Social networking becoming IT security hazard

More than half of security professionals report that employees use unsupported applications and devices despite strict policies, a Cisco-commissioned survey has revealed.

The survey, exploring the security implications of social networking and the use of personal devices in the enterprise, found that employees are consistently working around information technology security policies to use unsupported devices and applications, including: social networking at 68 per cent, collaborative tools at 47 per cent, peer to peer software at 47 per cent and cloud software at 33 per cent.

Seventy-one per cent of respondents said that overly strict security policies have a negative impact on hiring and retaining employees aged under 30.

Conducted on behalf of Cisco by Insight Express, the survey polled 500 IT security professionals across the United States, Germany, Japan, China and India.

The results illustrate that the consumer influence on enterprise IT is growing and that more employees are bringing personal devices and applications into the network, presenting new business opportunities and security challenges.

The survey explores the changing enterprise security landscape due to the evolving requirements of today’s borderless networks, the benefits and drawbacks of accommodating an increasingly mobile workforce, and the challenges of protecting sensitive and proprietary data.

Nearly half (41 per cent) of respondents determined that employees have been using unsupported devices, and more than one-third of that number said they have had a breach or loss of information due to unsupported network devices.

Despite these trends, about half (53 per cent) of the IT respondents said they are likely to allow personal devices on the network in the next 12 months and seven per cent already support personal devices.

More than half (51 per cent) listed “social networking” as one of the top three biggest security risks to their organisation, while one in five (19 per cent) considers it the highest risk. Social networking tools are an unprecedented and highly beneficial tool for many parts of organizations, including human resources, marketing and customer service.

“As the lines between personal and business computing increasingly blur, it is becoming clear that employees are going to use social networking and personal devices whether permitted or not,” said Fred Kost, director for security solutions at Cisco.

“The best strategic approach is to focus less on restricting usage and more on effective solutions to ensure highly secure, responsible use. These solutions involve more than technology. Organisations should develop education programmes, corporate policies and best practices in order to realise the extensive business benefits of social networking while protecting against the variety of potential threats that it can present.”

Chris Christiansen, programme vice-president for security products and services group at IDC, said: “Increasingly, unapproved and unmanaged personal devices in the corporate environment are hastening the need for more intelligent security management. These ‘solutions’ must deal with the difficulty of protecting individuals and corporations while providing a positive user experience and corporate data access from any device, anywhere, anytime.”

The full survey results are available at: http://newsroom.cisco.com//dlls/2010/ekits/Full_Survey_Results_062410.pdf