Posts Tagged Web filtering
We’ve all heard this saying before and it’s easy to get lost in the bewildering array of communications channels available to us. There’s the usual email, instant messaging networks (Yahoo!, Google Talk), peer-to-peer networks (Skype), enterprise IM applications (IBM Sametime, Microsoft Lync/OCS), and social networks (Facebook, Twitter). And these are just the big boys. There are literally thousands of IM, P2P, and social networks, in addition to those listed above.
To give you an idea of the bevy of tools out there, the US Department of Agriculture (USDA) uses over 21 different email systems, but they’ve recently decided to award Microsoft a contract to provide cloud-based email, Web conferencing, IM, and collaboration solutions. Similarly, the US General Services Administration (GSA) awarded an email contract to Google. What this goes to show is that messaging in large organizations (in this case, it’s the government) is starting to move to the cloud as companies look for ways to streamline their messaging systems, improve efficiency, and cut costs.
What with all these communications options available to end users, it’s all too common for folks to use Facebook, Yahoo!, or Skype while they’re at work on company-issued computers. Oftentimes, individuals use a combination of Web 2.0 (think Facebook or Skype) and enterprise (think Microsoft Communicator or Cisco Jabber) applications. The problem with doing so is that it opens up new vectors for malware to invade the corporate network. In other words, there are far more avenues for evil to infiltrate the corporate network these days than ever before.
Thankfully, platforms like Actiance Vantage make it easier to manage the proliferation of communications tools within the enterprise. From blocking virus attacks to managing file transfers to logging and archiving of all IM activities, Vantages provides end-to-end security and compliance coverage for an organization’s unified communications.
We can all learn a lesson from the government contracts cited above. Long ridiculed for being the poster child of bureaucracy and antiquated computer systems, it must be saying something to have two large agencies moving their communications applications to the cloud. Looks like the US government has taken heed of that old KISS principle after all.
As you’ve no doubt already heard, China recently announced plans mandating that all new computers sold in that country – including imported PCs – be delivered with pre-installed and pre-configured Web filtering technology beginning July 1, 2009.
Branded Green Dam-Youth Escort, China’s foreign ministry spokesman defends the software claiming it’s “aimed at blocking and filtering some unhealthy content, including pornography and violence” in an effort to protect children.
Putting aside the obvious discussions of censorship versus freedom of information, there’s a fatal flaw in China’s plan. Maybe we shouldn’t tell them this, but Web filtering software alone doesn’t block people from visiting Web sites and/or accessing Web applications.
Surprised? While the Internet used to be primarily about transmitting and accessing fairly static information via HTTP, FTP and e-mail it’s now dominated by Web 2.0 applications such as instant messaging, P2P, VoIP and social networking sites. Savvy Internet users already use tools like anonymizers to mask their browsing habits, and real-time communications and Web 2.0 applications are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling, onion routing, etc. – after all, their goal is to grow their communities and ensure users have the full experience.
From what I’ve read, neither China nor the media has considered or addressed this. I’m certainly not in favor of China to block access — yes, FaceTime helps organizations control employee Web browsing and use of Web 2.0 applications, where visiting certain sites or using certain applications may be inappropriate in the workplace, put the company at risk or impact productivity — but the Web sites you choose to visit and applications you use at home are for you to decide and parents to control.
The backlash over China’s censorship plans is widespread, including nearly 20 trade groups representing technology companies calling on the Chinese government to reconsider the mandate contending that it “raises significant questions of security, privacy, system reliability, the free flow of information and user choice.” There’s also the California company that claims the mandated Internet filtering software contains stolen programming code. Other articles say the Chinese government has already backed down, retreating on its controversial new web filtering plan, saying the software can be uninstalled or switched off.
It’s not clear yet how all of this will play out, but you have to ask, if China’s mandate won’t be effective, why do it at all?
It seems as soon as a new technology is adopted into mainstream business, a whole host of support technologies soon follow to fill in the gaps and solve the new issues that are created. Consider the enormity of the anti-virus market that was created after the ILoveYou Virus hit in 2000, and the addition of URL filtering to enterprise IT’s checklist of “must-haves” following the adoption of the Web browser.
The good news is that browser based traffic is now monitored and managed in most organizations. So, what’s the next new technology? Always one step ahead, employees have turned to other real-time applications including social networking platforms, IM, peer-to-peer file sharing, Web 2.0 VoIP and conferencing applications. And the next new technology solution? Application filtering.
This week, FaceTime announced that we’ll begin licensing our application inspection and classification technology, called ACE (Application Control Engine), to other network security vendors. This same technology is at the core of our Unified Security Gateway product, detecting and classifying more than 1,400 Web 2.0 and real-time communications applications and more than 50,000 social networking widgets – a number that grows daily.
This is the new frontier for Web security, as Sarah Perez points out in her analysis of how Web applications fly under IT’s radar,
“… when users become their own I.T. department, they’re unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn’t make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company’s data at risk, they could also be breaking various compliance laws as well.”
Sarah’s analysis is spot on. She goes on to point out that
“If FaceTime’s ACE or other similar technologies become a mainstay in the enterprise I.T. toolkit, the explosion of Web 2.0 for business use, a trend typically called Enterprise 2.0, may be dealt quite a blow. The only Enterprise 2.0 apps that will succeed given that scenario will be the ones that worked with the I.T. admins from the very beginning to assure them of their safety. The apps reliant on a slew of the company’s rule-breaking users for adoption, however, will be out of luck. Perhaps being sneaky may not have been a great business model after all.”
From our conversations with IT managers and through our annual study of usage trends, end user attitudes and IT impact, it’s clear that the number of unsanctioned applications on enterprise networks is exploding because the nature of the workforce is changing. In fact, one in three employees say they feel they have the right to download whatever applications they need to do their jobs, regardless of policy. And interestingly, one in three IT respondents believe that written policies are ineffective methods for controlling enduser downloading of applications.
Given not only the sheer number of Web 2.0 applications but their obvious increased rate of adoption in business, I believe we’ll eventually see application filtering become standard, and most likely even more important, than URL filtering is today.
At the beginning of the season, Tom Brady was a top fantasy football league (FFL) draft pick. The guy can move his team downfield and put up points for an FFL team. But this all came to an “oh-my-god-you’ve-got-to-be-kidding” stop on Sunday when he went down with a year-ending knee injury in the first regular season game.
Now what? For millions of FFL managers the season is in jeopardy - not to mention serious bragging rights. Next step? Join the conversation and start thinking about a replacement for your QB position – even if it means doing it during “work hours.”
And, this is precisely why you should care – not you the football fan, but you the IT fan. Your employees are in the conversation. Some are less concerned about their jobs and much more interested in solving their QB problem, and they’re using Web 2.0 tools to do it.
As I said a few months back in a post about March Madness, scenarios like this occur in organizations every day. And when employers block or put limits on what their employees can do, does it really solve the problem? For example, being overly aggressive with Web filtering controls can drive employees to install anonymizers designed to circumvent URL filtering.
An estimated 19 million people in North America play fantasy football according to the Fantasy Sports Trade Association. In the past 48 hours, more than 2500 Twitter messages (or “tweets”) were sent out regarding Tom Brady and his injury. In the same 48 hour period, nearly 800 individual blog posts were made referencing Tom Brady. Facebook has 225 fantasy sports applications available to its subscribers and over 500 groups alone for fantasy sports. There are countless others available on sports sites, Yahoo and other Web properties.
A recent study referenced by NBCSports suggested that fantasy football could result in as much as $500 million dollars of lost productivity per week. I think we’d all agree that employees are capable of wasting time in several ways. Talking on the phone to friends and smoke breaks are two that come to mind, so I’m not suggesting that if you lock down fantasy sports you’ve solved your productivity issues.
In my opinion, online fantasy sports don’t cost American businesses a dime. In today’s work environment, some amount of personal, online activity is acceptable. However, IT professionals need to maintain visibility so they can make decisions about what should be controlled and to what level it should be controlled.
Is it time for HR to call an audible? After all, it’s not just a network or security issue any more. It’s a business issue and an employee morale issue – and I wonder if HR may have to help re-write the playbook?