IM and greynet use double the cost of security

FaceTime Communications collected data in a survey of more than 700 employees and IT managers to determine the impact greynet applications have on companies and organizations. Greynets (real-time consumer applications that are often introduced by individual end users and use highly evasive techniques to traverse the network) pose myriad network and information security risks because they provide vectors for malware, intellectual property loss, identity theft and compliance risks.

According to the study, greynet use has increased dramatically within the workplace. An average of nine greynets are in use within the typical organization, and 99 percent of IT managers report at least one greynet in use at their locations. In spite of deploying security infrastructure such as firewalls and IPS products, nine in 10 IT managers have experienced a greynet related security incident in the last six months. In fact, only about 3 percent have avoided greynet-related security incidents during this period.

While some greynets such as Skype, IM and Web conferencing have legitimate business uses, IT requires visibility and control to ensure their safe and productive use. With other greynets, such as P2P file sharing, video streaming and anonymizers, the risks might outweigh the benefits and organizations need the ability to accurately detect and block them. Greynets can be evasive on the network, often circumventing the traditional security infrastructure that was designed for e-mail and standard Web traffic.

The survey shows that the average cost companies incur in recovering from greynet-related incidents on company PCs has more than doubled over last year. IT managers reported spending an average of nearly $289,000 annually to repair or re-image company PCs after malware attacks over greynets. The cost reported in last year’s study was nearly $130,000 per year. On average, IT managers experience nearly 39 incidents per month that require some kind of repair or remediation to end-user PCs and each repair requires, on average, about nine hours of work.

In addition, this year’s “Greynets in the Enterprise” survey reveals:

• Eighty-five percent of employees report that they use their work PCs for “personal, non-work purposes,” and among these employees, 38 percent send personal IMs or engage in chat while at work.
• The personal use of work computers is independent of company size. Across the board, approximately eight in 10 will surf, shop and chat over the company network, testimony to the continued blurring of personal and professional workspaces.
• 45 percent of employees are at work locations where personal IM messaging is monitored by the organization.
• The number of work locations with eight or more greynet applications in use has almost tripled in the last three years.

In addition to security concerns, regulatory and corporate governance requirements have prompted an unprecedented emphasis on compliance for IM and other real-time communications in use within enterprises.

• 68 percent of IT managers are at work locations where there are specific guidelines and polices that govern the archiving and storage of IM, e-mail and chat communications.
• 53 percent of IT managers have received guidance from their corporate counsel concerning the archiving and storage of e-mails, IMs, chats and other employee communications.
• 45 percent of organizations would be unable to produce an archive or record of a specific employee’s IM communications, if required to do so for legal purposes.
• 32 percent of the companies that have deployed enterprise IM also report they are incapable of producing logs of employee IM communications.

The full report is available here.