I confess. I am a social media fanatic. I have even been called other words – ones rather unsuitable for this blog. But I love social media; I love how it gives me the ability to stay connected and keep up to date – both personally and professionally. So you can imagine how excited I was to see the shift in usage patterns from simply browsing to more active uses such as applications, posting, and social plugins. I wasn’t alone… There were many more fanatics like me! And based on the volume of press around these findings, the media clearly found that exciting as well. These shifts are not all end-user driven – they are a combination of both personal and corporate use. Organizations are figuring out ways to better their business using social media. We have some great examples of corporate use in the latest Application Usage and Risk Report.
However, the finding that was most interesting and somewhat surprising to me as a network security professional was the volume of applications that never traverse port 80. We found that 35% of the 1,195 applications never use port 80 and yet consumed 51% of the total bandwidth. These are all your business applications such as Oracle and SAP. The reason for my surprise is the plain and simple fact that I had been lured into the “focus your security on port 80” trap by the current IT trends: cloud computing, social media, software as a service, and so on. View these and other key findings below.
The “apps not using port 80” finding confirms my view that too much focus on port 80 security is shortsighted and high risk. It is analogous to locking the front door without locking the side and back doors. Do you need to secure port 80? Absolutely! But more importantly, you need to control and protect all applications across all ports, all the time as a means of enhancing the business. This is what I call secure application enablement, or put differently, the rule of “allow but…”
- Allow SharePoint but control application functions
- Allow Oracle but protect against SQL attacks
- Allow Facebook for all, but limit posting to specific groups
- Allow Twitter but limit access by schedule
- Allow Streaming media but apply QoS
- Block all P2P applications
Secure application enablement will allow you to strike the balance of allowing social media but within usage and security parameters that are appropriate for your organization. Secure application enablement will help you encourage the use of business-focused browser-based filesharing applications, but block media-focused variants. And secure application enablement will allow you to restrict the use of remote access tools to only your IT and support staff – all of which traverse ports other than port 80.
The time of shortsighted application prevention systems (also known as traditional stateful inspection firewalls) is over. The firewall needs to safely enable applications—and business.