The rapid expansion of social networking, video chat and micro-blogging has led to some speculation that webmail is dead or dying. Like Mark Twain famously said, “the report of my death was an exaggeration,” the same holds true for the claimed death of webmail.
Looking at traffic patterns on enterprise networks over the past 2 years, summarized in the Application Usage and Risk Reports, shows that the use of webmail applications remains very healthy and shows no signs of getting old, ill or dying. Several data points support this finding.
- Webmail traffic, as a percentage of overall traffic has increased over the four reporting periods.
- The frequency that webmail was found within the participating organizations hovered between 93% and 96%.
- The number of application variants found in use increased from 24 to 33, yet the same five applications remain the most commonly used.
|Spring 2009||Fall 2009||Spring 2010||Fall 2010|
|Bandwidth as a % of Overall Traffic||0.04%||0.01%||0.21%||1%|
|Frequency Of Webmail Overall||96%||95%||93%||95%|
|Yahoo Mail Frequency||96%||92%||88%||89%|
|Facebook Mail Frequency||87%||78%||67%||79%|
|AOL Mail Frequency||91%||68%||55%||54%|
*Chart updated 11/14/2010
As the data shows, webmail use is strong and vibrant. The use of these applications however poses certain business and security risks. Regulatory compliance within specific industries such as financial services, data loss via file transfer features, malware propagation and vulnerability exploits are the key risks that organizations are exposed to when webmail is in use.
Webmail applications enable more efficient communications so the benefits are very clear. The challenge for IT is to maintain network security while enabling a set of applications that most people would view as being used more for personal, not professional, purposes.
The business benefits make the unreasonable “block all webmail” an inappropriate response while the “head in the sand, allow all” approach is equally inappropriate due to the business and security risks. Organizations need to follow a systematic process to develop, enable and enforce policies that allow the use of webmail in a controlled yet secure manner.