Copyright
Elsevier
The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, UK
225 Wyman Street, Waltham, MA 02451, USA
First published 2013
Copyright 2013 The Security Executive Council. Published by Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-417001-8
For more publications in the Elsevier Risk Management and Security Collection, visit our website at store.elsevier.com/SecurityExecutiveCouncil.
Executive Summary
Web-based applications provide more information and greater interconnectivity, and many businesses see value in the ability to increase market reach or collaboration at a lower cost. But can these applications be misused? In The Benefits and Security Risks of Web-Based Applications for Business, current thinking and research on this topic are explored. Included is an overview of the evolution of web-based applications, as well as statistics on the corporate adoption of these technologies. The specific threats to corporate security that come from the use of web-based applications are also described. This report is a valuable resource to any security professional whose company does, or will in the future, endorse employee use of web-based applications in the workplace.
What is a Trend Report?
A trend report is a document that highlights emerging and fast-growing trends with significant impact for corporate security and risk management. Based on first reports from initial responders to the issue and confirmed by research, these reports help industry leaders and practitioners learn the key elements of an important topic, and provide insight, guidance, and options for applying what has been gleaned from a real-world environment. These reports can be utilized by mid- to upper-level security managers, instructors at institutions of higher education, or by human resources professionals in training sessions.
Introduction
What is Web 2.0?
The introduction of web-based applications to the business world began nearly a decade ago with the concept of Web 2.0. Web 2.0 doesnt encompass a set of new technologies, but is simply a revolution in the way existing technologies are used: It is a philosophy of open online communication that is often interactive and user-driven. According to founder and CEO of OReilly Media, Inc., Tim OReilly, who is credited with coining the term Web 2.0 in 2004, Web 2.0 is a category of applications that meet the following seven criteria:
1. They use the web as a platform;
2. They harness collective intelligence (they include content from users and other sites through tagging, permalinks, RSS, etc.);
3. They are backed by specialized databases (such as Googles web crawl and Amazons product database);
4. They are delivered as services, not products;
5. They support lightweight programming models;
6. They are not limited to use on a single device;
According to this definition, then, wikis, blogs, mashups, online document creation and collaboration, social media, and video and photo sharing are all considered Web 2.0 technologies. The features of Web 2.0 are exemplified in sites such as Google, Amazon, YouTube, and Wikipedia, and are now inseparable from all web-based applications available today.
Millennial Workers
One of the greatest driving forces of the adoption of web-based applications in the workplace is the influx of a new generation of workers, frequently referred to as the Millennial generation.
Key findings showed:
Employer-provided technologies do not meet the expectations of twenty percent of the respondents
Thirty-two percent expect to use the computer of their choice
Thirty-four percent expect to access the technology applications of their choice once in the workforce
Sixty percent of Millennials are unaware of IT policies or are not inclined to follow them
The findings of the Accenture survey suggest that significant challenges for security professionals are coming, and coming fast. In particular, it appears that security historically has not adequately communicated the importance of protecting company information and assets to younger workers. Compounding this issue, security professionals are now facing a growing population of workers that have certain expectations about technology in the workplace. According to a 2013 report from Forbes, by 2014 [Millennials] are expected to comprise 36 percent of the U.S. workforce, and by 2020, Millennials will be nearly half of all workers. This dramatic change in workplace demographic will result in the need for improved information technology security policiesa shift security needs to be prepared for.
The Millennial generation is commonly defined as individuals born between 1977 and 1997.
Research Findings
The Benefits of Web-Based Applications and Current Adoption Rates
).
When the Web 2.0 concept really began to take hold in 2006 and 2007, corporations tentatively dipped their toes into the social media sphere by instituting company blogs to help them communicate with customers and employees. Early adopters included Wells Fargo, Blogs provided the sense of a more direct line of communication with corporate executives, adding to perceptions of customer service and employee care. They also gave companies a new method of collecting and responding to valuable customer and employee feedback, as well as a way to share information from the top down.