IT administrators can set down all the policies they want but employees have a nasty habit of going into business for themselves, installing pretty much whatever they want while working on the corporate network.
No longer viewed as benign, time-wasting nuisances, IT departments now say the proliferation of these so-called “greynets” has become a serious security issue.
That’s the conclusion of a report by FaceTime Communications, a provider of security products that, conveniently, addresses such problems. In its survey “Greynets in the Enterprise: 3rd Annual Survey of Trends, Attitudes and Impact,” FaceTime found that greynets – real-time consumer applications like IM, P2P and VoIP technologies – are often introduced into a company network without permission or approval and they can cause all kinds of problems.
According to the study, a typical organization has nine greynets running on its network and virtually all (99 percent) of the IT managers surveyed said they knew of at least one greynet application interloping on their network. Nine in 10 IT managers reported a security incident involving greynets within the last six months and IT managers said they deal with an average of 39 incidents each month related to these unsanctioned applications.
The fallout from these greynets is becoming expensive. The survey found that the average cost of recovering from a greynet-related incident has more than doubled in the past year. IT managers reported spending an average of $289,000 each year to repair or re-image PCs after malware attacks over greynets.
This is making IT management sour on instant messaging. Forty percent said public IM use at work poses a “serious risk” while another 46 percent acknowledged that IM poses “some risk.”
But IM is popular and has become standard communication tool, especially for companies with distributed staffs. FaceTime acknowledged the conflict between security and need as well as the fact that IM is too entrenched in the enterprise now to simply wish it away.
“Deploying enterprise IM or a unified communications platform can lead an organization to believe that it has given employees all the capabilities they need to collaborate effectively,” said Frank Cabri, vice president of marketing and product management for FaceTime, in a statement. “However, the reality is that employees will continue to download new greynets at their own pace and will continue to use the consumer-oriented applications they are familiar with, both for work- and non-work-related communications.”
So what’s the solution?
“They are talking about the increased use of personal devices in the enterprise. Well, we know that,” Andrew Jaquith, program manager in the security solutions and services unit at the Yankee Group, told InternetNews.com. “They say threats increase with it. Yes, we knew that. The implication is that we need to control all these devices and, on that score, I disagree with them quite a bit because it’s like trying to repeal the laws of gravity. You’re going to see more of these apps whether employers like it or not.”
The best enterprises can do—because IM and VoIP are integral to the way people work these days—is try to filter traffic as best as possible and cleanse it of things like harmful e-mails, attachments and rogue links before they infest the network.
“You’re looking at environments that are much more collaborative, where you expect employees to use ad hoc tools to work together. So it is antithetical with a locked down desktop and that tension [between IT and employees] is not going to go away,” said Jaquith.