Most companies are more concerned with blocking Web site categories, such as those labeled "adult" or "gambling," than with targeting individual Web sites, a new report notes.
When the Defense Department recently banned department personnel from visiting social networking and entertainment sites such as MySpace, YouTube, and 11 others, it cited bandwidth constraints and security concerns as the primary criteria. In the business world, however, while these sites don't exactly boost productivity, companies are much more concerned with shutting out banner and pop-up ads as well as adware likely to install cookies on company-owned PCs.
Barracuda Networks, a maker of e-mail and Web filtering technology, this week reported that the top sites its customers blocked over the past month demonstrate this trend. The top 10 sites blocked -- including Doubleclick.net, Googlesyndication.com, Omniture Inc.'s 2o7.net, Rad.msn.com, and Atwola.com -- are all related to marketing and advertising to Internet users. Meanwhile, sites like MySpace, World of Warcraft, and YouTube are still likely to be blocked by Barracuda customers, but none of them make the company's Top 20 list of most blocked sites.
Web-based content is blocked for three reasons primarily: to avoid legal liability for any illegal activity in which their workers might be engaged, to reduce the risk of malware infections, and to prevent drops in productivity that accompany access to nonessential Web content.
Although it's almost intuitive that a company would want to block any site that promotes worker procrastination, the fact is most companies are more concerned with blocking Web site categories, such as those labeled "adult" or "gambling," than with targeting individual Web sites like MySpace or YouTube, said Stephen Pao, Barracuda's VP of product management.
"Companies will block applications under the category 'streaming media' rather specifically block YouTube or XMRadio.com, although this does ultimately block access to those sites," Pao said.
Another school of thought is that Web 2.0 sites that promote social networking and multimedia content have some value to workers despite any distractions they might cause. Half of the 162 customers that security research firm and vendor Sophos polled between May 16 and 22 said that employees should be able to access MySpace and that the key message is that good productivity is the result of good management, whereas access to a wide variety of Web sites isn't necessarily to blame for poor productivity. One-quarter of the respondents to the Web-based poll were opposed to blocking access to MySpace because the effort would be too complicated and time consuming, while the rest of the respondents worried about employee "backlash" at having MySpace access taken away, meaning they might try to circumvent Web filters or try to access the site in some other way.
This doesn't mean that opening corporate networks up to social networking or gaming sites is a good idea. As end users become hip to more mainstream threats like phishing (does anyone still click on random e-mails from PayPal or financial institutions?), malware writers are building threats directly into Web sites that user frequent.
"Interactive Web sites have become a vector by which infections can occur," said Ron O'Brien, Sophos senior security analyst. In April alone, Sophos identified 245,790 Web pages hosting malicious code, and that total grows daily.
Companies have to weigh carefully the benefits of how much rope they give their users. It was once debatable whether Web-based apps like VoIP, P2P networking, and IM had any business value, yet these emerging technologies have for the most part become a good fit in today's work environments. With the right amount of foresight and security precautions, the same might someday be said of MySpace and YouTube.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.