By JP Blaho
To start, users increasingly are relying on Internet-based software applications to conduct business. Software-as-a-Service (SaaS) use is up, resulting in an 18 percent increase in worldwide revenues from last year to this year. Facebook use more than tripled (in terms of percent of corporate network bandwidth consumed) and Twitter use on company networks grew 700 percent year-to-year from 2010 to 2011, according to one study. And browser-based file-sharing is now found on 92 percent of company networks.
Further, there is a blurring between work and personal life. The 24/7 nature of business and the increased connectivity and availability to business applications via the web has blurred the distinction between work and personal life. With little distinction, workers frequently use company-issued desktops, laptops, smartphones, and other devices for personal use and vice versa.
Add to that the consumerization of IT, which has taken hold in most companies. Employees, accustom to the simplicity and usefulness of their own smartphones and tablets, are using these devices for work. Increasingly, companies are even sanctioning such activities through formal Bring-Your-Own-Device (BYOD) initiatives. To put the BYOD movement into perspective, consider that one industry study found that 44 percent of firms had a BYOD policy in place in early 2012 and 94 percent plan to implement BYOD by 2013.
These trends make it difficult for IT to weed out the good network traffic from the bad. For example, is a worker’s Facebook use for business or is it of a personal nature that might put the company at risk? Similarly, does a spreadsheet being shared contain information needed in an authorized transaction with a business partner or is it a collection of customer credit card numbers, accessed by an unauthorized employee, and being shipped to an accomplice for identity theft and fraud?
Traditional firewalls and network edge protection solutions such as Intrusion Detection and Protection Systems (IDS/IPS) have not been much help with these matters. They simply have not had the granularity to be able to segment traffic based on the application and the user.
However, with the introduction of newer UTM solutions and Next Generation Firewalls, network and user awareness has take a huge leap forward in being able to secure at the user level, as opposed to the port or the group level.
Such solutions help organizations in a couple of ways. First, they offer the granularity needed in today’s business environment. With a traditional solution, IT would be able to block everyone’s access to a social networking site or file sharing service such as Dropbox. However, business needs today may dictate that certain users have access to some of these sites or service. For instance, as social networking becomes a critical business tool, the marketing department would certainly need access. Similarly, a creative agency within the company might need access to a file sharing service to send advertising material out for review and approval.
The newer security solutions allow IT to designate which users or groups of users have access to specific Internet applications and services. The solutions also allow control at a more granular level. For instance, IT might let users access a chat function of a service, but not file sharing.
Most importantly, the newer solutions offer the flexibility to match the dynamic nature of today’s business environment. Specifically, using the newer security applications, organizations can quickly react to the needs of the users, proving selective access to needed sites and services, while still securing the network.