Survey: Enterprises Increasingly Address Consumer IT Security Threats

Since this story was originally posted, it has been updated to include additional information from Proofpoint.

As consumer-oriented technologies infiltrate the enterprise, companies are increasingly cracking down on employee misuse of such applications to protect sensitive information, according to a new survey from security vendor Proofpoint.

The survey found that almost 20 percent of the IT decision-makers surveyed had disciplined an employee over the past year for violating blog or message-board policies. More than 10 percent disciplined a worker for violations of media sharing and posting policies during the past 12 months, and 14 percent disciplined staffers for violating social networking policies, according to Proofpoint.

Furthermore, 9 percent of respondents reported firing an employee for violations of blog or message board policies; nearly 7 percent said they’d terminated staffers for media sharing and posting policy violations; and roughly 5 percent fired employees for breaking corporate rules associated with social networking.

Despite employing blogs, wikis, social networking tools and other “Web 2.0” applications in many corporate settings, enterprises remain wary of the associated security concerns.

“New social networking and social media channels have become the fastest-growing source of threats,” according to the Proofpoint study. “Companies fear that financial data, healthcare information or other private materials may be posted in blogs, sent through instant messaging or transmitted by other means.”

Companies are not just waiting around for a security breach to occur. Sixty-two percent of respondents said they have simple or detailed acceptable use policies for blog and/or message board posting; 64 percent have simple or detailed policies governing media sharing/posting; and 58 percent have simple or detailed acceptable use policies for social networking tools.

In addition, more than half of the companies surveyed indicated that they were “concerned” or “very concerned” about sensitive information finding its way beyond the corporate walls via Web-based e-mail services, like Google’s Gmail or Microsoft’s Hotmail. Fifty-three percent of respondents said it’s “important” or “very important” to curb the security risks associated with HTTP traffic like Web mail or blogs within the next year, according to Proofpoint.

Many enterprises are going beyond acceptable use policies and deploying technology solutions to safeguard information. Roughly 30 percent of respondents deployed some form of solution to monitor content within Web mail or other HTTP, with another 27 percent planning to do so within the coming year. Roughly 30 percent of enterprises have also deployed a solution for monitoring content within instant messages, the survey found.

“The number-one takeaway from [the] survey is that CIOs should really take a close look at their acceptable use policies for e-communications and get specific about their policies around these new communication mediums,” said Keith Crosley, director of market development for Proofpoint. “A lot of CIOs haven’t yet thought about, for example, videos created by employees as potentially containing confidential or sensitive information. Clear, well-articulated policies and employee education are probably the top things CIOs can champion to ensure the security of all of their organizations’ sensitive content.”

Proofpoint’s fourth annual “Outbound E-Mail and Content Security in Today’s Enterprise” survey was conducted in March by Forrester Consulting. Three hundred and eight respondents from U.S. companies with 1,000 or more employees responded. Of the 308 organizations that responded, 103 of them had 20,000 or more staffers. Of the respondents, 33.4 percent were CIOs, CTOs or the senior-most IT executives within their organizations; 26.9 percent were directors or managers of IT, and 22.7 percent were vice presidents of IT or IT executives, according to Proofpoint.

The full 2007 survey can be located on Proofpoint’s website, as well as the 2006, 2005 and 2004 editions—though many of the consumer IT-related questions are new this year. (Registration is required.)