Facetime Communications Greynet Study Highlights


FaceTime just released a study on the state of Greynets and here are some highlights and in future entries we will talk about the implications of this study as it relates to the Enterprise.

FaceTime Communications
2006 Greynets Survey Key Findings

Survey confirms that greynets continue to be dangerous if left unmanaged, introducing significant risks to the business. End users continue at an increasing rate to take business communications into their own hands, downloading and using what ever resource they choose to get their jobs done, wherever and whenever.

How is Instant Messaging and other greynets used at work?-

IM usage?and by extension, other similar greynet apps?is driven foremost by its convenience: three in four employees use IM because they need "immediate answers ?from co-workers" (76%).

Endusers also see IM as a productivity tool?two-thirds use it to "to multi-task" (62%) while another third use it because "email is too slow" (33%). (The take-away users, often the most advanced are the ones introducing greynets into the Enteprise because they want to be more productive!)

- IM usage is increasingly complex: 60 percent of IM users have accessed advance features (55%), such as file transfer (29%), web conferencing (24%), VOIP (15%)video or (12%).

- Not surprisingly, two in three endusers have sent IMs while multi-tasking (88%). Around half have IM'ed colleagues on the same conference call (57%). Even colleagues in the next cube are not safe?44% of IM users have sent a message to a physically adjacent co-worker or while having a face-to-face conversation with someone else (40%).

- Six in ten IM-users have sent attachments, application files or links to external websites as part of an IM (57%). About one in five endusers (17%) have sent company plans (15%), information about company finances (5%) and even passwords or login information (4%)

What are end user attitudes toward greynets?

- Four in ten endusers (41%) have downloaded or installed applications that are not approved by their company?s IT department.

- Among the most popular applications deployed by endusers are streaming audio or video services (77%), web-based email (70%), web conferencing (57%) and public instant messaging (48%). Almost half of all endusers have deployed browser plug-ins (46%) [NOTE: these apps are particularly well-suited at evasive techniques that bypass network security requirements.]

- Seven in ten IM users have sent personal or non-work related IMs while at work, over company networks (70%)

- Unfortunately for IT managers responsible for network security, one-fourth of IM users deploy IM in order to have "private, unmonitored communications" (26%).

- Not surprisingly, if endusers knew their IM communications were monitored, they would change their usage patterns: almost half would "pay more attention to company guidelines" (45%), while one-third would simply "use IM less often" (31%), be more cautious about clicking on links (31%) or simply pick their words more carefully (21%)

So what?s the problem?

- In a broad market research survey of US-based IT managers, 81 percent report a security incident has resulted in the last six months from employee use of "greynet" applications".

- Spyware and adware are the most commonly reported incidents (75%), followed by viruses (57%), malware such as keyloggers (28%) and rootkits (22%).

- Seven in ten IT managers indicated that spyware and adware attacks are occurring at the same rate (36%) or more frequently (33%), compared to the prior six-month period.

- Greynets app usage may also result in business-related incidents. In the past six months, half of all IT managers report business incidents resulting from Greynet application usage (52%). Among these managers, the most commonly reported issues are: downloading of adult materials (50%), copyright violations (39%) and violations of corporate communications policies (33%).

- Seventy percent of IT managers report a wide range of network and computer issues that result from greynet application usage. Three-fourths of these managers report enduser system slowdowns or crashes (76%), followed by slowdowns in network traffic (68%), corrupted files (39%) and corrupted applications (30%).

Existing security infrastructure is not effective in combating greynet threats

-Survey respondents were asked to assess their own company networks in terms of their capacity to intercept the kinds of IMs allegedly sent by former Congressman Mark Foley. Only 11 percent of IT managers indicated that their networks would have been "very effective" at intercepting such communications. In fact, 31 percent of IT managers rate their networks as "not at all effective" at preventing these kinds of messages from being delivered.

What is the cost to businesses?-

Not surprisingly, these incidents may require remediation or repair of affected PCs or servers. Three-fourths of IT managers report having to make repairs or changes to computers as a result of greynet-related security incidents (72%).

- On average, IT managers report 14 incidents per month. Each incident requires 11 hours of work, on average. Based on an estimated average salary of $70 per hour, salary-related costs average almost $150,000 per year?just for greynet related repairs to enduser computers.

- IT managers who are involved in other security-related tasks may spend as much as 71 hours per month, on average, engaged in activities such as maintenance of network or enduser hardware, archiving and logging, research new technologies and so on....

more to come...

About this Entry

This page contains a single entry by Jan Hertsens published on November 10, 2006 12:52 AM.

The Zango Double-dip ? was the previous entry in this blog.

IM Security Term of the Week: "Foley'ed"- E-Discovery Day is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.