For some time now, we have been watching the browser-based filesharing market which has expanded to where we saw 65 different application offerings in the latest Application Usage and Risk Report. A large number in any market, but particularly one that is quite young and has only gathered adoption among consumers — not businesses – for now. As with any market expansion, segmentation into distinct uses cases is occurring: work/productivity and entertainment. Lately, we’ve seen lots of media headlines about companies such as DropBox and Box.net, both of which we include in our work/productivity segment.
These definitions are based on how the applications work, how they market themselves, the files that can be found as a registered user or through search engines and the volume of use we see. For example, YouSendit! is a great tool for delivering a large file to my remote teammates. A couple clicks and the files are there. Options exist to store the files in the cloud for future use. Our graphics department uses Dropbox for similar purposes. Files can be synched via a desktop folder or they can be transferred using the web-only option. The features these applications have (or may not have), their marketing messages, and from our research, the volume of use all support the work related use case. Could there be some personal use in there, sure. But not nearly on the same scale as the other set of entertainment focused applications.
Now let’s take a look at a couple entertainment oriented applications. First off, this set of applications consume twice as much traffic (used by employees) on corporate networks than do DropBox, Box.net and YouSendIt combined. In each of these examples, the features they offer users, registered or not, are entertainment oriented. A registered MegaUpload user will see a top 20 list of game demos, software and movie trailers in its top 20 listing. A visit to Filestube, registered or not, quickly highlights that they are very media and entertainment focused. It is hard for me to find a task that this set of applications will help me accomplish at work. At home, that may be a different matter.
Scientific analysis? Nope. Foolproof? No such thing. But that is not the purpose of the discussion. The purpose of the discussion is to highlight the fact that:
- These applications are in use on corporate networks – for both business and pleasure.
- Many of them traverse port 80 or port 443, making them invisible to common firewalls. Some of them have the ability to be configured to use other ports, making them even more invisible to traditional control mechanisms.
- Most importantly, they represent both business and security risks which that must be addressed.
With 65 different variants, and an average of 13 found on 1,506 out of 1,636 networks (92%) this set of applications is here to stay and organizations must apply appropriate policies to protect their network as well as their users.