Study Looks At Move To Cloud-Based Applications, Facebook Usage At Work

In its latest edition of the Application Usage and Risk Report, Palo Alto Networks draws attention to several realities that typically fall outside of the approved enterprise communications mechanisms.  These applications can enhance business responsiveness and performance -- but, conversely-- introduce inbound risks such as malware and vulnerability exploits, and outbound risks such as data loss and inadvertent sharing of private or proprietary data. The report advocates for assigning an action to these saying, socializing and sharing applications, and fostering discussions and creating viable policies around acceptable use.

Now in its 6th edition, the Application Usage and Risk Report consists of real-world traffic from 723 organizations worldwide, and examines user and application trends in the enterprise. In its analysis, Palo Alto Networks identified several patterns related to users’ applications to collaborate with others. These applications were pervasive among these participating organizations, and can be summarized as “saying, sharing and socializing applications.” In fact, these applications present are in up to 96 percent of the participating organizations and consume nearly one-quarter of the overall bandwidth.

Saying applications, including webmail and instant messaging applications, are still being used in a largely unmonitored and uncontrolled manner, which introduces significant inbound and outbound risks. Palo Alto Networks found that all of these saying applications either hop ports or use fixed ports that are not TCP/80 or TCP/443, which means that these applications cannot be easily monitored to control the related business and security risks. Furthermore, 60 percent of the saying applications discovered are capable of transferring files, thus opening organizations up to data leakage and the delivery of malware via attachments.

Since 2008, browser-based file-sharing applications have steadily grown in popularity to the point where they are now used more frequently than P2P or FTP. Now seen in 96 percent of organizations, these applications simplify file sharing but can also be broadcast-oriented (similar to P2P) in their distribution model. Using RapidShare, MegaUpload, or MediaFire, users can now upload their content and allow it to be indexed by one of the many affiliated search engines.

Traffic patterns of Facebook may contradict certain assumptions about its use in the workplace. The bulk of the traffic (88 percent) is users watching Facebook pages.

The risks that voyeurism represent include a potential loss of productivity and the possibility of malware introduction by clicking on a link within someone’s “wall.” Comparatively speaking, usage of Facebook apps (including popular games such as FarmVille) only represents 5 percent of Facebook traffic. Facebook posting represents an even smaller 1.4 percent of the traffic, yet the small amount of use should not minimize the risks in terms of what users are saying about work-related subjects such as current projects, travel plans and company status.

“IT teams are looking for ways to retain control within their organization at a time when non-IT-supported projects are pervasive,” said René Bonvanie, vice president of worldwide marketing at Palo Alto Networks. “In fact, we’re starting to see more trending of IT teams themselves embracing more progressive enterprise applications, which is indicative of these disruptive forces at work.”

Results indicate that IT organizations may be moving beyond debating the pros and cons of enterprise-class, cloud-based applications to actual deployment. The traffic usage patterns for select Microsoft and Google applications indicate both top-down and bottom-up adoption, especially in the last months.

For example, enterprise versions of Google Docs and Gmail were found in 30 percent of the 723 participating organizations. In other words, the high use of “free” versions of the Google applications by the end-user may be forcing IT to consider these tools as licensed and fully supported alternatives -- or replacements -- for existing tools. As more tech-savvy users enter the workforce, their work patterns and requests for more application alternatives will likely accelerate the adoption of a wider range of enterprise-class applications.

 

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3