News
Explosion in social networking in workplace introducing new security
risks
15 December 2009
Data security company Palo Alto Networks has released the
results of an international study that reveal the use of social
networking and collaborative applications for business purposes has
skyrocketed in the last six months.
With increased adoption of Web-based applications comes new business
and security risks that go far beyond potential productivity losses, it
says, yet most companies have outdated IT infrastructure and usage
policies that may fail to protect them from these growing risks.
These are just some of the results of the fourth Application
Usage and Risk Report (Fall Edition 2009), a semi-annual analysis
of application usage on enterprise networks. Unlike other industry
reports that are based on behavioural surveys, the report looks at which
applications are in use, identifies emerging trends, and discusses the
associated business benefits and risks. This edition of the report
summarizes traffic assessments performed between March and September
2009 in more than 200 organizations worldwide that span markets
including financial services, manufacturing, healthcare, government,
retail, and education.
Despite many enterprises’ attempts to block these applications, the
rate at which they are making the crossover from personal to business
use is happening faster than previous crossovers, such as instant
messaging (IM).
The use of a social networking application can bring measurable
business benefits, but not without introducing business and security
risks. These Enterprise 2.0 applications can transfer files, propagate
malware, and have known vulnerabilities that can be exploited.
Some specific findings from the research include:
- Twitter session use grew more than 250 percent from the
Spring 2009 edition of the Application Usage and Risk Report,
published in April.
- Facebook use increased 192 percent while Facebook Chat
(released in April 2008) was the fourth most commonly detected chat
application, ahead of Yahoo! IM and AIM.
- SharePoint collaboration is ubiquitous – bandwidth
consumed by SharePoint, specifically the documents component,
increased 17-fold from the previous report in April.
- blogging and wiki editing increased by a factor of 39,
while total bandwidth consumed increased by a factor of 48.
Social networking and collaborative applications are increasingly
considered to be Enterprise 2.0 applications, along with messaging of
all types, conferencing, and VoIP. These business-enabling applications
are not threats, yet they pose risks to enterprise networks.
The analysis discovered 255 Enterprise 2.0 applications — of which
70% are capable of transferring files, 64% have known vulnerabilities,
28% are known to propagate malware, and 16% can tunnel other
applications. Examples of new threats introduced to enterprise networks
by applications such as Facebook include Koobface, Fbaction and Boface,
which all target social networking applications to hijack accounts and
personal data.
“We know that workers are using these applications to help them get
their jobs done, with or without approval from their IT departments. And
now we know this is happening much faster than anticipated. It’s naïve
to think that old-school security practices can handle this deluge,”
said Rene Bonvanie, Palo Alto Networks vice president of worldwide
marketing.
“Organizations must realize that banning or allowing specific
applications in a black-and-white fashion is bad for business. They need
a new approach that allows for shades of gray by enforcing appropriate
application usage policies tailored for their workforce. This is a
radical and necessary shift for today’s IT security professionals.”
|