Study Looks At Move To Cloud-Based Applications, Facebook Usage At Work

In its latest edition of the Application Usage and Risk Report, Palo Alto Networks draws attention to several realities that typically fall outside of the approved enterprise communications mechanisms.  These applications can enhance business responsiveness and performance -- but, conversely-- introduce inbound risks such as malware and vulnerability exploits, and outbound risks such as data loss and inadvertent sharing of private or proprietary data. The report advocates for assigning an action to these saying, socializing and sharing applications, and fostering discussions and creating viable policies around acceptable use.

Now in its 6th edition, the Application Usage and Risk Report consists of real-world traffic from 723 organizations worldwide, and examines user and application trends in the enterprise. In its analysis, Palo Alto Networks identified several patterns related to users’ applications to collaborate with others. These applications were pervasive among these participating organizations, and can be summarized as “saying, sharing and socializing applications.” In fact, these applications present are in up to 96 percent of the participating organizations and consume nearly one-quarter of the overall bandwidth.

Saying applications, including webmail and instant messaging applications, are still being used in a largely unmonitored and uncontrolled manner, which introduces significant inbound and outbound risks. Palo Alto Networks found that all of these saying applications either hop ports or use fixed ports that are not TCP/80 or TCP/443, which means that these applications cannot be easily monitored to control the related business and security risks. Furthermore, 60 percent of the saying applications discovered are capable of transferring files, thus opening organizations up to data leakage and the delivery of malware via attachments.

Since 2008, browser-based file-sharing applications have steadily grown in popularity to the point where they are now used more frequently than P2P or FTP. Now seen in 96 percent of organizations, these applications simplify file sharing but can also be broadcast-oriented (similar to P2P) in their distribution model. Using RapidShare, MegaUpload, or MediaFire, users can now upload their content and allow it to be indexed by one of the many affiliated search engines.

Traffic patterns of Facebook may contradict certain assumptions about its use in the workplace. The bulk of the traffic (88 percent) is users watching Facebook pages.

The risks that voyeurism represent include a potential loss of productivity and the possibility of malware introduction by clicking on a link within someone’s “wall.” Comparatively speaking, usage of Facebook apps (including popular games such as FarmVille) only represents 5 percent of Facebook traffic. Facebook posting represents an even smaller 1.4 percent of the traffic, yet the small amount of use should not minimize the risks in terms of what users are saying about work-related subjects such as current projects, travel plans and company status.

“IT teams are looking for ways to retain control within their organization at a time when non-IT-supported projects are pervasive,” said René Bonvanie, vice president of worldwide marketing at Palo Alto Networks. “In fact, we’re starting to see more trending of IT teams themselves embracing more progressive enterprise applications, which is indicative of these disruptive forces at work.”

Results indicate that IT organizations may be moving beyond debating the pros and cons of enterprise-class, cloud-based applications to actual deployment. The traffic usage patterns for select Microsoft and Google applications indicate both top-down and bottom-up adoption, especially in the last months.

For example, enterprise versions of Google Docs and Gmail were found in 30 percent of the 723 participating organizations. In other words, the high use of “free” versions of the Google applications by the end-user may be forcing IT to consider these tools as licensed and fully supported alternatives -- or replacements -- for existing tools. As more tech-savvy users enter the workforce, their work patterns and requests for more application alternatives will likely accelerate the adoption of a wider range of enterprise-class applications.

 

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.