According to a survey conducted by Intel that appeared in the San Jose Mercury News, 50% of 200 companies surveyed said they found the use of social networking sites such as Facebook and MySpace as either “a major security concern” or “somewhat of a security concern.”

Of the companies surveyed, of course the majority of the blame was laid upon the hip youngsters using Facebook:

"Their wide-ranging use of the Internet can expose the company to malicious software attacks," said Mike Ferron-Jones, who directs an Intel program that monitors new computing trends. "This is a big deal now, and it’s going to get bigger as more Gen Yers come into the workforce."

Damn those kids and their crazy whatzit-doodad networking sites.  Of course, no where in the article did it bother to mention that email phishing (identity theft scams) and spam are far more of a real threat at this point than Facebook or MySpace-spread viruses, despite the recent news of the koobface virus that was spreading through Facebook video posts. 

According to Symantec MessageLabs, roughly 70% of all worldwide email traffic in June, 2008 was spam, with between one and two emails in every 280 being viruses or phishing attempts.  Furthermore,  since 2007, CxO positions are increasingly becoming the target of scam and virus attacks.  But despite the relatively low risk presented, one commenter from made the claim that Facebook served no business purpose whatsoever and should rightfully be banned:

I know hundreds of engineers in [Silicon Valley] goofing off at social sites for hours during the work day. And more people are getting viruses. A well run companies [sic] would have blocked all but the business related sites. Facebook and Myspace [sic] certainly should be blocked.

It simply doesn’t add up.  Facebook and MySpace usage represents a drop in the bucket compared to the frequent and varied threats that email presents.  But like email, social networking sites are a form of communication that can and often does include business-networking.  Despite the fact that employees spend time today reading through personal emails from their friends and shuffling through spam and virus emails, no one would dare suggest blocking access to email at work.

How will this fare for Facebook’s effort to spread the gospel of Facebook Connect?  Imagine, for example, if Salesforce.com suddenly said they were supporting Facebook Connect as a method of authentication?

The answer: it won’t affect them at all.  IT will need to play catch-up, or else risk becoming (more of) a dinosaur (than they already are today).

Despite some (perhaps irrelevant) fears that hordes of Facebook users will be converted into mindless zombies wasting away company time and exposing them to data-loss related atrocities, corporate IT will have to respond with new and advanced security tools to limit company data exposure, while at the same time allowing their employees to communicate with the rest of the world. 

For every employee who spends time updating their status on Facebook, I know another five who use it as a way to network with people that either help them get their job done faster (by sharing development tips, or links to interesting tech news articles), or help them sell products (by connecting them with new sales prospects).

All too often I have seen IT organizations knee-jerk in response to one or two stories that make their way around the office, especially when it comes to things that they may not fully understand yet.  The result is always the same, although it is nearly impossible to quantify: 1.) the users find ways around the blocks, 2.) the users suffer and lose contact with key data or sales prospects. 

Blocking communication, whether it be access to instant messaging services or social networking sites, is equivalent to blocking access to email or the telephone.  IT cannot afford to do it for long, if at all, or else risk appearing out of touch with the way the world really works. 

The other real world risk that wasn’t mentioned once in the article is actually the risk of corporate IT departments losing their relevance in an ever-accelerating fast-paced world.  Inflexibility and a “block it all, consequences be damned” mentality will ultimately lead to a more speedy shift to corporate adoption of SaaS and cloud computing alternatives, perhaps diminishing IT’s role in the corporate environment permanently.

Filed under: Cloud Computing, Consumer Web, Enterprise Web, Privacy, SaaS, Social Computing