The WAN as security threat

* Web mail and social networking and security on your network

In the last newsletter we discussed some trends in application usage that were identified in a report entitled "The Application Usage and Risk Report" that was recently published by Palo Alto Networks. We are going to use this newsletter to discuss some of the other trends identified in that report.

One of the interesting trends that the report highlighted was the broad use of consumer-oriented applications and supporting technologies within the enterprise. Last time, we discussed the use of instant messaging (IM) within the enterprise and the risks it presented. A similar example of that trend is the use of Web mail. Every one of the 20 companies that were analyzed as part of the Palo Alto Networks’ report had at least one Web mail application installed and some had as many as five. The challenges associated with Web mail are similar to the challenges associated with IM. In particular, like IM Web mail is undetected by most firewalls since it uses port 80, but may not utilize HTTP. As a result, the tracking of activities and unseen file transfers associated with Web mail represent compliance, data loss and business continuity risks.

In a recent newsletter we discussed social networking. Many younger employees are demanding access to capabilities such as IM and social networking. There is no doubt that when used in a structured manner within corporate environments, social networking can lead to enhanced communication and collaboration resulting in more rapid time to market, often with a better, more thoroughly researched product or service. The value of social networking is enhanced by the fact that companies have a more distributed workforce than ever before. In addition, most companies have business models that require them to collaborate with a variety of outside entities. This includes any company that has outsourced one or more key business processes, that performs joint development, or that has implemented supply chain management.

This is where IT organizations face a dilemma – do they block social networking and force users to go around it? Do they allow it, but in a some form of a highly controlled manner? Or do they embrace it internally, using it to recruit new employees, and hopefully foster collaboration. We are not trying to suggest what decision IT organizations should make. What we are suggesting is that IT organizations need to understand what applications are running on their networks and make informed decisions for which ones will be allowed and which ones will either be controlled or eliminated. IT organizations also need the capability to enforce whatever policies it creates.

While IT organizations are grappling with this decision, the Palo Alto Networks report indicated that 75% of the organizations that they examined already had some form of social networking running on their network with MySpace and Facebook being the most commonly used tools. We believe it will be difficult for IT organizations to take back this functionality now that it is so widely deployed.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey 2021: The results are in