Left uncontrolled, employees with unrestricted Internet access will waste time and open the network to viruses, spyware and other security problems. But you can't simply unplug from the world. Here's a guide to setting appropriate use policies, selecting and deploying security technology, and navigating ethical and legal concerns.
Internet access is an undisputed business necessity these days. Managing that access is essential for all businesses -- especially with today's increasing regulatory requirements. The good news is that software and hardware solutions to block, monitor, or otherwise control employee Internet access have never have been better, but they must be balanced with legal, ethical, and related employee morale issues. This is a tightrope that IT must learn how to walk.
Jose Negron, technical director of Layton Technology
The Problems Of Unrestricted Net Access
Employees spend an incredible amount of time on the Internet -- and often what they're doing is totally unrelated to their job. Jose Negron, technical director of Layton Technology, a developer of IT auditing and helpdesk software, cites a recent study by Salary.com and America Online that found that employees squander an average of two hours of company time per day online, at an annual cost of $759 billion.
Productivity isn't the only Net-access issue -- unsupervised employees are a prime target for spyware. According to Frank Cabri, VP of marketing at security solution provider FaceTime Communications, spyware costs enterprises $265 per user annually. He adds that during a recent three-month period, spyware threats quadrupled, and that recent polls show that two-thirds of IT managers name spyware as the top threat to their network security.
There's also a growing variety of apps -- including those for instant messaging, peer-to-peer file sharing, IP telephony, and anonymizing -- that employees can readily download and install without IT approval, all of which pose risk and some of which are actively malicious. FaceTime calls them "greynets." Cabri observes that such programs often evade network defenses using such techniques as port agility (jumping around among open ports) and encryption. He adds that users often don't realize their computers are being hijacked, and a malicious application may be downloaded via a seemingly harmless site.
Source: FaceTime Communications Greynets Research Study, August 2005. Click image to enlarge.
Finally, uncontrolled Net access lets employees view objectionable content that can create a hostile environment for other workers and increase your company's legal liability. Massive streaming audio and video files can also put a strain on network resources.
Important Enterprise Web Controls
What type of Internet activity does your company need to control? Blue Coat Systems' JoAnne C. Vedati offers advice:
Block rogue image searches
Audit instant messaging (IM) content
Block popups and Web advertisements, which are typically riddled with adware and spyware
Throttle bandwidth for streaming media
Strip and replace active content, which can operate without user consent or by encouraging inappropriate user action
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.