Before the recent global economic crisis and the worldwide panic it sparked, spending on network security had been steadily increasing. Organizations like SANS had been sounding the alarm, telling us that cyber attacks were getting more sophisticated every year and — no surprise — so were the security resources to defend against them. And while hackers continued to hone the tricks of their trade, companies had to up the ante on IT budgets to keep pace with the creativity of cybercriminals.
But of course, as in all crises, there is irony: the current economy requires that companies reduce budgets including IT spending, just when it is needed most! Even worse, one of the products being left on the cutting room floor seems to be Web filtering.
It is unclear why companies are deciding to abandon Web filtering, but it is dangerous thinking. After all, there were and still are compelling reasons for Web filtering and the consequences of letting it lapse are dire indeed — productivity loss, increased costs of unfettered bandwidth use, getting sued by employees who are offended by someone who surfed offending content; the list goes on… It’s important because Web filtering is not just about content; it is about productivity and controlling costs. In a short time, Web filtering easily pays for itself many times over.
Times are hard, but now is not the time to let your bandwidth costs run away and give employees the keys to the Web-kingdom.
Just as a refresher, I think it is a good idea to review why we love Web filtering. These ideas are just a sample of the problems it solves:
Enforcing Your Internet Policy
Virtually every organization now has some form of Acceptable Use Policy (AUP) governing employee Internet behavior, which is certainly the first step in protection. Enforcement is another issue altogether. By letting employee Web access go unmonitored and unmanaged, enforcement can become a case of your word against the employees. It wasn’t that long ago that judgments costing millions were in the headlines. Shell Oil, for instance paid two million dollars to an employee who claimed harassment based on objectionable material downloaded by another employee. The court found in the victim’s favor – there are similar cases nationwide.
Internet Monitoring Keeps Employees Focused and Safe
Another area that is not addressed by Network firewalls is employee productivity. The opportunities for employees to waste time on the Web seem endless — job search, chat, webmail, blogging, file sharing, shopping, streaming music/video, online gaming and more. Do companies really think their employees are not going to waste time just because they signed an Internet policy? A closer examination reveals that the greatest losses are the result of employee behavior (malicious or not) – not cybercrime.
Network Bandwidth Management
The increasing demand that many Web applications make on corporate bandwidth is a problem that a comprehensive Web filter can mitigate. Managing bandwidth allows you to give priority to business related functions and, if you have a more liberal web policy, you can at least minimize the amount of bandwidth that users can consume.
You’ve worked hard to make sure you have a web security solution that keeps your employees focused and productive and allows you to manage bandwidth and enforce your Internet policy. The cost of abandoning that system is a lot worse than you might imagine. Given the opportunity, some of your employees will violate your AUP – after all, they aren’t being watched. Even worse, legal liabilities caused by unmanaged Internet access have damaged the bottom lines of more than a few companies – why take the risk?
New network security products seem to crop up daily so how do you determine what’s best for your company? Gartner and other experts would tell you to be sure you understand the total cost of ownership of Web filtering and the inestimable value it brings to your company before you make a hasty decision. That way, you’ll have an easier time of justifying why you need to continue enforcing the web security plan you’ve implemented.
What can we conclude from all this? Budget cutting is inevitable given the current economy. Network security continues to be critically important, but it’s clear that managing Web access is just as important. In the end, the risk of legal liability and productivity loss can be every bit as damaging to your organization’s financial health as any hacker attack – and much harder to predict.
{ 0 comments… add one now }