees to improve productivity, foster innovation and boost profitability, it still runs up against basic laws of human nature. Corporate bureaucracies are not designed as bottom-up democracies and, consequently, any push for more open, horizontal communications can expect to meet resistance. For most corporate managers, there is just too much to lose – especially power.
Yet social media deployment is gaining momentum now that the world's most powerful high-tech brands -- Intel, IBM, Cisco, Google, for example – have embraced Web 2.0 software. The challenge for many companies will be to loosen control without losing control, because the Web 2.0 tipping point inside corporations, while not imminent, is inevitable.
Matthew Fraser (left) is senior research fellow and Soumitra Dutta (right) is Roland Berger Chaired Professor of Business and Technology at INSEAD, an international graduate business school and research institution. Their book, Throwing Sheep in the Boardroom: How Online Social Networking Will Change Your Life, Work and World, is published by Wiley. The book's website can be found at: www.throwingsheep.com.