By Leon Adato, Head Geek, SolarWinds
In a study conducted by SolarWinds in Singapore, application performance and availability were found to be critical for 59% of respondents to accomplish their work. For 71% it became more important over the past five years due to an increase in the time spent using applications, coupled with an increase in their workload and more demanding deadlines.
The findings point to workers become increasingly reliant on applications to perform their job. IT pros must zero in on application management to ensure business continuity. However, the influx of low-cost or no-cost applications – easy to download and user-friendly – means rogue employees are failing to bring IT into the equation, despite the effect (and potential risks) these applications can pose on the network.
Below are eight types of applications you should be aware of to ensure they are performing optimally, followed by tips on what to do once these applications are discovered:
Online Storage
Examples: Dropbox, iCloud, Box, Google Drive, One Drive
Why: Along with the inherent risk of storing corporate data in a cloud that the corporation doesn’t control, the fact that user accounts are easily hackable can create a security risk – especially if users are in the habit of having the same (or similar) passwords for all services. Also, the convenience of the drag-and- drop interfaces usually associated with these apps, combined with massive storage quotas for next to zero cost, make it all too simple for users to accidentally or purposely put extremely large files into the folder and have them synchronized to the cloud – causing networking bandwidth taking a hit.
Online Gaming
Examples: From angry birds to the latest multi-player online experience
Why: Unless the company is in the gaming industry, it’s hard to imagine why corporate resources SHOULD be used for this purpose. Along with the risk of the game itself (caused by the client software on the PC that receives push-based updates from the gaming server, and the gaming server that establishes multi-port connections to the PC), there’s the additional risk of accounts being hacked and social engineering happening in-game. Finally, as with many other items on this list, the impact to legitimate business applications in the form of competition for network resources cannot be ignored.
Media Streaming
Examples: Hulu, Netflix, Pandora, iHeartRadio, Spotify
Why: Each company will have to evaluate the risk relative to general user discontent on this one. It could be argued that music streaming services are relatively innocuous and provide a pleasant workplace environment. It’s less obvious how video streaming could be anything except an employee distraction. It should be noted that many of these support (or are primarily created for) a mobile platform, which companies will have a harder time blocking. More than any other category of application, media streaming services can consume a significant amount of bandwidth, and therefore run the risk of impacting legitimate business activities. For this reason alone, companies should seriously evaluate which (if any) streaming services should be permitted on the corporate network.
Social Media
Example: Facebook, Google+, Twitter, Tumblr, Pinterest, Tinder
Why: Similar to media streaming, some services could be seen as necessary or a concession to fostering a friendly workplace. Others clearly have no redeeming value to the company and employee work, and should be blocked. It should be noted that many of these support (or are primarily created for) a mobile platform, which companies will have a harder time blocking.
Messaging
Example: Facebook Messenger, Google+ Hangouts, Hoccer, WhatsApp, Yo
Why: As with other online services, the combined risk of having the client itself compromised along with the general risk of user account similarity – coupled with the overall dubious business justification for the tools – make this one of the categories to cut from the network. In addition, there are a variety of clients that support multiple message services (Trillian, Pidgin, Digsby and more). While the clients themselves may be more or less secure and well-written, the plugins represent yet another vector for malicious infection. It should be noted that many of these services support (or are primarily created for) a mobile platform, which companies will have a harder time blocking.
Anything from PortableApps.com or similar sites
Examples: Thunderbird, Firefox, Chrome, LibreOffice
Why: Small, portable versions of full-blown applications allow users to run software on otherwise-locked- down Citrix desktops or library computers. Potential problems stem from the complete lack of control and trackability. They might be secure; they might not. They only exist on the computer when they are being run, since they typically reside on a USB drive.
Internet Voice
Examples: Skype, Viber, Google Voice
Why: Voice applications – whether corporate sanctioned or not – are extremely sensitive to delay and bandwidth constraints, and therefore dependent on network stability to work correctly. If a company is making the leap to Voice over IP (VoIP), IT should set the expectation that this is the only voice client that should be running on the wire.
File Sharing
Examples: Mega, TorrentFreak, Pirate Bay
Why: File sharing represents two significant threats to businesses. First, there is a legal aspect, where failing to block these sites and services could be construed as tacit approval, and therefore present issues of liability should an employee download illegally-distributed copyrighted material at work or using IT-provided resources. Second, the files shared in this way are often significant in size, and therefore impact the overall bandwidth available to legitimate business activity.
Tips
Get management buy-in.
We’ve seen a number of times where IT staff makes a smart move – for example, turning off a file sharing service like TorrentFreak – only to receive a direct order from upper management to turn it back on. In every case, this demand was a knee-jerk reaction from a user who just had their favorite “toy” taken away. (It just happened to be a user who sits on the executive team.) Getting buy-in for the list of applications, sites and protocols that are being blocked (along with reasons why it should be blocked) can help avoid this scenario.
Know the environment, and be able to back up actions with data.
In this case, a good NetFlow tool can show exactly which sites, services, protocols and users are involved in high-bandwidth conversations and give IT a chance to investigate (and obtain that buy-in mentioned in the first tip) before acting.
Another great tool is deep packet inspection. A common course of action in reaction to complaints of slow applications is to shut down all “non-essential” applications on the network. The problem is that it can be challenging to know whether applications are slow because the network is overloaded, or because the application’s servers are the actual bottleneck. A sophisticated packet inspection solution can show what is causing the slowdown.
Be reasonable.
In some cases, a shutdown is simply a fact of life. Most business are not going to allow employees to watch Netflix on company systems. However, in many other cases involving social media, messaging or music streaming, the decision is likely going to affect employee morale and even potentially productivity. So, if music streaming is not taking up inordinate amounts of network bandwidth or employees are getting their work done even with access to Facebook, it may be best to allow them.
Offer explanations and alternatives.
Treat a group of adults like children and they will usually meet expectations. So when IT has to shut down a set of services, communicate what it is happening and why the company network has to be protected. Then go the extra mile and offer alternatives; it could be as simple as explaining that users are completely permitted to stream music to their cell phone. Or the company may agree to set up a separate “BYOD” (bring your own device) wireless network with its own bandwidth limitations, allowing employees to connect phones and tablets but keep traffic is segmented away from business applications.
Conclusion
At the end of the day, organizations need to acknowledge that it takes both the employer and the employee to ensure that the network is safe from harm and that no organization should permit any software that has adware or bloatware or allow “legitimate” software to download from questionable sources to keep your network in a clean bill of health.
Leon Adato is a Head Geek and technical evangelist at SolarWinds, and is a Cisco® Certified Network Associate (CCNA), MCSE and SolarWinds Certified Professional (he was once a customer, after all). His 25 years of network management experience spans financial, healthcare, food and beverage, and other industries.