Darin Stahl, research lead at Info-Tech Research Group Inc. in London, Ontario, said only 46% of the IT managers at the 200 companies polled by his firm explicitly block access to social networking sites. Forty-nine percent tolerate employee use of such sites, and 3% actually encourage use.
The reason more companies aren't blocking social networking sites is probably because they have more critical issues to deal with, Stahl said.
"They're probably picking their battles. One could argue that if it hasn't come up and reared its head, they're not fighting it," He said.
Social networking sites are Web-based social networks composed of a community of people who share interests through chat, messaging, email, video and file sharing.
But social networking sites are poised to change the way they're viewed by businesses, some experts say. Facebook, for example, which launched in 2004, is seeing double-digit membership growth this year -- many of its new members are older than 30 and professionals.
As appeal spreads beyond college students, professionals are joining the social networking site to keep in touch with colleagues and business contacts. And now Facebook, which already hosts networks for employees at companies such as Apple Inc., is preparing to launch a new feature that according to recent reports would allow it to act as a more professional networking utility, possibly giving professional networking sites such as LinkedIn a run for their money.
Still, the businesses that are blocking social networking sites are most likely blocking other sites as well.
According to the American Management Association (AMA), 65% of U.S. businesses block connections to inappropriate websites, such as pornographic or sports gambling sites, a practice called URL filtering.
The chief reason businesses block access to websites is to prevent the spread of spyware and other forms of malware, said Lawrence Orans, an analyst at Gartner Inc. in Stamford, Conn. He estimates that about 20% of commercial organizations block social networking sites.
Stahl pointed out that several worms, viruses and Trojans have targeted these sites, MySpace in particular. Hackers have also succeeded in manipulating user profiles and stealing user login information. He said many users will maintain login information for their social networking sites that is identical to the login information they use for their corporate network access.
In addition to security concerns, employee productivity was cited as a top concern, Stahl said. "It was viewed as a big time waster and really had very little to do with business value of your average accounts-payable clerk."
Social networking sites are also bandwidth hogs. The typical social networking website will display content from various sources on the Internet, forcing many more DNS requests from corporate servers. The typical news site with an advertisement might call for about 15 DNS requests, while a MySpace page can call for 350 or more.
"If you drill down to look at what the bandwidth pressures are for an enterprise, those types of requests can become a particular problem," Stahl aid. "That cumulative effect of traffic can put a significant burden on a company's internal DNS servers and network bandwidth and it can begin to negatively affect business transactions."
It was viewed as a big time waster and really had very little to do with business value of your average accounts-payable clerk.
Darin Stahl, research lead, Info-Tech Research Group Inc.
Paul Geczy, vice president of administration at Jayco Inc., a Middlebury, Ind.-based manufacturer of recreational vehicles, said he blocks employee access to social networking sites with a Web filter from Barracuda Networks Inc.
Geczy said any benefits associated with allowing employees to use these sites are "outweighed by the liabilities of lost productivity and security issues." He said blocking the sites is easy, but new sites pose a challenge.
"The blocked ones stay blocked, but keeping up with the proliferation of such sites is difficult," Geczy said.
Stahl said some CIOs might tolerate social networking sites because they are confident in their security infrastructure or they just don't have the budget to invest in perimeter control technology that can discretely block access to certain sites.
Moreover, CIOs may be reluctant to block such sites because of the effect the action can have on employee morale. That wasn't a concern for Geczy.
"We haven't had complaints because we're very upfront policy-wise with our user community," Geczy said. "The systems are all for business use, all transactions, etc., are the property of the company. There is no expectation of privacy. Users have to agree in writing to abide by our policies as a term and condition of being granted access to our networks. We've blocked certain classes of websites from the beginning."
Let us know what you think about the story; email email@example.com.