A Monitoring Tool Primer
The term monitoring is synonymous with surveillance and can be categorized as URL filtering (or blocking) and Web site reporting (or monitoring). Here is a rundown on the differences between the two forms of surveillance as well as the primary vendors offering these tools, the price range, and what's next for midmarket companies in terms of monitoring.
URL filtering, or blocking. Most tools block access to a list of predefined sites or categories of sites. Want to block sports sites? Check. Porn sites? Check. Shopping sites? Check. Vendors, not CIO customers, manage updates and cull thousands of sites routinely. Any updating is transparent to customers. Customers generally have the flexibility to make exceptions to specific sites. While some sites are universally acknowledged as inappropriate and can be categorically blocked, thousands of others fall into a nebulous middle ground, such as sites that can be used for legitimate purposes at work but can also be abused, such as eBay and other shopping sites.
Web usage monitoring.Companies, which may or may not block Web sites, can monitor what sites employees go to, how long they stay and how much bandwidth they consume. More sophisticated tools allow employers to get information on what the employee viewed while accessing the Web site and determine whether that content was forwarded.
IT managers can quickly identify misuse, overuse and intent as users explore the Web. Monitoring also uncovers stealth methods to bypass filters, such as the use of on-the-fly Internet proxies, and helps organizations ensure they have closed all the gaps.
Sample vendors. Blue Coat Systems, 8e6 Technologies, Secure Computing Corp., St. Bernard Software, SurfControl, Trend Micro Inc., WebSense Inc.
Pricing. The price tag for such tools ranges from about $6.50 to more than $12 per seat per year, according to a Gartner pricing comparison for a 5,000-seat, single-year contract. Appliance vendors charge separately for their devices, and pricing varies based on the scale of the appliance and its ability to support multiple functions.
What's next. Email content monitoring and filtering for outgoing and incoming email. Driven by regulatory compliance, this is the least common practice among midmarket organizations, but it is being adopted rapidly.
"This is the underbelly of what monitoring tools let us do: see the vices that people are satisfying at work," says Myer. "In the early days of this business, on a typical sales call we'd hear people say, 'Our people aren't like that.'"
Yet while some people clearly are "like that," monitoring tools alone don't tell the whole story. Tony Bisulca can attest to that. His supremacy-seeking employee was in fact no racist, but a part-time college student researching his thesis. Bisulca called the employee immediately after learning about the worker's Web site activity and asked for an explanation. Otherwise, "I would have been shocked," says Bisulca. The employee had been on his computer after hours but was still connected to the company's VPN, which blocked him from accessing the site. According to Bisulca, as soon as he realized he was still on the VPN, the employee logged off and finished his research. There was no need for a reprimand or warning.
Defining the Rules
Experts consider Bisulca's mix of blocking and monitoring "moderate": It's more than the minimum, but not a completely locked-down environment. Bisulca, a senior security analyst at San José, Calif.-based BEA Systems Inc., a $1.3-billion software company that builds middleware products for back-end communications, blocks only the "sinful six": pornography, gambling and hate Web sites, as well as sites whose content involves illegal activities, "tasteless material" and violent content.
"We thought we'd give different access for different jobs," says Bisulca, "But legal said, 'No. It's either all or nothing.'"
What David Lewis does at his company is considered "zealous" (although he takes issue with that classification). His front-line employees are blocked from most Web sites. Unless the site is required for work, it's blocked. No shopping, no banking, no travel planning.
"I guess I considered it a no-brainer," says Lewis, who is CIO at Deseret Mutual Benefit Administrators, a $200-million insurance firm serving the needs of members of the Church of Jesus Christ Latter-Day Saints. "That's where we've been for years. I don't believe that Internet access at work is a right."
Lewis began blocking after his network manager recommended it for productivity as well as security reasons. The company uses a filtering product from San Diego-based St. Bernard Software.
Lewis has two categories of users: those who get full access and those with limited access. Full-access users -- often those who need to do research -- have free range on the Internet except for sites falling into the sinful six categories. Those with more limited access include front-line employees who don't need the Internet to do their jobs.
Lewis also monitors on an as-needed basis. If a manager suspects an employee is overusing the Internet or that there's a bandwidth issue, Lewis "goes in and looks at reports and sees where they've been." But it's not a regular practice given how much is already blocked.
This was first published in January 2007