Report Examines User and Application Trends in the Enterprise of over 1,100 Applications Across 723 Organizations Worldwide
Thousands of applications are available to employees that can enhance business productivity and performance, and are fundamentally changing the way people work and communicate around the globe. While many of these applications have clear benefits, IT departments are struggling to understand and manage the challenges and risks they face as a result of these applications gaining momentum across the enterprise.
Palo Alto Networks today released the 6th Edition of its Application Usage and Risk Report which provides a fascinating glimpse into what’s happening within the networks of enterprises around the globe, and provides foresight into the risks associated with the applications employees are using every day.
The report looks at the risks that are introduced by the heavy use of applications that enable users to “say” what they want through personal webmail and instant messaging, “socialize” when they want through social networking, and “share” when they want via P2P or browser-based file sharing.
Palo Alto Networks identified several patterns related to users’ applications to collaborate with others.
“Saying Applications” – Unmonitored, Unchecked, and Risky
The group of “saying” applications, including webmail and instant messaging applications, are still being used in a largely unmonitored and uncontrolled manner, which introduces significant risk. Inbound risks include exposure to malware, vulnerability exploits, etc. and outbound risks include data loss, and inadvertent sharing of private or proprietary data.
Of these “saying” applications, Palo Alto Networks found that all either hop ports or use fixed ports that are not TCP/80 or TCP/443, making it harder to monitor and control the related business and security risks. It was also discovered that 60% of the saying applications analyzed are capable of transferring files, further exposing the organizations to added risk via data leakage or malware via attachments.
Email and Instant Messaging – Globally, Gmail and Yahoo! Instant Messaging are the most frequently used webmail and instant messaging applications. These market-leading applications are being challenged by the rapid growth of Facebook Mail and Facebook Chat, both of which appear in the 5 most frequently detected applications across all geographies analyzed.
The dominant underlying technology for the saying applications is the browser at 67% (66 of 99). Of the 99 different “saying” applications analyzed, 59 (60%) of them are capable of transferring files. The business risks associated with file transfer revolve around the fact that the traffic looks like web traffic and could actually be unauthorized transfer of files (data leakage) and exposure to malware via file attachments.
“Socializing Applications” – Facebook dominates
Facebook dominates social media usage. Facebook traffic alone is 500% greater than the 47 other social networking applications analyzed – combined.
Your Employees Are Voyeurs! The bulk of facebook traffic (88%) comes from users simply reading Facebook pages. The risks here? Loss of productivity and exposure to malware brought by clicking on a shared link on a user’s wall or a message. Unfortunately, while we like to trust our friends and are more likely to click on a link coming from a trusted source, it’s important to realize that all too often, those lnks are not actually shared with intent, and come from targeted facebook attacks such as clickjacking and applications hijacking profiles.
According to Panda Security’s first annual Social Media Risk Index released recently, one third of small-to-medium-sized businesses (SMBs) experienced a malware or virus infection via social networks through July of this year, and 23 percent actually lost sensitive data via social networks. Facebook was the top culprit for companies that experienced malware infection (71.6 percent) and privacy violations, e.g. the leaking of sensitive company information (73.2 percent), according to the study.
Farmers Aren’t Eating Up Your Bandwidth! – Facebook Apps such as Farmville, Mafia Wars, and other 3rd party applications represent only 6% of total facebook traffic.
An interesting conclusion is that while social networking apps may be draining productivity, if secured correctly, they should be general management’s problem, not IT’s. Contrary to what many think, social networking apps are consuming half of 1% of overall network bandwidth in the enterprises analyzed in this report.
Sharing – Users are always finding a way
P2p applications are often used in an unmonitored and uncontrolled manner, which, in turn, introduces significant inbound and outbound risks.
BitTorrent is the most frequently used P2P application globally, with Xunlei appearing consistently in the top 5 in many countries. Interestingly, Xunlei bandwidth consumption dwarfs BitTorrent use by 460%. When these applications go unmonitored, they do pose certain business and security risks. Business risks include internal compliance with application usage policies that may not allow the use at all, or dictate what can or cannot be said about the company. Compliance violations can also occur easily when these applications are in use within specific industries such as financial services or health care. It the previous version of the Application Usage and Risk Report released in March 2010, Palo Alto Networks discovered that these heavily regulated industries are as “connected” as universities in terms of social networking and other Web 2.0 or “rogue” apps, and have little control over social networking applications and risks as such application usage continues to increase.
Browser-based file sharing applications have steadily grown in popularity to the point where they are used more frequently (96%) than P2P (82%) or FTP (91%). Applications like DocStoc, YouSendIt! and Box.net were, and still are, used for business purposes.
• DocStoc – a public document repository, DocStoc allows users to find forms such as a leasing agreement, or a legal document such as a non-disclosure agreement (NDA) which can be benedicial for work purposes.
• YouSendIt! – enables users to move large files to a limited set of users. Upload the file, receive a URL, and then send it to the recipient(s). The user interface for YouSendIt! encourages a 1:1 or 1:few distribution model and its product positioning make this application more work-oriented than others.
• Box.net -Collaborative, cloud-based storage. Box.net positions its offering as a solution for corporations that are using collaborative tools such as Microsoft SharePoint. Its offering includes connectors and APIs for many of these corporate offerings. The purpose is to store and collaborate on files and projects using the ubiquitous nature of the Internet cloud.
The most significant change within the browser-based file sharing group, Palo Alto Networks says, is the emergence of a group that uses a broadcast-focused distribution model, making it similar in behavior to P2P, but without the underlying technology. Many sites have emerged that enable users to upload content and allow it to be indexed by one of the many affiliated search engines.
Sites like rapidshare.net, megadownload.net and mediafiresearch.org host a wide range of content. Users can often find the latest movies and popular TV series, almost certain to be copyrighted content. These apps target active “file sharers,” and often reward active “uploaders.”
In its 2010 “Digital Music & Movies Report: The True Cost of Free Entertainment,” McAfee revealed a growing number of cyber threats associated with downloading digital music and videos.
Cloud Computing – Driven by users and IT
The report also provides some statistics and discussion around the use of enterprise-class cloud-based applications.
There has been significant discussion around the deployment of enterprise-class, cloud-based applications recently. Results from the report show that organizations may be moving beyond debating the pros and cons of enterprise-class, cloud-based applications to actual deployment. Enterprise-class, cloud-based applications that are designed to support business processes are very much in use now.
The report found at least 92 enterprise-class, cloud-based applications that are streamlining and supporting business processes. The report broke the applications down into the following groups:
• Infrastructure: found in 97% of the organizations, this group of 29 applications includes backup and storage, and software updates.
• Productivity: found in 91% of the participating organizations, this group of 37 applications provides office productivity, ERP/CRM, filesharing, and database functionality.
• Collaboration: found in 68% of the organizations, these applications that foster collaboration via web conferencing, VoIP, and business-focused social networking (LinkedIn, XING, Viadeo).
The traffic usage patterns for select Microsoft and Google applications indicate both top-down and bottom-up adoption, especially in the last months. The report notes that enterprise versions of Google Docs and Gmail were found in 30% of the 723 participating organizations.
Additionally, traditional cloud-based applications such as WebEx and salesforce.com were (and still are) used by a relatively small set of remote users. The adoption and use of these applications, is, by and large, driven by IT (top-down). As tech-savvy users enter the workforce, their usage patterns, work patterns, and requests for more application alternatives are accelerating and expanding the adoption of a wider range of cloud-based applications.
“IT teams are looking for ways to retain control within their organization at a time when non-IT-supported projects are pervasive,” said Rene Bonvanie, vice president of worldwide marketing at Palo Alto Networks. “In fact, we’re starting to see more trending of IT teams themselves embracing more progressive enterprise applications, which is indicative of these disruptive forces at work.”
The data used to compile the enterprise application usage report comes from the Palo Alto Networks’ next-generation firewalls that are deployed in either tap mode or virtual wire mode, where it monitors traffic traversing the networks of clients globally. This latest (6th) edition was compiled from data collected between March 2010 and September of 2010.
Do you block or embrace these applications in your enterprise?
Alex Thurber, SVP Worldwide Channel Operations for McAfee’s Mid Market business suggests that companies give employees the tools to use social media responsibly. “Although users can’t trust every link that people post or control, companies can put forward best practices to arm employees with the tools they need to be productive and safe. Between this type of education, and technology that can block dangerous links and applications, Web 2.0 can be used safely for business,” writes Thurber.
The full Application Usage and Risk Report (October 2010), is available here.
< Be Informed. Subscribe to the SecurityWeek Email Briefing Here >