Are we heading for Internet Lockdown?

By Greg Day, Security Analyst, McAfee International Ltd

Those with responsibility for managing appropriate use of an organisation’s IT systems have a greater challenge than ever before on their hands. Years ago, employees’ interaction with IT was limited to the few ‘techies’ working with complicated mainframes and central computer systems. Now, almost every employee spends the majority of their working day in front of a PC, and the Internet plays a pivotal role in much that they do.

One major issue that has emerged in recent years is how to manage the use of technology in businesses so that efficiency is kept at an optimum without compromising security. In today’s technology-driven world, locking down employees’ desktops and internet gateways would be almost akin to tying their hands behind their backs, as many rely on the web for almost every facet of their job. Therefore the internet, the very thing that can make us quicker, better and more productive, can also be a major headache, and with the range of applications now being legitimately used, it can be hard to understand the full scope of what is being made use of and how.

Recent McAfee research has highlighted how today’s IT managers are being tasked to manage not only the use of information technology within their organisations but also to consider the impact those technologies can have on the productivity of staff.

McAfee’s research highlights how many popular web technologies are not being blocked in organisations, although they are known to present serious issues regarding security and productivity. In some cases, these technologies have no legitimate business purpose, yet this is not always the case. Only one in five businesses in Europe block access to social networking sites such as Facebook and MySpace, despite almost half of them wishing they could, as they fear that they could spread viruses and encourage spam. This is made worse when you consider that it is well-known among IT professionals that they also present an increased exposure to security risks such as ID theft and unintentional exposure of sensitive information.

The situation becomes even more complex when looking at applications that, despite posing a risk from a security perspective, can also have a valid use within the business. Instant messenger and web mail are two prime examples of this and as a result, restricting access to these technologies is not as simple as it may seem. This is where employee education, helping staff to understand and prevent security threats, and policies defining acceptable use of technology on corporate systems must come into play.

IT decision makers often have the difficult job of making a choice between what they know are serious security threats and other business priorities such as productivity and employee morale. Usage policies can bridge the gap between what IT departments would ideally like to block and what is functionally realistic.

McAfee’s research also highlights that the top potentially risk-laden sites blocked by European IT managers are Internet dating (36%) and music downloads (36%). These certainly fall into the category of technologies that limit productivity but can also increase an organisation’s exposure to security threats, and are therefore clearly more straightforward to identify as “blockable”. Attitudes towards restricting access to different technologies varies considerably across Europe, with Sweden proving to be the most lenient, with 57% of IT professionals not limiting access for their employees, while in the UK, only 28% of IT departments allow employees to roam free on the Internet.

In conclusion, today’s workplace has seen a major blurring of the lines between the personal and professional. In many cases, this is a positive evolution but it should never put a company at risk. IT professionals clearly have the difficult job of balancing the security needs of a business and the functional requirements needs of the workforce, but putting fair usage policies in place and educating people on how to be safe on these sites is the most realistic option.

McAfee International Ltd is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th – 30th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk

Courtesy: Infosecurity PR
<>