- Category: April 2011
With the revolution of Web 2.0, social networking applications are now playing a pivotal role in influencing and shaping the way we socialize and collaborate for both work and personal purposes.In fact, the use of social networking applications can be broadly categorized into three enabling objectives: ‘Saying, Socializing and Sharing’.
Specific examples of Saying applications are like Gmail, Yahoo! Instant Messaging, Microsoft Hotmail which enable people to communicate. Socializing refers to applications like Facebook, Twitter and LinkedIn that connects everyone on social and professional basis; while applications that enable Sharing include BitTorrent, YouSendIt, and Xunlei.
At work, social networking applications are also widely used among employees and employers to get their jobs done. For instance, a corporate professional or an employer uses LinkedIn to enable them to connect with people in their network or head hunt talents, while Facebook is widely used among marketers for sales, customer relations management, branding and communication.
Applications that enable users to Say, Socialize and Share files are being used worldwide with remarkable consistency. No single geography whether it is Asia Pacific, US, or Europe is that different in terms of application usage at a category level. However, organisations today might face the possibility of data leakage as employees who have Internet access are putting their organisations at a risk by using certain applications that could involve the sharing of sensitive and confidential information.
Saying Applications: Unmonitored, Unchecked, and Very Risky
Saying applications, including webmail and instant messaging, can bring about more active collaboration, increased communications efficiency, and quicker time-to-market. The dark side is that these applications are unmonitored and as such, they pose business and security risks. Business risks include internal compliance with application usage policies that may not allow the use at all, or dictate what can or cannot be said about the company. Furthermore, saying applications are capable of transferring files, thus opening organisations up to data leakage and the delivery of malware via attachments. Palo Alto Networks’ latest Application Usage & Risk Report* (AUR) showed that the most frequently detected saying applications being used in the enterprise networks are Gmail (93%), Hotmail (90%), Yahoo! Mail (88%), and Facebook Mail (79%). In the report covering Southeast Asian countries - Singapore and Thailand which surveyed 41 organisations, Hotmail was found to be the most common (83%) and most heavily used by nearly six times from the next closest web application (224 Gb vs 36 Gb) per organisation.
Socializing: When at Work, Users are Voyeurs
With a base of more than 500 million users, it is no surprise that Facebook is the most popular social networking application. Social networking applications were found in 96% of participating organisations, which indicates that its control efforts are not working. Statistics in the AUR showed Facebook champions the percentage of most commonly detected socializing applications with 96%, followed by Twitter 93%, LinkedIn 85%, MySpace 79% and other Facebook apps at 76%.
Facebook use among employees in the company are often perceived as a waste of time where users are ‘voyeurs’ while at work. Interestingly, the bulk of the traffic (69%) is actually users watching Facebook pages. The risks that voyeurism represent include a potential loss of productivity and the possibility of malware introduction by clicking on a link within someone's "wall". Blindly allowing Facebook in the workplace may result in propagation of data leakage, loss of data and damage to the corporate reputation.
Sharing: A better way to move and broadcast data
Browser-based file-sharing applications have steadily grown in popularity to the point where they are now used more frequently than P2P or FTP. Now seen in 96% of organisations, these new class of applications simplify file sharing but can also be broadcast-oriented (similar to P2P) in their distribution model. By using RapidShare, MegaUpload or Mediafire, a user can now upload their content and allow it to be affiliated with many search engines. In Palo Alto Network’s latest AUR findings, an average of 500 Gb of data is being transferred per organisation during a one week period. Interestingly, Singapore consumes the second highest amount of bandwidth on a regional basis (P2P = 4.8 Tb and BB FS = 6.7 Tb) behind China.
Saying, Socializing, and Sharing Security Risks
Whether it is saying, socializing or sharing, these applications are popular vectors delivery of malware and vulnerability. The reason is simple: their popularity makes it easy for malware creators to deliver their payload by simply creating a compelling reason for a user to “click” on what appears to be an update, an IM, a tweet, or a post from a trusted acquaintance.
The sender may in fact be the person they say they are, but that fact is insignificant. By “clicking” first on a link sent by a highly trusted source and asking or thinking later, the user has, unknowingly, propagated the threat or installed the malware.
A New Generation of Savvy Workforce
Applications that enable saying, socializing, and sharing have long been used in workplace environments, however their usage has been somewhat “quiet”. Today, the intertwined nature of work, home, family, and technology, combined with a generation of users that is always connected and assumes usage is “approved”, has dramatically elevated the discussion around these applications.
The speed of adoption by tech-savvy network users adds significantly to the risks that companies must try to manage - making the challenge doubly difficult because of the resistance to change and the inflexibility that traditional control mechanisms exhibit.
Organisations need to work diligently yet quickly to determine the appropriate balance between
blocking and blindly allowing these applications. What should be taken into consideration by organisations are the issues or solution methods employed in enabling social networking in the workplace without jeopardizing the security and confidentially of information in an organisation - this is where the IT and security teams need to exert their influence and expertise.
By Eric Chong, Regional Marketing Director - Asia Pacific, Palo Alto Networks
* The latest edition of the Application Usage and Risk Report (issued in the last quarter of 2010) by Palo Alto Networks™, consists of real-world traffic from 723 organisations worldwide, and examines user and application trends in the enterprise. The report advocates for assigning an action to these saying, socializing and sharing applications, and fostering discussions and creating viable policies around acceptable use.