The intensity of Enterprise 2.0 application usage is on the rise globally - especially in the most highly regulated industries, according to the latest study conducted by Palo Alto Networks, the network security company.
While social media is pervasive in organisations worldwide, usage has far outpaced controls. The degree of associated risk varies dramatically across industries and geographies, depending upon factors such as regulations and cyber crime. IT professionals must consider the heterogeneity of risk in their application usage policies, compliance needs and security profiles.
Available today, the Application Usage and Risk Report (5th Edition, Spring 2010) from Palo Alto Networks is a semi-annual study that assesses real-world application traffic in hundreds of organisations worldwide.
This edition of the report shows that barriers to accessing applications are at an all-time low, accelerating the adoption of applications regardless of geography or vertical industry. While financial services and healthcare workers increasingly rely on social media for business collaboration, they often ignore the associated risks such as non-compliance, data loss and threat propagation. These risks can jeopardise the company's network as well as the integrity of the entire business operation.
For example, the report showed that 94% of the healthcare and financial services organisations included in the study use an average of 28 social networking applications, including Facebook, Twitter and LinkedIn. Both industries have regulations (such as HIPAA and FINRA) that require organisations to control and monitor information flow across social networking applications in order to protect the confidential data they manage. However, because social networking apps use port 80 or port 443, all traffic appears to be browser-based traffic. This lack of visibility into social networking traffic could be a violation, or lead to violations, of compliance with industry rules and regulations.
As a result, many IT managers are faced with the daunting task of banning social media applications altogether. But is this really feasible?
“IT managers cannot simply block Enterprise 2.0 applications since they deliver clear business value. Nor can they simply allow these apps to run amok on their networks. IT needs to safely enable Enterprise 2.0,” said Ren'e Bonvanie, vice-president of worldwide marketing at Palo Alto Networks. “By defining and enforcing policies that safely enable these apps, IT can enhance business productivity while mitigating security risks and compliance violations.”
Other findings from the report include:
* Of the 41 different e-mail applications found, 26 browser-based variants were detected in both healthcare and financial services industries, consuming 220GB and 152GB respectively. Widespread use of Web mail portends a variety of business and security risks, from compliance violations and data leakage to malware propagation.
* Two-thirds of the 750 applications tracked, even client server and peer-to-peer (P2P) applications, can pass as Web traffic by hopping ports, using port 80, or hiding within SSL. This debunks the myth that ports 80 and 443 are reserved for browser-based traffic only. If P2P file sharing applications look like Web traffic, then they are difficult to detect and control. This dramatically increases the risk of inadvertent data leakage.
* Use of browser-based file sharing applications consumes 399GB of bandwidth in financial services organisations, and 143GB in healthcare firms. The one-to-one delivery nature of these applications minimizes the risk of inadvertent data loss or leakage, but does not prevent the purposeful movement of confidential data unless strict policy controls are in place.
* The bandwidth consumed by social networking applications doubled in the last 18 months to 9GB per organisation.
Information on the more than 950 applications that are identified by Palo Alto Networks can be found in Applipedia, part of the company's Application and Threat Research Centre. Visit the online resource to find the latest news, commentary, and discoveries on applications and threats at http://www.paloaltonetworks.com/researchcenter/.
Share