IT Productivity Center

Firefox is primary security risk faced by users

rss@itproductivity.org — Tue, 10 Nov 2009 07:13:20 -0700

According to a security vulnerability report by Cenzic, Of all Web vulnerabilities, 90 percent pertained to code in commercial Web applications, while Web browsers comprised about 8 percent and Web servers about 2 percent. Of the browser vulnerabilities, Firefox had 44 percent of the total, but perhaps the biggest surprise was Safari, which formed 35 percent of the browser vulnerabilities. Internet Explorer was third, with 15 percent, and Opera was at 6 percent.

Of the published vulnerabilities in Commercial Off The Shelf (COTS) applications, SQL Injection, and XSS were once again the most common vulnerabilities, which is why, it is no coincidence that most of the attacks in first half exploited these two vulnerabilities. Based on thousands of assessments performed by Cenzic's managed service, nine out 10 applications continue to be vulnerable with Information Leaks, Cross Site Scripting, Authentication Flaws, and Session Management as the most common categories.

The top 10 vulnerabilities for the first half of 2009, included familiar names such as Sun, IBM, SAP, PHP, and Apache.

Service-Oriented Architecture and IT Service Management Are Keys To Success in the Recovery

rss@itproductivity.org — Tue, 27 Oct 2009 15:54:53 -0700

SOA and ITSM drive success and productivity

One bad customer experience can cost you that customer for life. Hospitality, travel, retail, healthcare, and financial services are especially prone to losing customers who have a negative experience. It does not take much for a customer to decide that you and your company are not worth his time, effort, or money.

Customers like to feel loved, and they are turned off very quickly when they sense that you do not care about the pain they are feeling. Even if you cannot help them because the situation is beyond your control, acknowledge that you understand both the situation and their frustration.

No customer wants the person serving her to be distracted or preoccupied. Ever go to the local mall and try to get help from a teenager focused more on texting her friends than helping you find what youre looking for? On the other hand, being too focused can be a bad thing. Have you ever asked an innocent question out of curiosity and then found yourself stuck for an eternity while a customer support person hunts endlessly for an answer? This person is likely so focused on getting the answer that he does not realize that you really do not care that much about it and would rather not wait for an answer to an inessential question. Be sure your people understand the degree of focus required for the job.

Even if the employee has the right skill set and experience, his odds of being successful and remaining on the job are low if his core behaviors and tendencies do not line up with those needed for success in that particular role. This is especially true for customer-facing roles in which your frontline employees act as extensions of your brand and heavily influence the customer experience.

Unused Servers Waste Engery and Critical IT Resources

rss@itproductivity.org — Tue, 20 Oct 2009 07:23:24 -0700

Millions of servers around the world are doing little more than wasting energy, according to a new study.

At least 15 percent of servers are not doing anything useful, said a majority (72 percent) of server managers polled by Kelton Research. In addition, 83 percent said they don't have an adequate grasp of server utilization, and 72 percent rely on CPU utilization as their measure of server efficiency.

The cost of unused servers is estimated at $24.7 billion a year, including the value of hardware, maintenance, management, energy and cooling for unused servers.

Specifically, the study concludes that an estimated 4.75 million servers worldwide are being run 24/7, managed and upgraded without being actively used on a daily basis. Assuming about $4,400 per server per year in operational costs (an IDC estimate), those unused servers cost $20.9 billion to run, plus consume another $3.8 billion in energy costs.

Reasons to block instant messaging

rss@itproductivity.org — Sat, 17 Oct 2009 21:09:21 -0700

In the workplace, instant messaging (IM)often replaces

e-mail and phone calls for user-to-user or group conversations. This includes frequent exchanges of files, records and other data, plus regular back-and-forth texting between coworkers or collaborators busy getting their jobs done. Though much IM traffic involves pairs of users, it's neither difficult nor unusual for multiparty IM sessions to replace conference calls. Many IM security problems can expose organizations directly to serious security risks and potentially devastating legal liabilities or financial losses. Because most consumer-grade IM technology is not encrypted, that makes a good place to start exploring how and why this claim holds water. Many IM packages also lack strong proofs of user identity, perform neither file nor content screening on transmissions and directly expose users to malicious software and behavior.

Employment down for IT professionals according to IEEE-USA

rss@itproductivity.org — Sun, 11 Oct 2009 21:26:16 -0700

The number of unemployed IT professionals, including systems analysts, has reached 59,000 in the third quarter, up from 49,000 in the previous quarter.

In 2001, there were 745,000 software engineers. In 2002, that number had fallen to 715,000 but then started to increase until the third quarter of 2008, when it reached 1.078 million; software engineer employment now stands at 970,000.

In 2001, there were 734,000 computer scientists and systems analysts, compared to 745,000 in the most recent quarter -- the same number reported in 2005. The peak employment year in this category was 837,000 in 2008.

While the overall third-quarter unemployment rate for computer professionals rose from to 6% from 5.4% in the second quarter, the jobless rate declined for electrical engineers and software engineers, according to a new analysis of government labor data compiled by the IEEE-USA.

The organization of technical professionals said that the unemployment rate for electrical engineers fell in the third quarter from 8.6% to 7.3%, possibly with the help of increasing investments in smart grid technologies. Unemployment among software engineers in the third quarter also fell, to 4.7% from 5%.

The most recent employment data for software engineers is mixed, improving in some areas but declining overall.

CIO and companies look towards virtualization solutions

rss@itproductivity.org — Mon, 05 Oct 2009 14:05:46 -0700

Virtualization management is increasingly more important as CIOs and companies look for every way possible to extract as much value as they can from their IT investments. For many, the answer is next generation tools that deliver proactive monitoring and predictive capacity analysis to enhance the most popular virtualization solutions and improve the odds of a fast return on investment (ROI).

CIOs are looking for virtualization management solutions that will immediately demonstrate its value by predicting your resource utilization trends and alerting you in advance of potential issues. In this process CIOs hope to:

Discover the benefits and features of a self-contained virtualization analyzer that instantly deploys and begins solving your capacity planning and monitoring needs.
Learn how better capacity planning enables users to increase virtual machine (VM) densities on existing hardware while maximizing performance of the virtual data center
Find out how an effective virtualization analyzer can quickly identify capacity bottlenecks, find available capacity for new virtual machines (VMs), and increase VM densities with your existing hardware

Cost cutting continuing in many IT organizations

rss@itproductivity.org — Sun, 04 Oct 2009 16:29:58 -0700

No matter what the media says about the recession bottoming out, times are still tough for may IT organization - hiring is down and budget cuts continue. Over 200 CIOs interviewed by Janco associates say, many IT projects are delayed or stopped, layoffs continue and next year's budget will be lower.

Most CIO's continue to look for ways to reduce costs. Many no longer are willing to pay a premium for vendors to fix any problems in key software and hardware within four hours instead of a 24-hours. Sometimes things stay broken until IT staffers can figure out the fixes themselves.

Steps that CIOs are taking include:

Reducing systems maintained on a 7/24 level - Instead of eliminating maintenance contracts, reduce the frequency of turnaround time -- from, say, four hours to 24 hours or even longer.
Reducing weekend and late-night service levels.
Reducing contracted fees paid to vendors -- many are more willing than in the past to wheel and deal, rather than lose a contract completely.
Communicating with users that they can expect decreased maintenance, particularly with regard to timing and service levels.

However it is critical to not impact core infrastructure systems or those that are customer centric.

What does Web 2.0 Promise

rss@itproductivity.org — Thu, 01 Oct 2009 12:26:05 -0700

Web 2.0 is the next step in the evolution of the computer industry caused by the move to the Internet as platform. While most focus on the implications of software development technologies used to create Web 2.0 applications, it is important to understand the attitude of empowerment of Web 2.0 software developers place a high priority on accomplishing the following objectives with Web 2.0 in order to attain the larger business goals:

Graphical user interface (GUI) functionality, such as "drag and drop" enable applications with functionality on par and superior with applications built for traditional GUI-based operating systems such as Microsoft Windows.
Richer content. Web 2.0 developers are fond of creating applications known as "Mashups." Mashups increase the usefulness of an application by combining content from multiple sources, but may include sources with questionable pedigrees.
Performance. Improve the speed of applications, often by leveraging the client computing resources and reducing the frequency with which a Web application performs GET and POST calls to the Web server. This is accomplished by transferring application and business logic from a tightly controlled host environment to a client system, which can be more readily manipulated.
Interactivity. Making the application more attractive, engaging, user friendly, and ultimately more productive for the user.

PCI-DSS is not working as designed

rss@itproductivity.org — Tue, 29 Sep 2009 04:53:01 -0700

PCI is not working as designed according to the survey of more than 500 U.S. and multinational IT security practitioners at companies with an average of $5.6 billion in annual revenue:

71% of respondents do not treat PCI as a strategic initiative, yet 79 percent have experienced a data breach involving the loss or theft of credit card information.
55% of respondents focus only on credit card data protection and do not attempt to secure sensitive information such as Social Security numbers, drivers license numbers, bank account details and other data about people and families.
60% of respondents do not think they have sufficient resources to comply with PCI and bring about a necessary level of cardholder security.

Scam shows creativity of Internet thieves

rss@itproductivity.org — Sat, 19 Sep 2009 09:47:12 -0700

A security vendor has identified an online service offering to help anyone to hack into any Facebook account for $100. However, those who sign up for the service could find themselves becoming the victims instead.

Users of the service are required to first register with the site and then provide an ID of the Facebook account they want hacked. Users who enter the ID and click on a "Hack it" button are then presented with the username of the owner of the Facebook account. They then have the option to "Start Facebook hacking."

Those who follow the instructions are eventually told that the hack was successful and a password for the account was retrieved. In order to get the password, the user is then required to send $100 via Western Union to an individual in the Ukraine.

Threats CIOs and CSOs need to address

rss@itproductivity.org — Sat, 12 Sep 2009 00:05:16 -0700

CIOs and CSOs need to be aware of the threats that their enterprise networks and users face. As threats change and attacks increase, it is necessary to develop and adapt new security measures. Areas of threat and security exposure are:

Operating systems vulnerabilities that can lead to massive Internet worms
Client-side vulnerabilities, including vulnerabilities in browsers, in office software, in media players and in other desktop applications.
Users who are allowed by their employers to browse the Internet have become a source of major security risk for their organizations.
Web application vulnerabilities in open-source as well as custom-built applications.
Default configurations for many operating systems and services leave security gaps.
Attackers are finding more creative ways to obtain sensitive data from organizations.

Big Brother gets bigger and bolder - Security at Risk

rss@itproductivity.org — Mon, 07 Sep 2009 08:53:16 -0700

Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched, copied and even held by customs agents -- all without need to show suspicion for cause.

Notices are being proposed by the Privacy Office at the U.S. Department of Homeland Security (DHS), which last week released a report approving the suspicion less searches of electronic devices at U.S. borders.

The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so. It states on the cover page:

"With changes in technology over the last several decades, the ability to easily and economically carry vast amounts of information in electronic form has risen dramatically. The advent of compact, large capacity, and inexpensive electronic devices, such as laptop computers, thumb drives, compact disks (CD), digital versatile disks (DVD), cell phones, subscriber identity module (SIM) cards, digital cameras, and other devices capable of storing electronic information (hereinafter "electronic devices") has enabled the transportation of large volumes of information, some of which is highly personal in nature. When these devices are carried by a traveler crossing the U.S. border, these and all other belongings are subject to search by the U.S. Department of Homeland Security (DHS) to ensure the enforcement at the border of immigration, customs, and other federal laws. In particular, U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE) may conduct border searches of such electronic devices as part of CBP's mission to interdict and ICE's mission to investigate violations of federal law at and related to the Nations borders. CBP Officers and ICE Special Agents conduct border searches of electronic devices to determine whether a violation of U.S. law has occurred."

Also, while in many cases searches would be done with the knowledge of the traveler in some situations, the report says, "it is not practicable for law enforcement reasons to inform the traveler that his electronic device has been searched."

In arriving at the assessment, the Privacy Office argued that such searches of electronic devices were no different from searches of briefcases and backpacks. They are needed to interdict and investigate violations of federal law at U.S. borders and have been supported by courts in the past, the assessment said.

Health related information technology - growth area

rss@itproductivity.org — Thu, 03 Sep 2009 09:23:14 -0700

The federal government's emphatic push into health-related information technologies is likely to generate a wave of new work for IT contractors.

The deployment of health IT systems - most notably electronic medical records that can be exchanged among patients, doctors, specialists and other health care providers - is high on President Barack Obama's priority list. He has contended that digitizing all health care records within five years will help the effort to revive the economy.

Indeed, the American Recovery and Reinvestment Act of 2009 allotted $19 billion in health IT investments. And any major health reform legislation that Congress passes this year is expected to add more funding for electronic medical records exchange, sources say.

The stimulus package contains funding for regional health IT extension centers, which assist health providers across the country to adopt or enhance EHRs.

Productivity metrics defined in HandiGuide

rss@itproductivity.org — Sun, 30 Aug 2009 09:36:20 -0700

Metrics are the key to managing productivity. Today revenues are down and budgets have fallen along with them. Companies have frozen capital expenditures and the push is on to cut the costs of operations. In such an environment, companies look hard to create efficiencies wherever possible. For IT, this means intense pressure to do far more with existing resources.

So wheres the upside? For many companies, it comes in the form of an opportunity to consolidate IT operations. For years, companies have known that this can help eliminate duplication of effort, lower service costs, increase efficiency, and improve business agility by reducing complexity. But obstacles born of internal politics and IT domain turf battles have often stood in the way.

The stark reality of todays economic conditions is helping many organizations break through this resistance and make the business case for consolidated IT operations. The fact is, consolidating IT operations should be seen as one of the best options available for organizations that need to quickly optimize costs and increase efficiency. Whats more, IT consolidation enables you to redeploy valuable IT resources to focus on strategic activities that help improve business performance. And because these initiatives leverage what you already have, projects to consolidate operations typically lack the uncertainty and risk of other IT projects. In the end, the business case is solid, the investment is minimal, and the ROI is rapid. Youll be able to conserve resources to survive the recession today while setting yourself up to capitalize on new business opportunities as the economy recovers.

Netbook offerings expanding - 12 hour battary life

rss@itproductivity.org — Mon, 24 Aug 2009 08:07:40 -0700

Nokia has unveiled the Booklet 3G, a netbook with high-speed mobile broadband and Wi-Fi connectivity, and a GPS receiver, the company said on Monday.The Booklet 3G should run for up to 12 hours on one battery charge, Nokia said. It weighs 1.25 kilograms, has an aluminum chassis and is slightly more than 2 centimeters thin.

Detail specifications:

10 inch HD ready screen (1366 x 768 pixels), more than other 10 inch netbook models
Atom CPU
12 hours battery life (manufacturer claim)
1.25 kilograms (2.75 lbs)
20 mm thickness
3G/HSDPA/WiFi, Bluetooth connectivity
HDMI video out port
SD card reader
A-GPS - Comes with Ovi Maps preinstalled
Windows operating system (maybe Windows 7 Starter as in the video above, but nothing sure)

The mobile broadband connection will be based on HSPA (High-Speed Packet Access), but Nokia doesn't want to elaborate on what speeds it will support.

Record mangement key to information goverance

rss@itproductivity.org — Thu, 20 Aug 2009 08:02:29 -0700

Effective record management and information governance provides a foundation for addressing the various challenges faced with electronic information, including:

Management of information growth. Proactively monitoring and managing what content is being stored based on business value and record keeping obligations;
Mitigation of risk. Reducing risk and ensuring conformance with different regulatory, legal and business policies; and
Management of access to content. Driving competitive advantage and improving business operations through both access control and better re-use of information. Policy is at the heart of each of these challenges and key to an information governance strategy.
Information governance is most effective when policies can be carried forward consistently with enabling technologies. Foundational technologies at the core of a good information governance strategy include classification, security and access control, retention policy management, search, archiving and content management.

Escalation and Incident Management Defined by Janco

rss@itproductivity.org — Fri, 14 Aug 2009 08:00:31 -0700

Escalation is often mentioned when dealing with Incident and Problem Management processes. The ITIL Incident Management process talks about Hierarchical and Functional escalations but did not call out "Escalation Management" as a separate and important ITIL process within Service Operation.

The criteria to trigger an escalation depend on the organization or service provider. However, it should be well defined and the Internet and IT Infrastructure Temple does just that as it defines the processes that are necessary for that to take place efficiently and effectively.

The process could consist of the following activities:

Initiate an Escalation, based on meeting specific escalation criteria
Assign an Escalation manager for the escalation
Log the Escalation and link the Escalation record to related Incident or Problem records
Escalation manager assigns or appoints the escalation team. The escalation team should include the Incident owner, Problem owner, and other subject matter experts, as required
Identify appropriate Service Provider and Customer management contacts
Conduct a detailed situation appraisal and review, led by the Escalation manager
An escalation management action plan, including additional resources needed, is developed in conjunction with the Customer. The escalation management plan is to be executed in parallel with the detailed technical action plan (as per Incident/Problem Management)
The escalation management action plan is reviewed and adjusted as required
A Hierarchical Escalation (as per Incident Management process) is initiated, if appropriate. Senior management and executives are alerted.
Escalation team works to resolve the problem. At each stage, records are updated and management contacts and team are informed of the progress and escalation plan reviewed and adjusted as required.
Once resolved to the Customers satisfaction, the situation is monitored for an agreed period
The escalation team remains on standby and available in case the problem recurs during the monitoring period
Once the monitoring period is successfully completed, the escalation is closed by the Escalation manager, after seeking agreement with the Customer
Once the escalation is closed, a post escalation review is conducted and input provided to the Problem Management process. This can be done in conjunction with a post solution review as part of the Problem Management process.

Are Tablet Computers a Wave of the Future

rss@itproductivity.org — Wed, 05 Aug 2009 02:44:52 -0700

Tablet computers--elegant slates that you operate with a touch screen--are attractive if you're a sci-fi fan. There's something functionally beautiful about a computer that's all screen and nothing else, and where your interaction is directly through that screen, not an intermediary like a keyboard or mouse. And the concept works great on smartphones.

But what you can do with a screen-only computer gets really limited when you expand the device beyond pocket size. There are two big limitations. First, you need a keyboard for doing real work. At least most people do. Perhaps a generation of kids will grow up that are as speedy on a virtual keyboard as they are on a real one, but until then anyone who does more than write quick e-mails and Twitter messages on a computer will want to take a keyboard with them. And typing on the screen, even if you can do it, is an ergo disaster. Either you have to keep your hands up in the air (if the computer is mounted vertically in front of you) or you have to hunch over your screen to see it. Maybe it's the national chiropractors association that's pushing this form factor.

Steps CIO can take to improve security

rss@itproductivity.org — Tue, 28 Jul 2009 21:34:13 -0700

Five Steps CIOs can use to find solutions that help address their enterprises' security requirements

Evaluate the service-level agreement associated with the solution
Evaluate the infrastructure costs of the solution
Understand your integration and conversion requirements
Check references to validate solution claims
Understand support requirements

CIOs face pressure due to email and Web security effectively to handle traffic generated by spam. For instance, if a company builds its network to support 15 million inbound email messages per day and 14 million are purely junk.

Janco advices companies have a multilayered approach to security given the facts that 711,912 new malware threats were reported in 2007, which translates into 1,950 new malware attacks each day.

Typically, IT teams must physically build out their networks to handle corporate growth. And as the network expands, so does the need for IT staff to manage it. For many enterprises security revolves around building and managing either hardware and software or appliances. IT teams must spend a majority of their time focusing on licensing, updates, performance and availability for a host of security systems strewn about the enterprise. They also struggle with implementation and setup costs, as well as compatibility issues. This leaves little time for managing what iss most important - the business processes that mitigate risk.

Security Service Level Agreements traditionally guarantee a higher level of performance, availability, uptime and security than IT teams would be able to deliver in-house. And there are penalties to collect on if the provider fails to meet this agreement. Most SLAs offer a way for companies to access reports that feature details on threat mitigation, throughput and response-time performance, as well as other metrics.

US House Takes Aim At Domestic Outsourcing

rss@itproductivity.org — Mon, 20 Jul 2009 07:04:50 -0700

The House has passed an appropriations bill that would require civilian agencies to take an inventory their services contracts.

The $24.1 billion fiscal 2010 Financial Services and General Government Appropriations Act (H.R. 3170) passed 219 to 208 on July 16.

The legislation would have agencies create an annual inventory of services theyve outsourced to the private sector and review whether to return the work to government employees.

The new provision copies what the fiscal 2008 National Defense Authorization Act wanted from the Defense Department. However, the department has yet to submit its inventory to Congress even two years later.

New York City Wastes Taxpayer Dollars on Manual and Electric Typewriters

rss@itproductivity.org — Thu, 16 Jul 2009 17:15:32 -0700

Government agencies continue to find ways to spend taxpayer dollars and not look towards using technology a productivity tool.

The New York Post reported that despite the adoption of high-tech equipment that can read license plates from the air and detect radiological events before they happen, manual and electric typewriters continue to be used throughout the NYPD - and they will not be phased out anytime soon.

In 2008, the city signed a $982,269 contract with New Jersey-based company for the purchase of thousands of new manual and electric typewriters over the next three years - some of which retail for as much as $649 apiece.

In June, the New York city signed a $99,570 deal with company in Manhattan for the maintenance of its existing Brother, Panasonic and IBM Selectric typewriters.

Apparently, even though most of the NYPD's arrest-report forms have been computerized, officers still use typewriters to fill out property and evidence vouchers that are printed on carbon-paper forms.

People Continue to Open Spam

rss@itproductivity.org — Wed, 15 Jul 2009 15:25:41 -0700

The Messaging Anti-Abuse Working Group (MAAWG) (an industry wide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software) report about one in six consumers have at some time acted on a spam message. This confirms there is an economic incentive for spammers to keep churning out millions of spam pitches per day. The computer science departments of the University of California at its Berkeley and San Diego campuses, showed the number people who actually made a purchase following a spam pitch was just a fraction of a percent.

And some 80% of people felt their machine would never be infected with a bot (a piece of malicious software that can send spam, harvest data and do other harmful functions).

Five Steps to Detect and Prevent Security Breaches

rss@itproductivity.org — Sun, 12 Jul 2009 09:29:54 -0700

How do you defend against system attacks and security breaches? Janco Associates has defined a set of steps that enterprises of all sizes can follow to help to achieve a safe and secure computing environment. The steps that CIOs and CSOs should follow are:

1. Access the network and computing environment - Have an inventory of all devices, accesses points, security protocols, encryption levels, programs, and users. This inventory should have limited distribution and should be reviewed and updated frequently (at least quarterly).

2. Conduct in-depth system and network security audits -Test and validate that only the authorized items are running on the systems and network. Create and review in-depth logs files to monitor compliance to security protocols, violation alerts, and actions taken.

3. Establish network access rules that allow on valid access - Close all un-used ports on routers and disable all unused user ids and passwords. Implement a "two-factor" authentication and encryption process for all sessions. Require all users to use "two-factor" authentication. On the third authentication violation within a specified period, disable the device, port, or user from the system and network.

4. Mechanize and retain detail logs - Record everything possible including dates with full timestamps and implement firewalls that minimize inbound attacks. Review these logs in detail daily and report at least weekly to the CIO or CSO the types of issues that occur.

5. Assume someone is attacking you now - Use the logs in a comparative way to see differences between prior periods and the current period to identify how someone could be getting into the system and network. Have outside third parties try to break in - see if you can identify and block them.

All of these steps have defined policies and procedures that are defined in the Security Manual Template.

Security Procedures vs Cyber Attacks

rss@itproductivity.org — Wed, 08 Jul 2009 10:39:35 -0700

Cyber attacks target the computer or telecoms networks of critical infrastructures, such as power systems, traffic control systems or financial systems. What many have assumed is the worst thing you can do is shut things down. That is not necessarily the case. Many times the worst thing you can do, for example, is open a valve -- have bad things spew out of a valve.

Government and industry including the stock market are facing massive cyber attacks. While the source of the attacks was not pinpointed, officials said they suspected the attacks originated in North Korea or from groups sympathetic to North Korea. Law enforcement officials in the U.S. and South Korea have stepped up their efforts to halt the denial of service cyber attacks.

In the U.S., some government agencies including the Treasury Department, the Transportation Department and the Federal Trade Commission were down for much of the July 4th holiday weekend.

Internet Misuse Concerns CIOs

rss@itproductivity.org — Tue, 30 Jun 2009 09:22:31 -0700

When employees and enterprise associates misuse the Internet there are ramifications for and to your enterprise:

Higher operating expenses and reduced productivity
Exposure to security problems such as malware
Exposure to legal risks due to inappropriate material
Wasted bandwidth to support the misuse
Unlicensed software when users download and install software from the internet
Reputation risk from social networking which can create opportunities for employees to leak confidential information or spread damaging rumors online