Application Usage & Risk Report: Fall 2009

Matt Keil


A recent survey suggests that more than 50% of the companies are blocking social networking. I read that and asked myself do they really believe that? I ask because our analysis of application traffic on more than 200 companies around the world proves otherwise. We found 27 different social networking applications across 95% of the participating organizations.

Like the previous three versions of the Application Usage and Risk Report,  http://www.paloaltonetworks.com/researchcenter/reports/ the findings are based on actual analysis of application traffic, not survey questions.

Social networking, messaging of all types, cloud-based productivity, collaboration, blogging and wikis, are just a few of the types of applications that fall within that nebulous group of applications defined as Enterprise 2.0. This edition of the report shows that despite many enterprises’ attempts to block applications the rate at which they are making the crossover from personal to business use is happening faster than previous crossovers, such as instant messaging (IM). Some specific findings from the research include:

Enterprise 2.0 adoption – embraced or resisted – is in full swing.

  • More than a third (38%) of the 651 unique applications found fall within the Enterprise 2.0 definition described above. Compared to the Application Usage and Risk Report (Spring Edition, 2009), many of the Enterprise 2.0 applications such as  SharePoint, Facebook, Twitter, and blog posting showed significant increases in usage from several different perspectives.

Enterprise 2.0 benefits are no longer elusive – companies are improving communications and ability to respond while reducing costs.

  • Research shows that companies using these applications are seeing measurable benefits including increased ability to share ideas, more rapid access to knowledge experts, and a reduction in travel, operations, and communications costs.

Traditional business and technology distinctions are meaningless.

  • Enterprise 2.0 applications highlight the dissolution of the traditional distinctions between business and personal use. More often than not, the same applications used for social interaction are being used for work-related purposes. Irrespective of personal or work related usage, the dominant underlying technology is the browser (72% of research sample).

Applications are not threats – yet they carry risks.

  • The adoption of Enterprise 2.0 applications is being driven by users, not by IT. The ease with which they can be accessed, combined with the fact that newer (younger) employees are accustomed to using them, points toward a continuation of this trend. The somewhat disconcerting fact is that many of the users do not take into account the business and security risks that these applications present. Looking at the 202 Enterprise 2.0 applications found, 70% can transfer files, 28% are known to propagate malware, and 64% have known vulnerabilities.

Organizations are scrambling to determine policies, address security issues, and enable appropriate use. These applications are delivering business value – they are rapidly becoming part of “how business gets done” – but the risks are not being weighed by users.

Download the report

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS