by Ron Kaplan on July 6, 2009
Before the recent global economic crisis and the worldwide panic it sparked, spending on network security had been steadily increasing. Organizations like SANS had been sounding the alarm, telling us that cyber attacks were getting more sophisticated every year and — no surprise — so were the security resources to defend against them. And while hackers continued to hone the tricks of their trade, companies had to up the ante on IT budgets to keep pace with the creativity of cybercriminals.
But of course, as in all crises, there is irony: the current economy requires that companies reduce budgets including IT spending, just when it is needed most! Even worse, one of the products being left on the cutting room floor seems to be Web filtering.
It is unclear why companies are deciding to abandon Web filtering, but it is dangerous thinking. After all, there were and still are compelling reasons for Web filtering and the consequences of letting it lapse are dire indeed — productivity loss, increased costs of unfettered bandwidth use, getting sued by employees who are offended by someone who surfed offending content; the list goes on… It’s important because Web filtering is not just about content; it is about productivity and controlling costs. In a short time, Web filtering easily pays for itself many times over.
Times are hard, but now is not the time to let your bandwidth costs run away and give employees the keys to the Web-kingdom.
Just as a refresher, I think it is a good idea to review why we love Web filtering. These ideas are just a sample of the problems it solves:
Enforcing Your Internet Policy
Virtually every organization now has some form of Acceptable Use Policy (AUP) governing employee Internet behavior, which is certainly the first step in protection. Enforcement is another issue altogether. By letting employee Web access go unmonitored and unmanaged, enforcement can become a case of your word against the employees. It wasn’t that long ago that judgments costing millions were in the headlines. Shell Oil, for instance paid two million dollars to an employee who claimed harassment based on objectionable material downloaded by another employee. The court found in the victim’s favor – there are similar cases nationwide.
Internet Monitoring Keeps Employees Focused and Safe
Another area that is not addressed by Network firewalls is employee productivity. The opportunities for employees to waste time on the Web seem endless — job search, chat, webmail, blogging, file sharing, shopping, streaming music/video, online gaming and more. Do companies really think their employees are not going to waste time just because they signed an Internet policy? A closer examination reveals that the greatest losses are the result of employee behavior (malicious or not) – not cybercrime.
Network Bandwidth Management
The increasing demand that many Web applications make on corporate bandwidth is a problem that a comprehensive Web filter can mitigate. Managing bandwidth allows you to give priority to business related functions and, if you have a more liberal web policy, you can at least minimize the amount of bandwidth that users can consume.
You’ve worked hard to make sure you have a web security solution that keeps your employees focused and productive and allows you to manage bandwidth and enforce your Internet policy. The cost of abandoning that system is a lot worse than you might imagine. Given the opportunity, some of your employees will violate your AUP – after all, they aren’t being watched. Even worse, legal liabilities caused by unmanaged Internet access have damaged the bottom lines of more than a few companies – why take the risk?
New network security products seem to crop up daily so how do you determine what’s best for your company? Gartner and other experts would tell you to be sure you understand the total cost of ownership of Web filtering and the inestimable value it brings to your company before you make a hasty decision. That way, you’ll have an easier time of justifying why you need to continue enforcing the web security plan you’ve implemented.
What can we conclude from all this? Budget cutting is inevitable given the current economy. Network security continues to be critically important, but it’s clear that managing Web access is just as important. In the end, the risk of legal liability and productivity loss can be every bit as damaging to your organization’s financial health as any hacker attack – and much harder to predict.
by Ron Kaplan on March 29, 2009
A new total cost of ownership study from Robert Hale and Associates, a Chicago-based research firm, offers some critically important insight into Web filtering and the hidden costs that constitute an accurate TCO assessment. Total cost of ownership is a difficult measurement to make, however many IT professionals consider that their time, initial costs, ongoing maintenance and other resources are the components that make up the TCO calculation. Ultimately, the investment of time and resources upfront and on going constitute the greatest cost components.
This independent study compared three top Web filters, Websense, SurfControl and St. Bernard’s iPrism; measuring the time IT professionals spend on tasks associated with these solutions. The parameters studied included setup and installation, management and administration, maintenance and reporting. The findings were significant in that, iPrism required half the time of the other two solutions. This translates into many IT hours, which compute into thousands of dollars – hence the TCO savings from the study. Three hundred people participated in the study, 100 users represented each filtering vendor. It took the IT professionals polled a total of 480 hours to carry out the tasks required for their iPrism solution while Websense users spent 1,040 and SurfControl took 980 hours. A simple computation of $100 an hour for IT time results in savings of at least $55,000 per year for those using the iPrism Web Filter.
W) statistically significant from Websense at 95% confidence level; S) statistically significant from SurfControl at 95% confidence level and B) statistically significant from St. Bernard at 95% confidence level
- St. Bernard (Setup S.E.=2.2, Mgmt S.E.=2.5, Hardware S.E.=1.8, Reporting S.E.=1.3)
- Websense (Setup S.E.=3.9, Mgmt S.E.=4.4, Hardware S.E.=4.9, Reporting S.E.=5.2)
- SurfControl (Setup S.E.=5.0, Mgmt S.E.=3.4, Hardware S.E.=2.5, Reporting S.E.=3.2)
Note: S.E. = standard error of the sample mean for respective hour estimates. Total Hours First Year = (12 x monthly hours) + (1 x setup & install hours)
Robert Hale and Associates took measures to stratify the randomly chosen participants so they were equal – 100 IT pros for each filter, from companies of comparable size and industry, etc., for a total of 300 participants. This equity in representation makes the results even more dramatic, but looking through the study carefully, I was actually more struck by the similarities. I’m referring to the answers provided on key questions related to the Web filtering process itself — they are surprising in their consistency. For instance, when asked “Does your company have a single policy for all employees or do you provide filtering based on job function?” the answers were virtually identical. This was also true for questions “How does your company organize Web filtering?” Choices of “By Functional Group, By Location, By Management Level, By IP Address/Computer” – all were within a few percentage points of each other.
On the question “What reporting does your company perform for ongoing Web filter management on a monthly basis?” - the choices of Compliance, Exception, Bandwidth, Case Management and Special Request were answered almost identically by all participants regardless of the Web filter they are using. My point is – all the companies polled do Web filtering the same way – solving the same problems using the same best practices. That’s what makes this study so remarkable – we all manage Web filtering the same, yet the time it takes with iPrism is cut in half!
Look. I have been in product management for over 12 years managing ten products in that time. Marketing the cost savings of a product designed specifically to make the IT world simpler, easier to manage and robust are not foreign concepts to me. But the difference between St. Bernard and the other two vendors is so extraordinary that I just had to say something about it. This study provides incontrovertible proof that iPrism offers dramatically lower TCO than Websense or SurfControl. It should be required reading for anyone involved in planning and budgeting their organization’s network security.
>Read the complete TCO Web Filter Report
by Ron Kaplan on March 20, 2009
According to Time Magazine, the Australian government’s attempt to have Internet Service Providers block offensive websites from all users has backfired, leading to results that are the opposite of what the Australian Communications and Media Authority (ACMA), a government agency, expected to achieve – making the Internet safer for families and children. The trouble started when the ACMA compiled a list of sites they wanted to block, including child pornography, extreme violence, weapon-making, etc, and provided the list to ISPs to block them.
Sounds simple, so far. The trouble started when an outside source obtained the list and posted it anonymously on a site – giving those who were interested, a convenient compendium of depravity courtesy of the Australian government. There was such a huge response that the site where this list was posted, crashed temporarily from the surge of visitors. This exercise, beyond what it says about human nature – the allure of this modern freak show has precedent throughout human history, is a rather convincing argument for keeping Web filtering at a more local level — schools, companies, government agencies, et. al. and letting Internet remain unfiltered while the rest of us own the filtering role.
by Ron Kaplan on March 1, 2009
Another reminder that despite all the antivirus software out there, we are still at risk, is news of a sophisticated malware attack on the horizon. The Conficker worm, scheduled to deploy on April 1st (April Fools’ Day) is supposedly able to infect 50,000 computers a day. Microsoft is so worried that they’re offering a $250,000 reward to anyone who can tell them the author of the new malware. The lack of knowledge about how Conflicker will launch is more worrisome than what it will do. It’s apparently scheduled to “phone home” on 1-April-2009 for instructions – that is, it will start to contact the 50,000+ Web servers to which it has access. Until then, it sits dormant on an estimated 10 million computers.
According to Microsoft if your antivirus protection is up to date, you should be able to defend against most versions of the Conficker worm, also known as Downadup, but it can also infect via USB ports so users are advised to take care when accessing flash drives. Clearly, malware is not going away and neither are computer and network vulnerabilities. Keeping antivirus software updated is key but so is using multi-layered antivirus solutions on corporate networks. Does your Internet filter have an antivirus feature that is updated frequently? Don’t wait to see if Conflicker will be cruel an April Fools Joke, make sure you’re up to date now.
Update: Microsoft is keeping a blog up to date on this subject at the following URL:
http://blogs.technet.com/msrc/archive/2009/03/27/update-on-conficker-d.aspx
by Ron Kaplan on February 8, 2009
Apparently, the new stimulus package that is working its way through Congress contains billions of dollars for schools including funding for the Enhancing Education Through Technology (EETT) program. This is good news for those of us who have an interest in education technology, especially web filtering. Any spending on technology will be closely monitored and schools will be responsible for documenting their technology purchases. This highlights how important E-Rate funds have been to schools and it’s expected that the same discounts will be available under the EETT spending program. CIPA compliance will also be a vital factor and schools will have to deploy efficient and cost-effective Web filters in order to qualify for funds. If they have content filtering in place and the reports to assure compliance, there will be more money available for critical technology acquisitions. As more information of the subject materializes, we will keep you up to date.
by Ron Kaplan on January 12, 2009
One way enterprises are trying to reduce IT expenses is to use virtualization and one of the leaders in this space is Citrix XenApp. When you add something like XenApp to the network mix that requires authentication, it’s important to think about the rest of the puzzle, like making sure users will be able to access the services that they need seamlessly without having to re-authenticate each time and making sure that your network performance doesn’t degrade. Seamless authentication with auto-login will minimize the headaches of IT, keeping users from adding helpdesk tickets for authorization every 10 minutes. Virtualization is great, it saves money, energy, increases security and (hopefully) reduces IT management time. Just make sure all of the pieces in the puzzle fit together. An excellent resource on the subject of XenApp follows: http://www.xenappblog.com
by Ron Kaplan on November 17, 2008
Tennis may not be the most popular sport in the world, but for gamblers, it’s just another bet. The United States Tennis Association (USTA) recently installed web filters to ensure that online gambling sites couldn’t be accessed during the US Open tournament. With sports trying to project a clean, anti-gambling image, it’s no wonder that they are using tools like web filters to ensure that whether it’s the Super Bowl, World Series, World Cup or the US Open, they have at least tried to stop the perception that they allow gambling.
by Ron Kaplan on October 28, 2008
Gartner has published a lot of material on total cost of ownership (TCO) in last several years, and still a lot of businesses seem challenged by the concept. The most important element in the Gartner approach is to distinguish between budgeted and unbudgeted costs. With hardware and software, the budgeted costs may be just the tip of the iceberg. For instance, unbudgeted costs should include system downtime and could include employee training, system installation, deployment and day-to-day maintenance. Gartner has speculated in some of their reports that unbudgeted costs can be up to 4.5 times greater than the cost of acquisition. Those calculations are sure to give upper management pause as they consider new equipment acquisitions.
What it really boils down to and what you really need to understand before you make any acquisition is this: you can’t just look at hardware and software acquisition pricing to determine what fits into your budget. That $10,000 purchase of a piece of a CRM system could end up costing you an additional $60,000 in unanticipated integration costs, and that’s just to install it. And Gartner writes that one of the key determinants is complexity. The more complex a solution is to install, configure and manage, the more it will drive up your costs. The real demons in all of this mess are the costs you can’t anticipate.
It’s not all bad news though, because with a little planning TCO can be a reliable tool with which you manage your IT budget, resource planning and other expenses.
