Commentary: How companies can avoid the risks of file swapping

Anytime people download files or other software from the Web they risk exposure to a number of security threats.

2 min read

Anytime people download files or other software from the Web they risk exposure to a number of security threats.

Gnutella file swappers inadvertently sharing "cookies" that contain information about the user and the user's system is just one example of this security exposure.

Gnutella's services are certainly not

See news story:
Gnutella swapping cookies, too
the first example of such a problem. Over the years, users have had to deal with the potential threat of downloading everything from malicious viruses to well-meaning applications that managed to undermine the stability of their systems through some arcane technical conflict that nobody foresaw.

At one point, downloading executable files, Java applets or ActiveX controls was likened by many as exposing systems to what was potentially the "e-bola" of computer viruses. However, the value of new capabilities and information sets has, and we believe forever will, drive users to take these types of risks.

All users need to be very careful about what files and other information they share. In the case of businesses, governments and other professional organizations, IT professionals should both educate users on the implications of file sharing and limit file-sharing capabilities outside of the organization. This holds true for not only Gnutella, but also for other file-sharing approaches, such as the file-sharing options included in most instant messaging features.

The ultimate answer lies more on the side of education, which fosters awareness, and using corporate policies instead of technology-based constraints. If users want to share files, they will likely find a way. It may be as simple as attaching files in an e-mail and sending it outside of company firewalls or copying information to a disk and simply walking out the door with it.

In most cases, the answer is policy. In extreme cases, such as where the information is a secret or national defense data, more controls are placed around people's ability to access and manipulate the information.

We recommend that IT organizations continually update policies concerning any information that can be downloaded from the Internet, including through file-sharing services such as Gnutella. These appropriate-use policies must be reinforced through a combination of education and technology-based monitoring and enforcement.

META Group analysts Val Sribar and Peter Burris contributed to this article.

Visit Metagroup.com for more analysis of key IT and e-business issues.

Entire contents, Copyright © 2001 Meta Group, Inc. All rights reserved.