Left uncontrolled, employees with unrestricted Internet access will waste time and open the network to viruses, spyware and other security problems. But you can't simply unplug from the world. Here's a guide to setting appropriate use policies, selecting and deploying security technology, and navigating ethical and legal concerns.
Internet access is an undisputed business necessity these days. Managing that access is essential for all businesses -- especially with today's increasing regulatory requirements. The good news is that software and hardware solutions to block, monitor, or otherwise control employee Internet access have never have been better, but they must be balanced with legal, ethical, and related employee morale issues. This is a tightrope that IT must learn how to walk.
Jose Negron, technical director of Layton Technology
The Problems Of Unrestricted Net Access
Employees spend an incredible amount of time on the Internet -- and often what they're doing is totally unrelated to their job. Jose Negron, technical director of Layton Technology, a developer of IT auditing and helpdesk software, cites a recent study by Salary.com and America Online that found that employees squander an average of two hours of company time per day online, at an annual cost of $759 billion.
Productivity isn't the only Net-access issue -- unsupervised employees are a prime target for spyware. According to Frank Cabri, VP of marketing at security solution provider FaceTime Communications, spyware costs enterprises $265 per user annually. He adds that during a recent three-month period, spyware threats quadrupled, and that recent polls show that two-thirds of IT managers name spyware as the top threat to their network security.
There's also a growing variety of apps -- including those for instant messaging, peer-to-peer file sharing, IP telephony, and anonymizing -- that employees can readily download and install without IT approval, all of which pose risk and some of which are actively malicious. FaceTime calls them "greynets." Cabri observes that such programs often evade network defenses using such techniques as port agility (jumping around among open ports) and encryption. He adds that users often don't realize their computers are being hijacked, and a malicious application may be downloaded via a seemingly harmless site.
Source: FaceTime Communications Greynets Research Study, August 2005. Click image to enlarge.
Finally, uncontrolled Net access lets employees view objectionable content that can create a hostile environment for other workers and increase your company's legal liability. Massive streaming audio and video files can also put a strain on network resources.
Important Enterprise Web Controls
What type of Internet activity does your company need to control? Blue Coat Systems' JoAnne C. Vedati offers advice:
Block rogue image searches
Audit instant messaging (IM) content
Block popups and Web advertisements, which are typically riddled with adware and spyware
Throttle bandwidth for streaming media
Strip and replace active content, which can operate without user consent or by encouraging inappropriate user action
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.