Social Networks Pervasive in Regulated Industries

Report says most financial and healthcare organizations use an average of 28 social networks despite security risks.

The spread of social networks in the enterprise is happening at a far greater rate than is generally believed, according to a report just released by network security firm Palo Alto Networks.

The company warns that the broader use of social media sites like Facebook and Twitter, which have had their share of security issues, is far outpacing the ability of IT to control them.

Palo Alto Networks' latest semi-annual Application Usage and Risk Report assessed real-world application traffic in 347 organizations worldwide covering a cross-section of industries. The previous report covered 214 organizations.

"The bigger number gives us a better view of geographic and vertical industries," Chris King, director of product marketing at Palo Alto Networks, told InternetNews.com. "What the new data tells us it that there really isn't a difference between these different industries, social networks are everywhere."

One surprising area of social network growth is in healthcare and financial services, two highly regulated industries. According to the report, 94 percent of companies in those two segments had connected to as many as 28 different social networks, ranging from Facebook and Twitter to LinkedIn and SharePoint.

Healthcare and financial services organizations are subject to government regulations (HIPAA and FINRA respectively) that require them to control and monitor confidential data such as patient and client records. But the report said that because social networking services use port 80 or port 443 on the network they appear as browser-based traffic.

"This lack of visibility into social networking traffic could be a violation, or lead to violations, of compliance with industry rules and regulations," Palo Alto Networks said in its report.

Visibility into Enterprise 2.0

"One of the things you take away from the report is that these are not people doing bad things, they're doing their jobs," said King. "Social networks are being used for marketing and other purposes, but company policies haven't caught up with these Enterprise 2.0 services and businesses don't have good visibility into how they're being used.

"Any interaction with clients has to be kept for seven years," said King. But there are many applications, like chat in Facebook and Gmail, that enable direct interaction outside the organization that he said is probably not being saved.

The report found that of the 41 different e-mail applications in use, 26 browser-based variants were detected in both healthcare and financial services industries, consuming 220 GB and 152 GB, respectively, over a three to five day period during which the study was conducted.

"Widespread use of Webmail portends a variety of business and security risks, from compliance violations and data leakage to malware propagation," the report said.

Other results of note include the finding that browser-based file sharing applications consume 399 GB of bandwidth in 54 financial services organizations over the three to five day monitoring period, much of that going to file transfer sites like Yousendit and Megaupload, while healthcare firms sent out 143 GB in that same time period.

Bandwidth consumed by social networking applications doubled in the last 18 months to an average of 9GB per organization over the three to five day period.

"The one-to-one delivery nature of these applications minimizes the risk of inadvertent data loss or leakage, but does not prevent the purposeful movement of confidential data unless strict policy controls are in place," the report stated.

David Needle is the West Coast bureau chief at InternetNews.com, the news service of Internet.com, the network for technology professionals.




Tags: Facebook, social networks, Twitter, malware, Enterprise 2.0


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.