Business today would grind to a halt without the applications users all consider a normal part of everyday life. More than simply automating and streamlining organisational processes, software allows people to share information quickly and easily, improving productivity and the speed of doing business.
When exchanging information within a company, data security is fairly easy to implement and maintain. When the Internet comes into play and users add the newer generation of consumer and social media applications that have found their way into most organisations, businesses now have additional security threats to deal with.
"Consumer-driven or Web 2.0 applications have unleashed a new wave of Internet-based technologies that can easily penetrate and circumvent traditional network security barriers,” says Alan Rehbock, sales and marketing director of Magix Security.
“New communications tools, such as Instant Messaging, Facebook, Twitter and Skype, among others, have already achieved widespread penetration into organisations, with or without the knowledge of management.”
Web 2.0 applications are built on openness and accessibility, make enforcing data security policies far more complex. Additionally, many businesses have no way to detect, much less control these applications, increasing the potential for intentional or accidental misappropriation of confidential information.
“In order to prevent data loss and mitigate new threats, organisations must be able to effectively control legacy applications as well as the new breed of Web 2.0 applications,” adds Rehbock. “Companies simply must be able to detect, monitor and control application usage and traffic at gateways and at endpoints.
“In addition, an association must be made between the application and the end user so that proper access rights can be assigned to specific people. Fortinet Application Control, for example, is a security solution provided by FortiOS that can detect and restrict the use of applications on networks and endpoints based on classification, behavioural analysis and end-user association.”
Rehbock notes that the following are some features IT managers need to look for to secure application use in their organisations:
* They must detect Internet-based applications that run in browsers and are often hidden from traditional firewalls.
* Application control lists that allow, block, monitor or shape network traffic from a list of applications are also non-negotiable.
* The system must associate users with applications, enabling single sign-on and application control capabilities.
* Application traffic shaping allows administrators to limit or guarantee the network bandwidth available to all applications or individual applications as specified in the application list.
Organisations can no longer afford to ignore Internet-based applications in their network environments because employees, partners and contractors will continue to demand access to them in order to stay connected and maintain productivity, which can in turn increase threat levels.
A security solution that provides complete content protection, including application detection, monitoring and control is needed to discover threats embedded in Internet-based application traffic and to protect against data loss resulting from inappropriate use of Web 2.0 applications.