Monitoring Your Employees' Surfing Habits
Software can help firms enforce Internet use policies.
By John B. Carrington
ONLINE pornography, gambling and hate sites -- Corporate lawyers frequently warn clients of the legal liabilities associated with unmanaged employee Internet access. But are America's law firms heeding their own advice?
With employees spending hours researching online, it only makes sense (and cents) for firms to discourage online distractions -- activity that costs American businesses $63 billion annually. After establishing written Internet access policies that mirror corporate culture, I.T. staff should research, recommend and implement employee Internet management (EIM) software to manage those policies.
In contrast to child porn-blockers or simplistic Internet filters, EIM software is designed to handle corporate and law firm needs. It can capture network Web traffic, classify Web content into work and non-work-related sites, and provide flexible management options that operate with minimal effort (such as deferring non-work-related access or allocating personal surfing time). It also offers reporting functions.
Pass-through and pass-by are two methods for filtering employee access to Internet content. Installed in a single location, pass-through EIM technology integrates with existing firewalls, caching appliances and proxy servers. This method requires Web requests to "pass through" an Internet control point (such as a firewall) to check with the EIM software prior to fulfillment. The filtering software determines whether to allow the request, and the Internet control point performs the recommended action. As pass-through technology eliminates unnecessary Internet requests, network performance is improved.
In contrast, pass-by systems sit on a single network and examine each request as it "passes by." As the technology sees a Web request, the request is checked against the Internet use policy to determine permissibility. Because they cannot influence packet delivery, systems may not filter properly under high load conditions. Pass-by technology typically is only recommended for smaller environments.
To manage Internet content, EIM products must first identify Web site content. Control lists -- also called databases -- are most common, identifying and listing Web sites in categories. Using this technique, policies are enforced by managing access to all listed URLs within targeted categories. The other method -- real-time analysis -- retrieves Web content, analyzing page text to determine the most appropriate category. In general, this technique cannot analyze pages fast enough to provide accurate, efficient performance.
Consider these factors when analyzing an EIM product database:
* Size: Does it keep up with the explosive growth of the Internet? How does it compare to other EIM databases?
* Freshness: Does it automatically update? Are updates daily?
* Categorization: How many categories are there? Do the categories let you manage similar categories differently?
* Coverage: Does it include the top 100,000 trafficked Web sites?
Basic filtering products simply block or allow access to sites, forcing organizations to either prohibit or permit non-work-related Web activity. Advanced EIM products provide additional management options, giving law firms the ability to adopt flexible Internet access policies reflecting corporate culture. For example, some EIM products enable I.T. professionals to grant employees the choice to continue access to a blocked, but work-related site, or use time-based quotas to access non-work-related sites for limited time periods. Additionally, adaptive EIM software includes reporting technology to adjust the Internet access policy based on actual employee use.
EIM products with multiple management options allow for greater flexibility in establishing access policies and providing adaptive filtering benefits. The most advanced products offer:
* Block with password override
* Time of day
* Yes lists
Monitoring and Reporting
Advanced EIM software should also include monitoring and reporting functions, helping firms evaluate employee Internet use at their organizations. Scheduled, real-time and investigative reports are most common. Scheduled reports run on a weekly or monthly basis, showing use patterns for users, departments and the company. Sophisticated products automate report scheduling and publishing.
While real-time monitoring and notification only provides a current snapshot of network activity, investigative reporting is used in cases of potential Internet misuse. The EIM product must maintain enough log information to create an investigative report for the questioned time period.
Additionally, I.T. administrators should remember the following factors when selecting EIM software:
* Consider how the product fits into the law firm's network and culture.
* Evaluate one or more products in-house. Test drive products on a non-production network to evaluate content identification, blocking and other features.
* Ask EIM vendors for other law firm references.
With Internet access being integral to law office performance, EIM software is necessary to maintain productive workers and minimal liability. By reviewing EIM product features and functionality, I.T. professionals can find a win-win product for any environment.
John B. Carrington is president and C.E.O. of Websense Inc., an employee Internet management software company.