From the June 2001 issue of Entrepreneur

Back before Napster's legal morass, the ultrahip Web music provider's ability to attract tens of millions of MP3 file-swappers virtually overnight caught everyone's attention-and led to dozens of copycat peer-to-peer networks. Indeed, P2P networking among individuals is supposed to be the proverbial new computing paradigm. Some have gone so far as to deem 2001 "The Year of the Peer."

If so, that's not necessarily a good thing. There's a chance your company could get served a heaping helping of P2P before the concept is fully cooked. So? That's how streaming video, biometrics and most new technologies come to fruition, isn't it? True, but the acronym "P2P" doesn't refer to only a technology. It's also a socio-economic philosophy that's best summed up as "What's yours is all of ours."

 
TECHABULARY
  Paraspam: Discussions about how to get rid of spam that take up more time than simply deleting the spam itself.  

The last time we checked, you're all about making money and holding down costs. With those priorities in mind, you should take a careful look at P2P before inviting it onto your network. It still has three major shortcomings that could drain your company's IT support and networking budgets-or worse:

1) Lack of common programming standards and protocols,
2) Lack of security, and
3) Lack of respect for people's private property.

The first problem will get worked out-probably long after the current trickle of P2P applications becomes a flood. Security is likely to be a problem, resulting in higher costs overall and the occasional expensive disaster. But that last problem, that's the tough one. It arises from our changing social mores and isn't likely to be helped by bestowing an identifiable address on every PC-or, in the P2P vision, on every file on every PC.

With Friends Like These . . .

BATTEN DOWN THE HATCHES:Here are some suggestions by business consultants on how to prepare your network for the advent of P2P:
  • DECLARE A MORATORIUM until each desktop has antivirus and firewall software and your network has intrusion detection software.
  • CENTRALLY MANAGE your defenses and update virus and firewall definitions automatically and often.
  • SPECIFY THE TYPE AND SIZE of files that can be shared.
  • LIMIT P2P FILE TRANSFERS to times of low network traffic.
  • AGGRESSIVELY MONITOR network traffic with software and let everyone know you're doing it.
  • BE SPECIFIC about the consequences of rule-breaking, and follow through.

Yes, the unused processor cycles of the 100 million or so computers hanging off the Internet is a wonderful untapped resource. Yes, bizarre projects like SETI@Home (Search for Extraterrestrial Intelligence at Home) demonstrate that unused processor time can be harnessed for the most ambitious tasks. But who owns those unused processor cycles? Apparently, the answer from the most ardent P2P enthusiasts is: The People.

Voluntary communal projects like SETI have little impact on your company. The stakes get higher as we pass through your firewall and take a peek at some of the things your employees might already be doing on your company network. Research company Computer Economics vice president of research Michael Erbschloe reports that personal activities, such as online banking, recreational Web browsing and MP3 file-swapping, can consume as much as 25 percent of a company network's capacity today.

Gartner Inc. research director Rob Batchelder puts that figure below 20 percent as a rule. Either way, monitoring or policing unauthorized Web use in a 100-person company requires the full attention of approximately one IT staffer, suggests Erbschloe.

That's today. Now let's imagine a future in which staff members swap not just music files, but also your network's data files and executables with others on a large scale. That's exactly what some segments of the P2P glee club envision-giving your employees the unfettered right to share your company data and other material with whomever they deem appropriate.

To get a feel for this mode of thinking, read any of the reports or editorials from the recent P2P Conference held by technology portal The O'Reilly Network. "You hate the IT department, and they hate you right back," writes Clay Shirky, a partner in the investment firm Accelerator Group. "The mutual enmity between the average IT department and the average end user is the key feature driving P2P adoption in the business setting."

Batchelder insists these attitudes are foreign to the for-profit segment of the P2P community-the ones who want to bring products in through your front door. P2P start-ups like Groove Networks and XDegrees have real, live business plans with cash-flow models and strategies to address enterprise security, network load management and other IT concerns. But they exist alongside people who are intent on bringing Napster clones in through your back door-and have a resonance with the public. The majority of Internet users recently surveyed by the Consumer Electronics Association said they should be able to download online content for free. And a very vocal segment of the P2P community wants to take the locks off the doors and see what happens.

Back to Business

Batchelder believes the attitudes of legitimate market stakeholders are likely to prevail-at least for business products. Companies like XDegrees envision something like virtual private networks extended to audiences outside the firewall. CEO Michael Tanne, whose P2P application-development server should ship this summer, is going to great lengths to ensure security.


85%
of respondents in a recent survey reported computer security breaches; 26 percent reported theft of intellectual property totaling $151 million.
SOURCE: Computer Security Institute

But like all PC locks, his system will only be as effective as its least conscientious user. No one is more thrilled by the possibilities of P2P than hackers, who live to uncover human error. P2P complicates security issues by orders of magnitude, says Rob Clyde, vice president and chief technologist at Symantec Corp., and greatly increases the potential for mistakes.

Security experts are unanimous that a key element of network and desktop defense is to simply not be visible to Internet prowlers. Once you've invited a hacker through an open PC port and onto your hard drive, it's a whole different ballgame, says Clyde.

Hackers were the first to write P2P applications. They're called Trojan horses, and P2P networks like Napster and ICQ are their preferred channels of distribution, says Jim Weaver, 45, owner of Cyber Resources, a Crestview, Florida, security consulting firm.

Based on the fact that the best and brightest of Silicon Valley-right up to Intel itself-are all worked up about P2P, there's a certain inevitability to it. But don't forget about the vampires out there. The Internet is dangerous enough outside your firewall. But, as anyone who has ever seen a vampire movie knows, your troubles really begin once you invite one in over your threshold.

It's 2 a.m. Wednesday morning. Do you have any way of knowing whom your always-connected computers are talking to?


Mike Hogan is Entrepreneur's technology editor. You can e-mail him at mhogan@entrepreneur.com.