Internet filtering affects almost all staff in every business. It is a challenge that affects many stakeholders who each have different requirements and normally falls to the information security team to interpret and implement.
While the main business concerns of filtering relate to unacceptable material, productivity and malware risk reduction, a balance can be struck between enabling access to vast internet resources and providing controls to manage company risk.
The first two methods of controlling access and measuring utilisation are achieved easily through many of the current monitoring solutions in the market. This leaves the decision to be made about which types of sites to permit staff to access -- this could be those that are business-related or others considered acceptable for personal use -- and which sites to block to protect staff from unwanted and unacceptable material.
The amount of time staff spend online and the content they view are generally simple management issues. Security should be concerned about the content that is downloaded.
Category choices are clear and unambiguous for sites that are business related, result in productivity loss, consume large amounts of network bandwidth, or are malicious. Unfortunately, statistics show that all websites should be considered potentially hostile and while providing access to the internet is not a challenge, facilitating monitoring, scanning and controlling inbound traffic is.
The greatest advantage of internet filtering technology is the ability to reduce risk by facilitating real-time malware scanning that diminishes the likelihood of malware infecting computers. The technology is complementary in the Defence in Depth strategy of network control, intrusion detection and desktop anti-malware. The real gain in risk reduction is not in monitoring ordinary network traffic, as this is easily achieved, but in interposing and scanning the encrypted SSL traffic entering the company’s network.
People have always been encouraged to trust in SSL encryption and ensure that communications are secure when transmitting sensitive information. With the interception and retransmission of encrypted traffic, it is essential that trust with the business and staff is maintained.
The important of trust in the interception of SSL traffic is evident in the types of transactions it encrypts: collaboration, social media, email, and online finance and stocks. Therefore the security of the internet filtering system and the actions of staff maintaining it must be monitored and audited. This should be done by independent third parties outside of the security team if the bespoke critical trust is preserved.
Effective internet filtering provides the business and its staff with a wealth of online information and provides access to more resources while maintaining an acceptable level of risk.
The information security team are not the moral compass of the company, but enablers of business through considered and monitored access to networks and systems.
Gossman's 2010 security report: http://bit.ly/d5qblT