The need for organizations to monitor and control Internet usage in the workplace should be an accepted fact of doing business in a cyber-connected world. Statistics indicating that 30 to 40 percent of Internet use in the workplace is unrelated to work issues should come as no surprise. Neither should the report that 90 percent of employee computers harbor as many as 30 spyware programs. In fact, studies indicate that companies may be incurring average costs of $5,000 per year per employee in lost productivity due to Internet abuse. Other data suggest that as much as 72% of employees are downloading music and video clips, eroding bandwidth and leaving networks open to spyware and other malicious agents.
As these dramatic statistics show, the need for organizations to manage their Internet access should be a baseline requirement. But how do organizations choose from the wide range of filters available to them? Perhaps one of the first decisions they will to make is between a software-based filtering solution and dedicated filtering appliance.
Both appliance and software-based options offer standard functionality — they monitor Internet activity, block site access, automatically enforce corporate Acceptable Usage Policy guidelines and report inappropriate behavior. However, upon closer examination, there are some important and compelling reasons to choose an appliance-based solution.
An overview of the advantages of an appliance over software when it comes to handling your organization’s Internet access include these basic five categories:
o Accuracy & Reliability
o TCO (Total Cost of Ownership)
Because software-based filtering solutions must integrate with your OS, you cannot be assured that the complexity will not cause security and stability problems. Filters that are software-based can degrade performance because they share resources with their hosts and performance degradation can increase in conjunction with load. It’s hard to scale a software-based filter because more users create increased loads on the host systems. A dedicated Internet filtering appliance uses pass-by technology to check website and IM requests against a list that is updated automatically. If the request matches a name on the list that is not allowed, a denial is sent back to the requester and no bandwidth is utilized.
The dedicated resource of an appliance and its pass-by technology will prevent network slowdowns as well as single-points of failure on the system. The accuracy and reliability of an appliance-based Internet filter is maintained through fluid updates to the system. Software has to ‘check’ every single request, creating a bottleneck that it is a single point of failure. If the bottleneck becomes overwhelmed or crashes, no Internet traffic will be able to pass into or out of the company.
In terms of time and cost, a dedicated Internet filtering appliance requires less maintenance than a software-based filtering system. The database is maintained on the appliance filtering device, where it can be updated automatically with new sites, protocols and even port activities in order to block port-hopping servers. Software filters require manual updates and again, require all traffic to travel through that one single point of failure.
The cost of maintaining both is measured by what each type of service provides. While investing in an Internet filtering appliance may not be feasible for a very small company with only a handful of employees, software based programs are not scaled for handling large loads. The costs of failing software filters are more likely to impact a company’s revenues than the investment in an Internet filtering appliance.
The ultimate task of a Web filter is to filter both incoming and outgoing Internet traffic. The Web filtering solution you choose must be able to protect employees from visiting sites that do not match the Acceptable Usage Policy while also protecting the company from the financial, legal and security ramifications of employee Internet activity. An appliance-based Internet filter protects a company’s assets, reputation, employees and their bandwidth in one package.