Application Usage and Risk Report

Spring 2010 Edition - Executive Summary

The Application Usage and Risk Report (5th Edition, Spring 2010) from Palo Alto Networks summarizes traffic patterns on nearly 350 networks worldwide to reveal that the application usage is remarkably consistent. Neither geographic location or vertical industry had a significant impact on usage patterns. The data confirms that globally, the barriers to accessing an application are minimal, enabling rapid worldwide adoption, regardless of where the application was developed.

Some specific findings from the research include:

• Application use of all types is consistent, irrespective of geography or industry. While the use is consistent within vertical industries, the risks are very different, depending on the application in use and the industry.
• Intensity of Enterprise 2.0 application usage continues to increase. Enterprise 2.0 applications are being used at very high levels from both a geographic and industry specific perspective. Overshadowing the frequency of usage is the greater trend toward intensity of usage, measured by bandwidth consumed on a per organization basis. Categorically, social networking and collaborative applications showed steady upward growth in terms of bandwidth consumed per organization, strengthening the theory that these applications are quickly integrating into the mainstream of enterprise applications.
• Applications are not always what they seem to be. Almost two-thirds of the applications (65%) found can hop from port to port, use port 80, or hide within SSL. More surprising is the fact that 190 of these applications are either client-server or peer-to-peer based, a fact that dispels the assertion that port 80/443 equals browser-based traffic. Many of the applications (177) are capable of tunneling other applications – a fact that refutes the position that SSL, SSH and VPN applications are the only ones that “tunnel”.

Ubiquitous web connectivity and application development technology have nearly eliminated the barriers to application access that existed previously. If the application is “hot” then it will garner worldwide acceptance. From an industry specific view, consistent usage introduces different business and security risks, which, to the administrator, is not boring. The administrative team is challenged to help enable the applications use (and the business) while addressing security and business risks that the use may introduce.

For a complete report, please submit the form below.