WASHINGTON, June 28 (UPI) -- Employees think it's fun, while information technology professionals find it a headache and view it as a possible liability.
It's Instant Messaging and P2P file sharing -- both exponentially growing in popularity and usage.
According to a white paper released Monday by Internet filtering company SurfControl -- "Protecting the Enterprise from Instant Messaging and Peer-to-Peer Threats" -- IT managers are facing an increasing number of network vulnerabilities -- and potential liabilities -- because of the rapid growth in Instant Messaging and P2P file sharing in the office.
Instant Messaging and file sharing are not that different from technology used since the late 1980s, but have just become easier to use, the SurfControl white paper notes, adding "...the sheer scale of modern IM and P2P networks is unprecedented. While the old networks were mostly the playgrounds of tech-savvy individuals, modern IM and P2P technologies have truly entered the mainstream. For instance, the number of people using instant messaging at work is expected to grow to 350 million by 2005."
SurfControl also adds that the potential for legal liabilities with this technology has greatly increased, particularly as of last week, when the "Inducing Infringement of Copyright Act" was introduced to the U.S. Senate.
Introduced by Sen. Orrin Hatch (R-UT), the bill targets online music and video file-sharing services and makes anyone who "induces" illegal copying just as liable for breaking copyright law as someone who makes the copies.
According to some analysts, if passed, this means corporations whose employees illegally download files and use the company network to share with outside friends could possibly face serious liability.
As an example of the swiftly growing popularity of Instant Messaging, some form of IM is now used in 85 percent of enterprises, according to SurfControl's research, yet the average IT staff are only managing the IM systems being used about ten percent of the time. The filtering company also noted that P2P file-sharing networks such as Kazaa and Gnutella regularly introduce adware, spyware and Trojans to the corporate network.
The SurfControl white paper also reports that use of public IM and P2P file-sharing networks make companies more vulnerable to the "leakage" of confidential data. This is a major concern for IT professionals "who ranked confidential data leakage as the most pressing content issue facing corporations, behind spam" in a recent global customer survey by SurfControl.
"Although the risks associated with IM and P2P file-sharing are not new, the speed with which users adopt and use these tools and the extent of potential damages are staggering," said Jim Murphy, product marketing manager for SurfControl.
"Companies must create well-defined usage policies, actively educate employees and implement comprehensive security tools in order to reduce the risks associated with ungoverned IM and P2P file-sharing activity," Murphy added.
Instant Messaging presents a variety of concerns for IT professionals. The three major public IM networks (AOL, MSN and Yahoo) currently support only their own proprietary protocols, making it difficult to control usage within the corporate environment, the filtering company noted. SurfControl also said that most anti-virus vendors have been slow to release corporate solutions for viruses introduced to the network through IM because the protocols are changed and updated so frequently.
Corporations are facing a growing list of vulnerabilities associated with unauthorized P2P file-sharing activity, according to SurfControl's research. There is no easy way to monitor downloads of unwanted content they may contain viruses, worms or spyware because of the architecture of P2P networks.
"Most IM and P2P software has specific functionality that allows them to work with -- and bypass -- even the most restrictive network configurations," said SurfControl's Murphy. "In fact, many P2P applications cannot be filtered
with traditional firewalls. And the three major IM networks can make their connections appear as valid HTTP traffic, effectively bypassing most HTTP filtering at the network perimeter."
The result can be expensive.
"In 2003, virus outbreaks cost business $55 billion, and just in the first six months of 2003, IM or P2P were involved in 19 of the top 50 virus threats -- a 400 percent increase over the previous year," the SurfControl white paper reports.
