Around 42% of network administrators were "moderately concerned" to "extremely concerned" about the security threat associated with employee use of social media. The proportion "moderately concerned" to "extremely concerned" was similar in 2010 (40%).
This is the eighth annual What Keeps Network Administrators Up at Night survey. For the 2011 edition, conducted by Amplitude Research for Van Dyke, 364 network administrators were surveyed.
When network administrators were asked to explain what concerns them most about employee use of social media, the most common issues were viruses (19%), data/information leaks (19%), intrusion risk (19%), users not being careful (9%), trojans/other malware (9%), and concerns about risks to privacy/user information (6%). In addition to concerns related to security, 21% complained about employees wasting time on social media instead of being productive at work. These results were similar to last year’s findings.
“Social media use by employees can have different effects and this can impact security risks at the company”, Steve Birnkrant, chief executive officer of Amplitude Research, told Infosecurity.
Regarding employee access to social media, 36% of network administrators said employees had unlimited access to social media, 48% said employees had limited access, and only 16% said employees had no access.
Around 60% of network administrators said that their organizations have a formal policy about employee access to social media at work, with 40% having no policy. “It is interesting that you have a lot of companies out there that don’t have a formal policy regarding employee use of social media”, Birnkrant commented. “Social media is a significant concern to many network administrators, and many of them indicated that their organizations have limited controls on employee access”, he added.
The survey found that 58% of network administrators felt that the organization had an adequate information security budget, and 63% felt their organization was sufficiently staffed to support current information security needs. “Given these results, one should consider whether improving security risk for social media is really a staffing issue, a budget issue, or something else”, Birnkrant said.
Also, 42% network administrators considered managing the security of employee smartphones to be "very important" or "extremely important" as compared to other security threats facing their organization. Only 49% of network administrators were satisfied with the security of handheld devices at their organization – down from 57% in 2010.
“Employee smartphones can definitely be a big security headache for network administrators, although it varies from organization to organization”, Birnkrant said.
The adoption of cloud computing rose significantly in 2011 – 22% compared to 15% in 2010. Those network administrators who have not adopted and are not considering cloud computing are in the minority, with the proportion in this group declining from 38% in 2010 to 27% in 2011. However, survey findings showed that less than half of those who have adopted cloud computing rated it "very secure." An even smaller proportion of those who have not yet adopted cloud computing consider it "very secure."
“In some case, for those who have not adopted [cloud computing], they feel it is only ‘somewhat’ secure; so that can easily be a roadblock” to cloud adoption, Birnkrant observed.