Greynets Won't Vanish from Corporate Networks

By Brian Prince  |  Posted 10-17-2007
There's no gray area when it comes to the spread of greynets in enterprises.

Greynets are real-time communication applications such as Skype, instant messaging and peer-to-peer applications that are typically downloaded by users without the permission or knowledge of the IT staff.

In its report "Use of Greynets: 3rd Annual Survey of Trends, Attitudes and Impact", FaceTime Communications researchers found 99 percent of IT managers reported having at least one greynet in use at their business in spite of the security tools at their disposal—and eight in 10 have had a security incident due to a greynet.

"The characteristics that all those applications have in common is that they're very evasive on the networks," said Frank Cabri, vice president of product management and marketing at the Belmont, Calif., company. "They are very good at circumventing existing security infrastructure."

Dealing with greynets is FaceTime's claim to fame in the security market, where the company offers tools to secure and control greynet applications on corporate networks.

The survey included responses from more than 700 employees and IT managers in North America and the United Kingdom, and focused on businesses and government organizations. Participants not only reported an increase in the number of greynets, but also in the cost of dealing with security threats.

IT managers reported spending an average of nearly $289,000 annually to repair or reimage company PCs after malware attacks over greynets. The cost reported in last year's study was nearly $130,000 per year.

On average, IT managers experience nearly 60 incidents per month that require some kind of repair or remediation to end-user PCs, with each requiring an average of nearly 10 hours of work. Instant messaging applications are the frequent sources of apprehension among the survey respondents when it comes to greynets.

Forty percent reported that public IM use at work poses a "serious risk," while another 46 percent stated it posed "some risk." Some 45 percents of employees work at locations where personal IM messaging is monitored by the organization.

Respondents also indicated they were concerned about complying with industry and regulatory compliance standards. Although 55 percent of IT managers have received guidance from their corporate counsel about archiving and storing employee communications such as e-mails and IMs, 45 percent conceded they would be unable to produce an archive or record of a specific employee's IM communications if required to do so for legal reasons.

One of the biggest reasons behind the continued prevalence of greynets appears to be a disconnect between the typical employee and IT management. For example, eight in 10 IT managers find anonymizers—applications that disguise traffic to permit anonymous use of the Internet—risky to corporate networks, whereas 57 percent of users feel the same.

The survey showed that 38 percent of employees proclaimed outright their belief that they have the right to download the applications they need onto their work PCs, regardless of whether or not those applications are sanctioned by IT.

It is a familiar theme seen in previous reports and underscores the need for IT management to work more closely with employees to understand changing workplace needs and educate the work force on security and compliance issues, FaceTime officials said.

"I think this is the dilemma right: It's how much do you service and provide the right applications that employees need to be productive and get their job done?" Cabri said.