In the age of instant everything, the enterprise network is a teeming jungle of consumer and Web 2.0 applications that are just a clickor a tapaway for users. And, while some organisations are well aware that employees are bringing in unsanctioned applications through the back doors of their enterprise networks, others are absolutely convinced that it cant happen to them.
Just a few years ago the Internet was primarily about transmitting and accessing pretty static information via HTTP, FTP and e-mail. But the Internet has changed. Today, it is dominated by applications such as instant messaging, P2P, VoIP, social networking and Web 2.0 tools such as blogs. As an example, FaceBook opened its platform to developers just six months ago, and today there are more than 15,000 applications available to usersand 2,000 of them are chat and messaging apps! (IT managers can reference and learn more about this growing list of applications at www.greynetsguide.com.)
Over the last three months we have collected real-world data taken from our Unified Security Gateway appliances deployed across more than 60 participating global organisations. This represents a small percentage of our customer base and these companies have opted into a program that sends data back to us, so we can analyse Internet application traffic.
The data shows us that 53 different instant messaging applications were requested, with web-based instant messaging comprising the second highest ranking Web 2.0 application category users attempted to access, with 563,164 attempts.
These Web 2.0 apps are being brought into the workplace by a new generation of workers who grew up on mobile phones, on ICQ, MSN, QQ, MySpace and the like. These applications circumvent traditional security infrastructures by using techniques like port hopping, encryption, port tunnelling and employing random session behaviours. More importantly, they have become the new channel for malware, information leaks and compliance violations. Organisations need security solutions that address the new applications. Web filtering is still necessary, but is clearly insufficient.
Weve seen a variety of organisations using real time communications channels and social networks to their advantage recentlyfrom the Australian lawyer who used Facebook to serve papers on a house repossession to 46 per cent of Australian graduates saying that their choice of employment would be influenced by an employers social networking policy.
The first step to take is to understand the status quo, getting a thorough understanding of what employees are currently doing on the Internet, says Nicholas Tay, APAC Regional Manager of FaceTime Communications. And not just with e-mail or with their web browsers, but with other applications not controlled by traditional web security tools, such as consumer-based instant messaging and the myriad Web 2.0 applications in widespread use. You cant manage what you cant see.
Sign up for CIO Asia eNewsletters.