If you use one of those ever-popular social networking applications for work purposes, or just for personal business while on the job, then you aren't alone, according to a recent industry report, but such usage can harm your network security as well.
Palo Alto Networks, a provider of application firewall monitoring and security tools, released results from the fall edition of its Application Usage and Risk Report on Monday, Nov. 9, to identify what governments and private companies were using on their internal networks between March and September 2009. It's the second report of its type to come out in 2009, following a spring edition that came out in April. Fall data reveals that social networking and collaborative applications on-the-job have increased dramatically in the past six months.
According to some Palo Alto representatives, instant messaging, blogs, wikis and contact via social networking sites are becoming ways business gets done.
"The surprising thing was the fact that the resource consumption, the session usage and the bandwidth consumption specifically, were increasing dramatically for quite a few of these applications," said Matt Keil, product marketing manager for Palo Alto Networks. "More often than not, social networking is used by employees for personal use, but it's also being used for marketing purposes and company uses."
The company assessed application usage across a sample of more than 200 organizations across different sectors in multiple countries, spanning government, health care, education and the private sector. Government samples comprised 33 percent of them.
Some findings include:
- Twitter session use grew more than 250 percent from the spring.
- Facebook use increased 192 percent, and Facebook chat was the fourth most popular instant messaging tool, behind Twitter, Gmail and MSN but ahead of AIM, Yahoo Messenger and Meebo.
- Ninety-one percent of the organizations used SharePoint, up from 37 percent in the spring.
- Google Docs showed up in 83 percent of organizations, up from 33 percent in the spring.
Although people use them at work, they may not always use them for business functions.
"I'll be the first to admit that I don't work 100 percent of the time. There are certain things that I'm going to have to do during work hours," Keil said. "I've got to do a quick e-mail check -- my personal account -- for family purposes, what have you."
The report groups Web-based and collaborative programs into a category called Enterprise 2.0 and discovered that 38 percent of the 651 unique applications found fell within it. But of those, 202 could pose unintentional security risks because of their capabilities -- 70 percent can transfer files, 28 percent can spread malware and 64 percent have known security vulnerabilities.
Consequently the threat of security leaks might be a bigger concern than a lack of productivity.
"Lots of people have focused on, 'Well, government employees are goofing off when they're using these types of applications,'" said Chris King, director of product marketing for Palo Alto Networks. "The risks are far greater than that when you look at some of the incidents that have occurred in the public sector around information leaks and things like that."
The report notes that, although Web-based tools can threaten network integrity, their popularity with employees and ability to facilitate work-related communications and operations means that IT leaders have much to consider before endorsing, or condemning, their use in office policies.
The 19-page document discloses that the adoption of these Enterprise 2.0 applications is driven by end-users, not by high-level IT, and that the use of applications like Facebook, Twitter, LinkedIn and Gmail all began as personal applications. But they've become so vital to the users' lives that they're crossing over into work.
"The purpose really of this report is thought leadership and educating the market on what's going," Keil said. "Consider all aspects of the business of these applications and figure out a way to positively enable them without jeopardizing morale or losing employees."
"The fact is that a lot of organizations, both public and private sector, are struggling to get their arms wrapped around the issue of what is the appropriate level of use in the organization," King said. "If you block everything, then you're doing a disservice to the organization. If you allow everything, you're doing a disservice to the organization, so it's really a question of: What's the appropriate balance to strike."