Greynets Getting Greyer
Page 1 of 1
Unauthorized applications running within the enterprise are spreading, and at an alarming rate.
Security vendor Facetime calls them "Greynets."
According to its latest survey on the use of unsanctioned applications, over the past year the number of organizations that have eight or more greynets in active use by end-users has doubled, to 41 percent from 20 percent in 2005.
Greynet categories include instant messaging and peer-to-peer file sharing as well other applications are those not officially sanctioned or supported by the enterprise or IT staff. The study polled over 1,100 end users and IT managers in October of this year.
"The proliferation is due in no small part to the legitimate efforts of end-users to maximize productivity on their PCs by installing the tools they want," Frank Cabri, vice president of marketing at FaceTime, told internetnews.com.
"At the same time, there are sins of omission and commission, ranging from the 70 percent who send personal IMs at work to the 50 percent who download porn over corporate networks."
Many users apparently have no qualms about it. The report found that 40 percent of respondents felt they had the right to run a greynet application on their work PCs.
Though more greynet application are in use, greynet-related attacks remain similar to last year's survey. According to the report, eighty one percent of IT managers reported greynet-related attacks within the last six months with spyware representing 75 percent of the attacks.
Beyond just security implications, greynets impact employee productivity. Seventy-three percent of respondents experienced lower productivity due to non-work related activities done with greynet applications.
Are greynet warnings falling on deaf ears?
"Some organizations' ears are ringing from this consumerization of an IT trend and the fact that employees are bringing in unsanctioned applications through the back door," Cabri said. "Organizations are hearing about it from us, from some of the industry analysts, and in many cases, seeing it first hand on their networks."
And yet there are still many that aren't aware of the issue and usage continues to grow. The recent Mark Foley case in the U.S. Congress where, in which Instant Messaging was used to send inappropriate messages to a teenage congressional page, is a case in point.
"Sometimes it takes a Mark Foley-like situation to happen in your own organization to raise awareness of the risk and the impact," Cabri noted. "Obviously, our goal is to help customers before this happens."
"Lets face it, no business wants to get 'Foley'ed' on a national level -- the business consequences of this could be extremely negative."