Study Reveals Widespread P2P Use in Corporations

A new study indicates that peer-to-peer (P2P) file sharing and the downloading of music, movies and software applications is pervasive in corporate computing environments.

The survey of more than 175,000 PCs at 560 companies in a variety of industries -– conducted by Ottawa, Canada-based AssetMetrix -– shows "a staggering incidence of P2P activity" in corporations. AssetMetrix found that 77 percent of all corporations had file-sharing activity, and some had P2P activity on more than half of their computers.

While recent measures by the Recording Industry Association of America have heightened the legal and liability concerns surrounding P2P applications -- such as Kazaa, Morpheus, Grokster and SoulSeek -- experts point to security and bandwidth issues as the biggest potential risks associated with P2P use at the office.

Under the Radar

Many corporations keep a tight lid on the use and security of their computer networks, but P2P activity is often overlooked, according to experts.

"We're under the impression that not many people understand that P2P is quite pervasive in the [corporate] environment," AssetMetrix co-founder and director of research Steve O'Halloran told TechNewsWorld.

Blaming scattered infrastructures and small branch offices, O'Halloran said business leaders are aware of the dangers and detriments of employee P2P use, but are unsure what to do about it.

"Executives know it's not a good thing," he said. "It's the same as with software licensing: They don't want to be on the wrong side of the law, but they're saying, 'Show us how.'"

Following the Files

Yankee Group senior analyst Mike Goodman told TechNewsWorld that companies do not typically spend time monitoring which employees are running file-sharing applications on the corporate network.

However, given the number of files that are downloaded on a daily basis, Goodman said P2P use is occurring at work.

He said the typical corporate response is to send e-mail announcements that highlight the music or movie files employees have downloaded -- complete with a reminder that employees should not be using P2P applications.

Legal Trouble

Recent legal action by the RIAA poses a potential legal and financial threat to companies that knowingly permit employees to download content illegally, according to a recent report by Gartner (NYSE: IT) analyst Lou Latham. The RIAA won a court ruling allowing it to identify ISP users and seek as much as US$150,000 per pirated work if a company is allowing employees to use the corporate network to download copyrighted material.

O'Halloran likened the legal risk of P2P use at work to being struck by lightning, saying the chance of getting sued is negligible, but he warned that a company could get into serious trouble if it were taken to court.

"It's not likely [the RIAA] will hit you, but if they do, you're going to get fried."

Deeper Dangers

The Yankee Group's Goodman also downplayed the legal liability of P2P use on corporate networks, instead pointing to security, bandwidth and productivity concerns as the real dangers.

"One thing we know is that P2P networks have a lot of viruses on them," Goodman said. "And if it's the corporate network, you not only have a virus on your own PC, but potentially all the PCs on the network. Plus, it's inside the firewall, so [the virus] is more apt to do more damage."

He also drew attention to the cost of bandwidth and lost productivity if a corporate network is slowed by P2P use.

Policy and Policing

O'Halloran, whose company has released a free service –- P2P Tracker –- to monitor the rampant P2P use inside corporations, agreed that security and bandwidth issues hit home with businesses.

"This is definitive," he said of bandwidth costs. "You can't get away from this."

Still, he indicated that policies regarding P2P use at the office seem to be effective, noting that industries and areas that have already restricted it, such as government, financial and military sectors, did not have the same levels of P2P activity as other organizations.

Goodman reiterated that policy alone will not curb P2P use at work.

"It's not just a question of policy, it's a question of policing," he said.