It’s 10:00 a.m. – Do You Know Where Your Staff Is?
It’s difficult to imagine a modern work environment without Internet access, yet, much of the information available to employees on the Internet today is not job related. What began as a benefit to productivity has now become a drain on productivity and a potential security risk of epic proportions. In response, organizations have increasingly sought ways to proactively control Web access.
The lack of any constraints on content on the Web has created an enormous amount of sites that are not suitable for children and are a source of possible legal liability for businesses because of their offensive nature. But the risks and threats to organizations by unbridled employee Internet access now reaches far beyond legal liability issues. Companies that provide Internet access to their employees for business purposes need to be concerned about managing that access to avoid loss of productivity, loss of network bandwidth and responsiveness as well as exposure to legal liability by failing to control frivolous and totally inappropriate non-work related browsing by employees.
Over the past few years, the need to proactively control Web access has driven the development of a variety of Web-filtering methodologies, from plug-in hardware for the single PC user to complex and cumbersome software packages. However, the unrelenting growth of new Internet content combined with the need for transparent network installation and simple administrative mechanisms to manage large numbers of users have often made these alternatives either too unwieldy and/or too ineffective for use by most businesses and organizations.
In response to the specific needs for comprehensively and flexibly controlling Internet access for users throughout business and educational settings, a new generation of solutions has now emerged to provide precision control over all Internet usage. This article will explore the latest technology, and help you evaluate solutions to meet your own enterprise needs.
Effective Internet Management: Improving Productivity and Reducing Risk
Any business or organization that provides Internet access has both an implied and explicit responsibility for monitoring and controlling that access. Controlling Internet access is important from more than a moral, ethical and productivity view. Emerging Internet case law establishes an organization’s responsibility for due diligence in establishing, monitoring and enforcing acceptable Internet Use Policies
The downside of providing widespread employee access to the Internet is the potential for abuse. From a business standpoint, the major concern is the risk of productivity losses resulting from staff using valuable work time to surf the Web or access personal services such as travel sites, on-line gambling, and chat services. Even access to relatively benign sites such as streaming audio music services, while perhaps not directly effecting productivity, can pose a significant drain on the company’s available bandwidth and computing resources. In addition, businesses must also protect themselves from the potential legal liabilities of inappropriate access, such as sexual harassment lawsuits that could arise from an employee’s unauthorized access and display of pornographic materials using the company Internet connection.
Establishing an Internet Access Policy: Balancing Employer & Employee Needs
The backbone of any responsible action towards limiting liability is the establishment of an Internet Access Policy (IAP), or Acceptable Use Policies (AUP). Not only do such policies define and communicate the organization’s rules and expectations with regard to Internet access, they also provide the framework and audit trail for documenting violations and problem areas.
Often, just having a written policy acts as a significant deterrent to unacceptable Internet usage. At the very least, it provides a firm basis for communicating with students or employees whenever policy violations lead to the need for corrective action. Like any rule that is not enforced, however, Internet access policies that are not backed up by proactive monitoring and access control measures are soon ignored, losing both the ability to effectively guide users’ behavior and to protect the organization from liability. Therefore most organizations are turning to the dual strategy of publishing clear Acceptable Use and Internet Access Polices combined with instituting comprehensive precision Internet access control and reporting over all user activities.”
Content Filtering: Prevent Abuse Before It Happens
A content filtering solution is only as good as the Web data it collects and analyzes. There is a fine line in Internet access management of blocking too little or too much. The more advanced filtering methods utilize a database of URL and IP address information to block access to specific sites that have been pre-determined to contain inappropriate content. Content security using filtering technology provides the key protection against risk due to employee behavior and abuse of IT resources.”
Filtering solutions can protect an organization from employee mistakes including:
Accidental dissemination of sensitive corporate information
Willful and malicious transfer of data
Accessing objectionable or illegal content
Illegal file sharing
Even when an acceptable use policy is in place, administrators often lack the means to enforce it. Filtering solutions enable management to enforce security policies, privacy policies and AUPs while managing staff productivity and minimizing wasted network bandwidth.
Blocking by URL address is the most sophisticated technology. Utilizing a database of millions of URLs, access can be denied to specific pages within a single Web site. This method allows for greater accuracy in filtering and reporting as well as giving the greatest amount of flexibility to overall content management. This methodology has proven to be the most effective and scalable when used as part of an enterprise-wide Internet Management Policy.
Because the Internet is a constantly-changing environment with new Web sites and pages added and altered all the time, one of the most important criteria in selecting an Internet management solution is the accuracy and currency of the control list database. Constant and regular updates as well as maintenance of the database are critical, so choosing a solution from a vendor with a qualified team of professionals to update and maintain your control list is a must.
Flexibility: Configure for Real World Use
Whether server-based or a standalone appliance, for a filtering tool to be effective there needs to be great flexibility in the way the user settings are established and implemented. It is essential that the chosen solution is configurable and gives administrators maximum flexibility in managing content security. Administrators must be able to configure blocking by user and group. There is no such thing as a “one size fits all” policy, and organizations differ in their need for blocking even between individual departments. A solution that does not allow this level of customization will quickly outgrow its usefulness. Worse yet, administrators may circumvent it if it seems to be a burden.
Gathering and storing data is of no real use unto itself. The ability to take the data and convert it to a concise and easy to understand report is true information. Enterprise Internet Management can not be effective without the ability to track where, when, and how an organization’s Internet resources are being used. To improve effectiveness and maximize the return on your investment, you should consider the newest breed of solutions that have sophisticated, custom and automated reporting features. Automated reporting increases the efficiency of policy enforcement, allowing management to stay informed of employee activities. Reports should be customizable to allow for different information requirements and reporting to different levels of an organization. Automatic scheduling of periodic reports as well as real-time notification and reporting of abuses are essential and will increase the ROI of the program.
Conclusion
As enterprise networks and internal operating systems become more complex and more interdependent, IT professionals are losing their ability to keep up with corresponding security threat increases-due in large part to increasing demands on their time from the complex systems. In order to lessen the burden on IT and increase security, a proactive approach to managing Internet resources must be implemented by all organizations concerned with security threats.
A solution that allows for security task automation allows for greater increase in network security without adding to an already overburdened IT administration. These automated content security tools help to effectively and efficiently secure network assets against threats from inside and outside an enterprise. Implementation of content security through Web filtering and reporting minimizes the legal liability risks, reduces wasted network bandwidth, and allows for real gains in productivity. The use of these advanced automated tools helps increase ROI, reduce IT workload, and improve the enforcement and efficiency of security, AUP and privacy policies.
As you look to solve your own enterprise Internet management initiative, there are five key features to look for.
1. Easy installation and administration
2. Customizable filtering mechanisms and user profiles
3. Sophisticated monitoring and filtering of all Internet content types
4. Customizable and automated reporting for business units or groups
5. High degree of scalability and maintainability
Both software and subscription services are available to solve these needs, and the right solution can empower organizations to take full control over their Internet access issues.
Statistics on Internet Abuse
- Internet surfing on the job accounts for 30-40% of lost worker productivity. (IDC Research)
- One in five men and one in eight women admitted using their work computers as their primary lifeline to access sexually explicit material online. (MSNBC)
- 19% of all personal Internet use by employees is to access sites that pose serious security risks to their employers and their networks, such as malicious code, spy ware and file sharing sites. – (Burstek 2005 Industry Internet Users Study.)
- Over 21% of corporate bandwidth costs are attributed to personal employee use. (Burstek 2005 Industry Internet Users Study)
- 82% of U.S. business executives surveyed by the consulting firm Dataquest (a division of the Gartner Group) believe Internet use should be monitored at their companies. (InformationWeek Online)
72% of all personal Internet use by employees is related to productivity loss categories such as shopping, sports, personal Email, chat rooms and on-the-job job searches. (Burstek 2005 Industry Internet Users Study)
Add to document.write(“Del.icio.us”) | Digg | Yahoo! My Web
Technorati:
David Smith is Chief Operating Officer at Burstek, responsible for strategic and tactical operations management including the design, operation, and improvement of Technology & Research, Product Development, Sales & Marketing, Client Services and Technical Support. Smiths 30 years in operations and business development includes executive roles in finance (Deloitte & Touche LLP, Kemper Financial Services) and healthcare (Americana Healthcare Corp.). Burstek is a leading Internet Security and Employee Internet Management company, providing Web and email security, filtering and log analysis solutions for the enterprise. For more information, visit www.burstek.com.