Study Looks At Move To Cloud-Based Applications, Facebook Usage At Work

In its latest edition of the Application Usage and Risk Report, Palo Alto Networks draws attention to several realities that typically fall outside of the approved enterprise communications mechanisms.  These applications can enhance business responsiveness and performance -- but, conversely-- introduce inbound risks such as malware and vulnerability exploits, and outbound risks such as data loss and inadvertent sharing of private or proprietary data. The report advocates for assigning an action to these saying, socializing and sharing applications, and fostering discussions and creating viable policies around acceptable use.

Now in its 6th edition, the Application Usage and Risk Report consists of real-world traffic from 723 organizations worldwide, and examines user and application trends in the enterprise. In its analysis, Palo Alto Networks identified several patterns related to users’ applications to collaborate with others. These applications were pervasive among these participating organizations, and can be summarized as “saying, sharing and socializing applications.” In fact, these applications present are in up to 96 percent of the participating organizations and consume nearly one-quarter of the overall bandwidth.

Saying applications, including webmail and instant messaging applications, are still being used in a largely unmonitored and uncontrolled manner, which introduces significant inbound and outbound risks. Palo Alto Networks found that all of these saying applications either hop ports or use fixed ports that are not TCP/80 or TCP/443, which means that these applications cannot be easily monitored to control the related business and security risks. Furthermore, 60 percent of the saying applications discovered are capable of transferring files, thus opening organizations up to data leakage and the delivery of malware via attachments.

Since 2008, browser-based file-sharing applications have steadily grown in popularity to the point where they are now used more frequently than P2P or FTP. Now seen in 96 percent of organizations, these applications simplify file sharing but can also be broadcast-oriented (similar to P2P) in their distribution model. Using RapidShare, MegaUpload, or MediaFire, users can now upload their content and allow it to be indexed by one of the many affiliated search engines.

Traffic patterns of Facebook may contradict certain assumptions about its use in the workplace. The bulk of the traffic (88 percent) is users watching Facebook pages.

The risks that voyeurism represent include a potential loss of productivity and the possibility of malware introduction by clicking on a link within someone’s “wall.” Comparatively speaking, usage of Facebook apps (including popular games such as FarmVille) only represents 5 percent of Facebook traffic. Facebook posting represents an even smaller 1.4 percent of the traffic, yet the small amount of use should not minimize the risks in terms of what users are saying about work-related subjects such as current projects, travel plans and company status.

“IT teams are looking for ways to retain control within their organization at a time when non-IT-supported projects are pervasive,” said René Bonvanie, vice president of worldwide marketing at Palo Alto Networks. “In fact, we’re starting to see more trending of IT teams themselves embracing more progressive enterprise applications, which is indicative of these disruptive forces at work.”

Results indicate that IT organizations may be moving beyond debating the pros and cons of enterprise-class, cloud-based applications to actual deployment. The traffic usage patterns for select Microsoft and Google applications indicate both top-down and bottom-up adoption, especially in the last months.

For example, enterprise versions of Google Docs and Gmail were found in 30 percent of the 723 participating organizations. In other words, the high use of “free” versions of the Google applications by the end-user may be forcing IT to consider these tools as licensed and fully supported alternatives -- or replacements -- for existing tools. As more tech-savvy users enter the workforce, their work patterns and requests for more application alternatives will likely accelerate the adoption of a wider range of enterprise-class applications.

 

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3