Channels ▼


Application Traffic in High Regulation Industries Poorly Secured

Palo Alto Networks' latest Application Usage and Risk Report has suggested that while social media has become pervasive in organizations worldwide, usage has far outpaced controls. Results in the latest report point to the financial services and healthcare industries as heavy users of social collaboration tools, but very often with no provisioning for associated risks such as non-compliance, data loss and threat propagation.

The semi-annual study is based on assessments of real-world application traffic in hundreds of organizations worldwide.

The report showed that 94 percent of the healthcare and financial services organizations included in the study use an average of 28 social networking applications, including Facebook, Twitter and LinkedIn. Both industries have regulations (such as HIPAA and FINRA) that require organizations to control and monitor information flow across social networking applications in order to protect the confidential data they manage.

However, as IT managers and software engineering professionals will be aware, social networking apps use port 80 or port 443, so all traffic to support these apps will be browser-based traffic. This lack of visibility into social networking traffic could be a violation, or lead to violations, of compliance with industry rules and regulations.

"IT managers cannot simply block Enterprise 2.0 applications since they deliver clear business value. Nor can they simply allow these apps to run amok on their networks. IT needs to safely enable Enterprise 2.0," said Rene Bonvanie, vice president of worldwide marketing at Palo Alto Networks. "By defining and enforcing policies that safely enable these apps, IT can enhance business productivity while mitigating security risks and compliance violations."

Developers, IT architects and project managers of every kind tasked with working in these environments should arguably consider these industries' use of technology such as webmail, which portend a variety of business and security risks, from compliance violations and data leakage to malware propagation -- and this concern may be even more of a challenge for third-party consultants coming in to work with these companies.

Two-thirds of the 750 applications tracked, even client server and peer-to-peer (P2P) applications, can pass as web traffic by hopping ports, using port 80, or hiding within SSL. Palo Alto says that this debunks the myth that ports 80 and 443 are reserved for browser-based traffic only. If P2P file sharing applications look like web traffic, then they are difficult to detect and control. This dramatically increases the risk of inadvertent data leakage.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.