Menu
SECURITY CLINIC: Net costs and benefits

SECURITY CLINIC: Net costs and benefits

The Internet offers significant benefits - better customer relationships, faster product development, reduced application costs and lower training requirements.

But as the volume and complexity of e-mail and Internet traffic rapidly increases, and as both become integral components of work and personal lives, organisations increasingly have to protect their network and business integrity.

In a recent Saratoga Institute survey, nearly 70 per cent of companies had more than half their employees online and 97 per cent of all companies have reported abuse of the Internet by employees. Sixty per cent of that improper use was serious enough to warrant disciplinary action and 30 per cent of organisations have dismissed employees because of inappropriate Internet-related activity. Saratoga estimated lost productivity for a 1000-person company would cost the business $5 million a year. Australian modem maker NetComm estimates the Internet is responsible for $1 billion in lost productivity each year in Australia alone.

Content security solutions help organisations deal with the transition to an Internet-based economy and the associated threats. The content security market is made up of e-mail and Web- scanning products, and Malicious Mobile Code (MMC) products. IDC predicts the former sector will grow from $52 million in 1999 to $873 million by 2004, with the Asia-Pacific region experiencing the highest growth.

According to Content Technologies' sample survey of its 6000 customers around the world, viruses topped the list of Internet security threats.

Many people think viruses are exclusively e-mail related and that surfing the Web is comparatively safe. In fact, Web sites can be more of a threat. While a user is visiting a site there's an active link between them and the site through which malicious code can be downloaded. Web sites have the added risk of "cyberwoozles", where software on the Web site explores the user's system and downloads selective material.

The Web also raises problems in protecting an organisation's confidential property. In the Asia-Pacific region, IDC pinpoints productivity and protection of intellectual property as the main drivers for the development of content security policies. Protecting an organisation's confidentiality is not a new problem. But the means of breaching confidentiality are becoming more sophisticated.

Many people still believe Web content is all "pull" and that users select from links presented to them and download content to a safe area called a browser in an anonymous way. This has never been true and there are a number of ways that corporate information can get out. Web mail, HTTPs and cookies are three ways that confidentiality can be breached through Web access.

Web mail is the most universally used of these threats. The risk is that people can use Web mail to get content in or out of an organisation, bypassing any controls on company e-mail.

Privacy debates inevitably creep into this issue. Employee advocates argue Web mail is private. Employers argue the legal and business ramifications organisations face if they do not subject Web mail to security policies are too great.

To manage these risks, businesses need to develop a clearly articulated policy on the use of e-mail and the Web by employees. The best management strategy is the "three-e" approach - establish a policy that suits the way they do business, educate the workforce about the policy and the reasons for its existence and enforce the policy. A content security policy should define what are regarded as acceptable media types for users to access, with variations for different users and, perhaps, time of day.

Yet according to a recent survey by Secure Computing magazine, two thirds of organisations either have no e-mail and Internet policy or have one that isn't enforced. One in four companies see no need to educate users and a further one in three leave it to a policy booklet.

Web threat awareness typically starts with network and infrastructure issues and grows to include the business issues, which will have a larger long-term impact on the success of an organisation.

The channel can take advantage of both aspects of content security. Firstly they can provide the technology. Security is a whole-of-enterprise solution that includes firewalls, URL filters and antivirus tools. This comprehensive knowledge of an organisations' network can lead to a broader role than security.

As organisations learn that pro-active security is about policy, not necessarily technology, resellers can provide consultancy services such as help in establishing a security policy.

Lindsay Durbin, is product marketing manager at Content Technologies. He can be reached at lindsay.durbin@mimesweeper.com.au


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments