Employees' Use Of Webmail, File-Sharing Services Riskier Than Their Facebook Activity
New data from Palo Alto Networks' application-layer firewall customers shows employees circumventing security controls via Webmail, file sharing
Facebook usage by employees gets a bad rap, but it turns out workers are doing more surfing on the social network than potentially giving away company secrets: New data from some 700 of Palo Alto Networks' application-layer firewall customers shows Webmail use poses a much bigger problem.
"There's a false sense of security that email is dead, or that email is taken care of with your security infrastructure," says Chris King, director of product marketing for Palo Alto Networks, which published its newest "Application Usage and Risk Report" today for enterprise application usage between March and September 2010. "The risks are a bit overblown with Facebook versus Webmail. With Facebook, people are mostly reading other people's stuff: It's reality TV on in the background while you're working."
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- Innovations in Integration: Achieving Holistic Rapid Detection and Response
- Optimize Your SQL Environment for Performance & Flexibility
According to Palo Alto Networks, personal Webmail (such as Gmail, Hotmail, and Yahoo Mail), instant messaging, and peer-to-peer and browser-based file-sharing apps were used in 96 percent of the enterprises, and those apps made up nearly one-fourth of all bandwidth. The bad news is that most of these apps are unmonitored and not controlled by the enterprise, which leaves the organization open to attack or data leakage, the report says.
Workers' Facebook activity is more voyeuristic, with 69 percent of Facebook traffic on these organizations being used for viewing Facebook pages, while Facebook apps make up about 4 percent of traffic and posts, only about 1 percent of traffic.
"Email and IM appear to be the primary vectors for inbound threats, such as Conficker," says Matt Keil, product marketing manager at Palo Alto Networks.
There were 114,000 log instances of Conficker infections among Palo Alto customers, he says. "A log instance is when Conficker is actively going through and trying to propagate itself or phone home or send information out of the network," he says.
The average duration for his log count was three to five business days, which means the 114,000 number is "significant," King says.
Meanwhile, the heavy use of Webmail at work, as well as Web-based file-sharing apps, basically circumvent most organizations' email and other security, according to Palo Alto. "These Webmail apps are using SSL, mostly Port 80, and you may have this incredible infrastructure to protect the email threat vector, with your mail server, cloud services, anti-spam, and anti-malware, and the Webmail users are going around this completely," King says. "In most cases, it's an unscanned vector."
Web- or browser-based file-sharing now constitutes 96 percent of file sharing, according to the data, with apps including Skydrive, USendIt, RapidShare, and DocsStock. BitTorrent remains the most popular peer-to-peer file-sharing program in use in companies. "Most of these are completely unmanaged in enterprises," King says, leaving organizations open for copyright violations, data exposure, and infection from rigged files.
There were a total of 92 enterprise-class cloud apps found in about 97 percent of the enterprises--applications that include backup, storage, ERP, database, collaboration, and conferencing.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.