Workplace internet access is now considered as mandatory, but it has its price: security risks and losses in productivity. The increasing need for greater security and efficiency requires the elimination of dangerous and unwanted internet content.
Because of this, and the increasing complexity of content security tools and their ability to be integrated into a seamless security gateway, a new category of technology has emerged, known as content security management (CSM) solutions. These CSM gateway solutions close dangerous security gaps in corporate networks, in addition to reducing annoying distractions.
Corporations and public organizations now face many challenges in managing the security of content that comes into the organization as well as what goes out. Among what must be filtered out are all unwanted and dangerous media types from the HTTP data stream, including MP3, MPG, AVI and EXE file types. Embedded objects such as ActiveX, which create security loopholes in corporate networks, also need to be filtered. Some media-type filters can also detect and eliminate new kinds of 'internet trash' that waste precious bandwidth and threaten corporate security.
Much content from internet sites, including games, sports and sex, simply has no place in most organizations. Internet access management prevents this kind of content from penetrating the corporate network; primarily by blocking URLs using extensive URL databases. Although this is very effective, there will always be some URLs that slip through the net. One CSM solution on the market also offers undesirable site blocking through real-time analysis of web page metatags.
Internet use in the workplace is fraught with legal risks resulting from criminally relevant content, infringements on the rights of minors, sexual harassment, copyright violations and data protection requirements. CSM solutions defend against these legal risks. By blocking and filtering legally questionable content, liability risks can be widely excluded.
With each web page request, employees leave tracks behind on the internet - small pieces of information that, on their own, are harmless. However when aggregated, this information can yield sensitive knowledge about the internal workings of a company. The spies responsible are known as referrers, URL prefixes, web bugs, cookies and Java scripts. CSM guards against this kind of wire-tapping.
A good CSM solution should manage all the issues discussed above by integrating a variety of filtering technologies. Internet content filtering controls and filters the internet data stream, internet access management keeps out non-relevant content with URL blocking, malicious code filtering prevents corporate hazards and employee interruptions, and internet privacy protection prevents company tracks from being left behind on the internet
Comprehensive CSM solutions also need to be able to cooperate with a variety of other security or caching solutions in the corporate network - a degree of cooperation that is only possible via open interfaces like ICAP (www.i-cap.org) and OPSEC (www.opsec.com). CSM solutions should be able to be linked with enhanced performance to products like Network Appliance's NetCache and Check Point's FireWall-1. By using the internet content adaptation protocol for example, performance can be significantly increased, because ICAP is designed to off-load specific internet-based content to dedicated servers, thereby freeing up resources and standardizing the way that features are implemented. The fact that some CSM solutions also have specific interfaces to products like Squid, the popular Linux proxy server, adds to their ability to be seamless, high performance CSM gateways.
Additionally, it should be possible to draw upon existing methods of user authentication. Different employees have different requirements for internet use. For this reason, internet access controls should also facilitate customization for specific users. Many companies may fear the high administrative costs of configuring access for each of their employees. One way to overcome this is for a CSM solution to make use of user authentication methods already in place within the company - such as LDAP, ACL or NTLM. In this way, a custom tailored internet access policy can be implemented at minimum expense.
CSM is an emerging market that reflects corporate customers' need for a policy-based internet management tool that addresses virus protection, web content, and email scanning. An IDC December 2002 report forecasts that in Europe, the CSM market is expected to outpace growth in the European security software market as a whole for the next five years. This can be well understood, as the need of corporations and public organizations for greater security and efficiency, increasingly requires the elimination of dangerous and unwanted internet content.
Kevin Thiele is U.K. country manager for Webwasher (www.webwasher.com).