Connect with us

Hi, what are you looking for?



User and Application Trends that Dominate Enterprises

Report Examines User and Application Trends in the Enterprise of over 1,100 Applications Across 723 Organizations Worldwide 

Report Examines User and Application Trends in the Enterprise of over 1,100 Applications Across 723 Organizations Worldwide 

Thousands of applications are available to employees that can enhance business productivity and performance, and are fundamentally changing the way people work and communicate around the globe. While many of these applications have clear benefits, IT departments are struggling to understand and manage the challenges and risks they face as a result of these applications gaining momentum across the enterprise.

Palo Alto Networks today released the 6th Edition of its Application Usage and Risk Report which provides a fascinating glimpse into what’s happening within the networks of enterprises around the globe, and provides foresight into the risks associated with the applications employees are using every day.

The report looks at the risks that are introduced by the heavy use of applications that enable users to “say” what they want through personal webmail and instant messaging, “socialize” when they want through social networking, and “share” when they want via P2P or browser-based file sharing.

Palo Alto Networks identified several patterns related to users’ applications to collaborate with others.

Enterprise Application Usage by Region

“Saying Applications” – Unmonitored, Unchecked, and Risky

The group of “saying” applications, including webmail and instant messaging applications, are still being used in a largely unmonitored and uncontrolled manner, which introduces significant risk. Inbound risks include exposure to malware, vulnerability exploits, etc. and outbound risks include data loss, and inadvertent sharing of private or proprietary data.

Advertisement. Scroll to continue reading.

Of these “saying” applications, Palo Alto Networks found that all either hop ports or use fixed ports that are not TCP/80 or TCP/443, making it harder to monitor and control the related business and security risks. It was also discovered that 60% of the saying applications analyzed are capable of transferring files, further exposing the organizations to added risk via data leakage or malware via attachments.

Email and Instant Messaging – Globally, Gmail and Yahoo! Instant Messaging are the most frequently used webmail and instant messaging applications. These market-leading applications are being challenged by the rapid growth of Facebook Mail and Facebook Chat, both of which appear in the 5 most frequently detected applications across all geographies analyzed.

The dominant underlying technology for the saying applications is the browser at 67% (66 of 99). Of the 99 different “saying” applications analyzed, 59 (60%) of them are capable of transferring files. The business risks associated with file transfer revolve around the fact that the traffic looks like web traffic and could actually be unauthorized transfer of files (data leakage) and exposure to malware via file attachments.

“Socializing Applications” – Facebook dominates

Facebook dominates social media usage. Facebook traffic alone is 500% greater than the 47 other social networking applications analyzed – combined.

Your Employees Are Voyeurs! The bulk of facebook traffic (88%) comes from users simply reading Facebook pages. The risks here? Loss of productivity and exposure to malware brought by clicking on a shared link on a user’s wall or a message. Unfortunately, while we like to trust our friends and are more likely to click on a link coming from a trusted source, it’s important to realize that all too often, those lnks are not actually shared with intent, and come from targeted facebook attacks such as clickjacking and applications hijacking profiles.  

According to Panda Security’s first annual Social Media Risk Index released recently, one third of small-to-medium-sized businesses (SMBs) experienced a malware or virus infection via social networks through July of this year, and 23 percent actually lost sensitive data via social networks. Facebook was the top culprit for companies that experienced malware infection (71.6 percent) and privacy violations, e.g. the leaking of sensitive company information (73.2 percent), according to the study. 

Farmers Aren’t Eating Up Your Bandwidth! – Facebook Apps such as Farmville, Mafia Wars, and other 3rd party applications represent only 6% of total facebook traffic.

An interesting conclusion is that while social networking apps may be draining productivity, if secured correctly, they should be general management’s problem, not IT’s. Contrary to what many think, social networking apps are consuming half of 1% of overall network bandwidth in the enterprises analyzed in this report.

Sharing – Users are always finding a way

P2p applications are often used in an unmonitored and uncontrolled manner, which, in turn, introduces significant inbound and outbound risks.

BitTorrent is the most frequently used P2P application globally, with Xunlei appearing consistently in the top 5 in many countries. Interestingly, Xunlei bandwidth consumption dwarfs BitTorrent use by 460%. When these applications go unmonitored, they do pose certain business and security risks. Business risks include internal compliance with application usage policies that may not allow the use at all, or dictate what can or cannot be said about the company. Compliance violations can also occur easily when these applications are in use within specific industries such as financial services or health care. It the previous version of the Application Usage and Risk Report released in March 2010, Palo Alto Networks discovered that these heavily regulated industries are as “connected” as universities in terms of social networking and other Web 2.0 or “rogue” apps, and have little control over social networking applications and risks as such application usage continues to increase.

Browser-based file sharing applications have steadily grown in popularity to the point where they are used more frequently (96%) than P2P (82%) or FTP (91%). Applications like DocStoc, YouSendIt! and were, and still are, used for business purposes.

DocStoc – a public document repository, DocStoc allows users to find forms such as a leasing agreement, or a legal document such as a non-disclosure agreement (NDA) which can be benedicial for work purposes.

YouSendIt! – enables users to move large files to a limited set of users. Upload the file, receive a URL, and then send it to the recipient(s). The user interface for YouSendIt! encourages a 1:1 or 1:few distribution model and its product positioning make this application more work-oriented than others. -Collaborative, cloud-based storage. positions its offering as a solution for corporations that are using collaborative tools such as Microsoft SharePoint. Its offering includes connectors and APIs for many of these corporate offerings. The purpose is to store and collaborate on files and projects using the ubiquitous nature of the Internet cloud.

The most significant change within the browser-based file sharing group, Palo Alto Networks says, is the emergence of a group that uses a broadcast-focused distribution model, making it similar in behavior to P2P, but without the underlying technology. Many sites have emerged that enable users to upload content and allow it to be indexed by one of the many affiliated search engines.

Sites like, and host a wide range of content. Users can often find the latest movies and popular TV series, almost certain to be copyrighted content. These apps target active “file sharers,” and often reward active “uploaders.”

In its 2010 “Digital Music & Movies Report: The True Cost of Free Entertainment,” McAfee revealed a growing number of cyber threats associated with downloading digital music and videos.

Cloud Computing – Driven by users and IT

The report also provides some statistics and discussion around the use of enterprise-class cloud-based applications.

There has been significant discussion around the deployment of enterprise-class, cloud-based applications recently. Results from the report show that organizations may be moving beyond debating the pros and cons of enterprise-class, cloud-based applications to actual deployment. Enterprise-class, cloud-based applications that are designed to support business processes are very much in use now.

The report found at least 92 enterprise-class, cloud-based applications that are streamlining and supporting business processes. The report broke the applications down into the following groups:

Infrastructure: found in 97% of the organizations, this group of 29 applications includes backup and storage, and software updates.

Productivity: found in 91% of the participating organizations, this group of 37 applications provides office productivity, ERP/CRM, filesharing, and database functionality.

Collaboration: found in 68% of the organizations, these applications that foster collaboration via web conferencing, VoIP, and business-focused social networking (LinkedIn, XING, Viadeo).

The traffic usage patterns for select Microsoft and Google applications indicate both top-down and bottom-up adoption, especially in the last months. The report notes that enterprise versions of Google Docs and Gmail were found in 30% of the 723 participating organizations.

Additionally, traditional cloud-based applications such as WebEx and were (and still are) used by a relatively small set of remote users. The adoption and use of these applications, is, by and large, driven by IT (top-down). As tech-savvy users enter the workforce, their usage patterns, work patterns, and requests for more application alternatives are accelerating and expanding the adoption of a wider range of cloud-based applications.

“IT teams are looking for ways to retain control within their organization at a time when non-IT-supported projects are pervasive,” said Rene Bonvanie, vice president of worldwide marketing at Palo Alto Networks. “In fact, we’re starting to see more trending of IT teams themselves embracing more progressive enterprise applications, which is indicative of these disruptive forces at work.”

The data used to compile the enterprise application usage report comes from the Palo Alto Networks’ next-generation firewalls that are deployed in either tap mode or virtual wire mode, where it monitors traffic traversing the networks of clients globally. This latest (6th) edition was compiled from data collected between March 2010 and September of 2010.

Do you block or embrace these applications in your enterprise?

Alex Thurber, SVP Worldwide Channel Operations for McAfee’s Mid Market business suggests that companies give employees the tools to use social media responsibly. “Although users can’t trust every link that people post or control, companies can put forward best practices to arm employees with the tools they need to be productive and safe. Between this type of education, and technology that can block dangerous links and applications, Web 2.0 can be used safely for business,” writes Thurber.

The full Application Usage and Risk Report (October 2010), is available here.

< Be Informed. Subscribe to the SecurityWeek Email Briefing Here >

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...