'Greynets' waiting to snare enterprises

Consumer applications such as Windows Live Messenger and Skype often skirt established network policies and protections, and unpatched security flaws can leave networks vulnerable to attacks and data breaches.

These unauthorised network applications have been dubbed 'greynets' which, while benevolent in function, could allow a network to be compromised though an intrusion or malware attack.

Greynets also pose legal risks, as many consumer IM applications provide little or no archiving of conversations. This can cause issues with regulatory compliance for companies required to track and audit IM content.

As a result, more companies are turning to third-party solutions to archive and manage greynet applications.

Specialised vendors offer everything from basic archiving software to hardware-based network appliances that include support for mobile phones and remote clients.

"Two and a half years ago more than half of our customers were financial, energy and healthcare organisations that had laws requiring them to log these conversations," said Frank Cabri, vice president of marketing at IM security firm Facetime.

"Now, companies like McDonald's and Metlife either have their own standards or have to comply with things like e-discovery. Organisations are starting to go beyond email, and determine what their infrastructure needs to look like."

Michael Osterman, president of Osterman Research, recommends firms to consider greynet security a "top three priority" alongside web and email security and monitoring.

The problem with securing networks from greynet-launched threats is that the applications often go unchecked by security systems that monitor email or web traffic for threats.

Simply banning the use of IM clients or blocking them from the network is often not an option.

"You can have a policy against IM use, but people are going to do it anyway. People violate policies all the time," Osterman told vnunet.com.

Blocking off the network ports used by the greynet apps would also fail, according to the analyst.

"IM systems tend to be port-crawlers. If you start blocking off all the ports, you block a lot of legitimate traffic too," he said.

The risks posed by greynets has begun to gain the attention of the larger providers. Microsoft recently purchased IM security firm Parlano for its unified communications offering, and companies such as IBM and Cisco have IM security and tracking applications.

Even with a secured internal IM system in place, enterprises can still be vulnerable to threats from greynets.

"We are seeing a lot of migration towards enterprise IM that is built from the ground up to have native security and auditing," said Osterman.

"But you still see consumer IM in a lot of spaces. Part of the problem now is that IM is not natively interoperable."

David Smith, a research analyst at Gartner, noticed a similar phenomenon. Even when a company puts a secure enterprise IM system in place, users will still resort to greynet applications to connect with family, friends and business contacts who are not using the internal communication software.

"What remains is an enterprise [communication] system that is secure and under a firewall, but there are still vulnerabilities," Smith told vnunet.com.