Attacks pushing Web controls

Significant debate has recently been given over to the topic of whether or not younger workers will eschew jobs at companies that attempt to limit their access to popular Web sites and online applications, but some companies are already responding to rising security threats by blocking their employees from using work machines to move about the Internet freely.

Large financial services companies have been known to enforce strict controls over the range of sites that their workers are allowed to visit for years, banning everything from Web mail sites and file-sharing systems that could be used to steal data, to sports and entertainment sites that are viewed as potential drains on user productivity.

But some businesses outside the high-security, strictly-regulated financial industry are following suit merely to keep malware from clogging their computers and to protect sensitive data from falling prey to the keyloggers, Trojans, and other threats that are increasingly being distributed via infected Web sites.

Security vendors are marketing the technologies used to ban sites, online programs, and messaging systems as "applications control" tools.

Some end-users say that they have been shocked at how long unfettered Internet access in the workplace has been allowed to exist as common practice.

"I'm actually surprised that applications control hasn't become a larger concern for more companies. To their own detriment, companies have sacrificed security for employee preferences," said William Bell, director of information security at ECSuite, a maker of e-commerce software. "We see our company resources as a means to performing work, although we care about our employees, we want them to be as productive as possible and to ensure that we're protected as an organization."

ECSuite gives its approximately 400 workers access to Webmail, but it has limited access to other sites, including file-sharing systems and social networking tools.

The company isn't as concerned with losing credit card data or other sensitive information over the Web, based on its use of other technologies aimed at that issue, as it has been bothered by the rising cost and related headaches of trying to keep its machines clean from malware.

ECSuite is using Lumension's Sanctuary Applications Control technology, which can be utilized for everything from URL blocking to preventing the installation of instant messaging clients and other Web-borne software.

After limiting Web access in its call centers, the company saw a 74 percent reduction in the amount of computers it needed to replace compared to the number of devices it had previously been losing to malware attacks.

Bell said that the results of adopting applications control have been dramatic.

"We were replacing computers right and left, our anti-virus system was catching attacks, but so much was still getting through that was causing a lot of hours spent replacing images, and it was a situation that just wasn't working for us anymore," he said. "People want to have as much control of their computer as possible, but whether they need or not isn't clear."