Unauthorized applications running within the enterprise are spreading, and at an alarming rate.
Security vendor Facetime calls them “Greynets.”
According to its latest survey on the use of unsanctioned applications, over the past year the number of organizations that have eight or more greynets in active use by end-users has
doubled, to 41 percent from 20 percent in 2005.
Greynet categories include
instant messaging and peer-to-peer file sharing as well other applications
are those not officially sanctioned or supported by the enterprise or IT
staff. The study polled over 1,100 end users and IT managers in October of
“The proliferation is due in no small part to the legitimate efforts of
end-users to maximize productivity on their PCs by installing the tools they
want,” Frank Cabri, vice president of marketing at FaceTime, told
“At the same time, there are sins of omission and
commission, ranging from the 70 percent who send personal IMs at work to the
50 percent who download porn over corporate networks.”
Many users apparently have no qualms about it. The report found that 40 percent of respondents felt they had the right to run a greynet application on their work PCs.
Though more greynet application are in use, greynet-related attacks remain similar to last year’s survey. According to the report,
eighty one percent of IT managers reported greynet-related attacks within
the last six months with spyware representing 75 percent of the attacks.
Beyond just security implications, greynets impact employee productivity. Seventy-three percent of respondents experienced lower productivity due to non-work related activities done with greynet applications.
Are greynet warnings falling on deaf ears?
“Some organizations’ ears are ringing from this consumerization of an IT
trend and the fact that employees are bringing in unsanctioned applications
through the back door,” Cabri said. “Organizations are hearing about it from
us, from some of the industry analysts, and in many cases, seeing it first
hand on their networks.”
And yet there are still many that aren’t aware of the issue and usage
continues to grow. The recent Mark Foley case in the U.S. Congress where, in which Instant Messaging was used to send inappropriate messages to a teenage congressional page, is a case in point.
“Sometimes it takes a Mark Foley-like situation to happen in your own
organization to raise awareness of the risk and the impact,” Cabri noted.
“Obviously, our goal is to help customers before this happens.”
“Lets face it, no business wants to get ‘Foley’ed’ on a national level — the
business consequences of this could be extremely negative.”