Businesses boosting anti-P2P software

Concerned about clogged networks, security risks and legal liability, corporations are turning to network control tools.

Reid Burch, network services manager for the Promina Southern Regional Health System hospital near Atlanta, was having a problem with slow networks early this year.

Applications were poky, pipes were full, and the hospital was inching toward buying new, expensive connections to keep up with the demand for bandwidth. But before paying the phone company, Burch agreed to try out network-monitoring software created by a company called Packeteer.

What he found was a surprise: In the first 18 hours that Burch used the software, file-swapping services like Kazaa made more than 1,100 attempts to use the company's network. Even more surprising were the effects on the applications that the company had already noted were a little slow. Burch found that when P2P networks weren't active, a routine but critical database information swap that had been taking nine hours to perform suddenly was done in an hour and a half. It was a wake-up call, he said.

"We saw that there was a huge problem that we knew existed, but we hadn't known how to remedy it," Burch said. "We'd been fighting a losing battle."

As has been the case with other companies trying out new network- and bandwidth-monitoring tools, Burch's system woes weren't entirely tied to the presence of file-swapping software on company computers. But the discovery of activity that's taking up large amounts of bandwidth and exposing the company to potential legal liability is exactly the type of revelation that's persuading a growing number of companies to do something about file swapping.

This demand on the part of businesses for control over their networks is proving fertile ground for a new generation of bandwidth- and network-management companies, which are pitching their services as the answer to P2P, viruses and other "garbage software" ills. Among these companies are Packeteer, Allot Communications, AssetMetrix and a growing list of others.

These companies' initial forays into the realm of file swapping were helped along by universities, which bore the brunt of the first wave of Napster and Kazaa popularity that began in late 1999. Many of those institutions, while loathe to block peer-to-peer traffic altogether, helped companies like Packeteer figure out how to track and manage file-swapping activity.

Corporations are now increasingly waking up to the issue, as a result of a recent wave of publicity over the recording industry's impending lawsuits against individual file swappers, a series of warning letters sent by the Recording Industry Association of America to big companies, and cease-and-desist letters sent to companies where copyrighted files have been found.

"A year ago, mostly universities and service providers were worrying about their bandwidth," said P.G. Narayanan, CEO of Allot. "Now it's a different angle that we're hearing in corporate America. It's concerns about copyright law."

The problem, according to network management experts, is that corporations often don't have their PCs as tightly controlled as they would like to believe.

Many companies have strict rules about what kinds of software can be installed on company computers. Some versions of Windows operating systems have options to let only network administrators install software. Some configurations even require employees to use network-based software instead of programs located on their hard drive.

But network surprises persist. A recent study conducted by Canada's AssetMetrix of 560 companies that range from 10 to 45,000 employees found file-swapping software installed on at least one computer in 77 percent of cases.

Craig Wysik, information technology manager at the 80-person Western Washington Oncology center in Olympia, Wash., found that to be the case when he first tried Packeteer. The company wasn't having serious network-slowdown issues, but he did find some file-swapping software installed.

"It wasn't yet a problem in terms of performance," Wysik said. "But the fact was, something was there that we didn't know about, and you don't want that happening on a business network at all. People should have other things to do than download music."

Network stresses
The situation creates several potential problems for companies that are caught unaware. Modern file-swapping applications such as Kazaa automatically select high-bandwidth points inside their network to handle much of the traffic management and routing functions. Corporate computers with fast connections can easily take on this role, creating a big bandwidth burden for the company's network, even if employees who have downloaded the software aren't using it themselves.

Companies also worry about security implications for file swapping. Many people who use P2P software aren't technically sophisticated and might accidentally expose vulnerable parts of their computer or network. For Burch's hospital and other health care organizations, which are universally trying to secure their network privacy in line with the Health Insurance Portability and Accountability Act, that's a serious concern.

Potential liability is also an issue. At least one company has already settled with the Recording Industry Association of America over copyright infringement issues, paying the organization $1 million in damages for operating an internal MP3 network. Administrators looking to shield themselves are turning to network-management tools as one way of showing that they're trying.

The companies behind those tools have several different means of approaching the problem. Monitoring and audit companies like AssetMetrix scan corporate networks for every piece of software located on PCs to find file-swapping software, spyware, instant messaging programs and everything else that's living on corporate hard drives. Those reports help administrators or other consultants track down unauthorized code.

Packeteer, Allot and others go one step further. They scan to see which software applications are using a network, and they control the amount of bandwidth that's allocated to each application. That means that, as some universities do, companies can shut down altogether or allot just a trickle of bandwidth to software like Kazaa.

Analysts say bandwidth management is likely to survive over the long term. Particularly as bandwidth prices rise again as expected over the next few years, tightly controlling the network space that's used by each program can save money quickly, analysts say.

"By spending this money, companies can avoid having to buy another T1 (network connection) and can very easily show return on the investment," Meta Group analyst Jerald Murphy said.

Packeteer CEO Dave Cote said most of his customers aren't initially coming to him to control file swapping, and he worries about his company being pigeonholed as an anti-file-swapping service. Indeed, it is only after running the monitoring tool that most customers realize they have a problem, he said.

"It's in people's minds; they are aware of it. So when they see it, they want to block it," Cote said. "For corporate customers, it is on the list of negative programs but often not as high as things like streaming video."

Allot's Narayanan predicts that these are the early days of an education campaign for companies and that, ultimately, these issues of potential legal liability and destructive effects on corporate network resources will be taken more seriously.

"It's just like sexual harassment 20 years ago, when only a few big companies might have had an explicit policy against it," Narayanan said. "Today, every company small and large has a very specific policy. I think it is going to be the same way with music downloading. Corporate America will have to have a policy for fear of liability."