​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

The case for web filtering and web application firewalls: security | productivity | liability.

by

Risk Level: MODERATE

Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers.

Type of Threat:

Web applications and web-enabled mobile devices for convenience is a green-field frontier for hackers. Corporate defenses were never designed to block web – they just allow port 80 and block playboy.com. Ok we’re way beyond security of 1998, so now we must re-look at our gateway devices and require them to control the most important aspects of our company, including web application access, usage, monitoring, website visits, reporting and more. We can no longer standby and hope our CRM access, our database, email and more is secure.

Why this is so important:

Convenience has driven faster than our security policies. Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers. We must remember internal threats are dangerous for three main reasons;

  1. We trust them (authorized users)
  2. We don’t typically monitor them
  3. We give them access to everything.

End users and executives alike have a limited time with an organization. The best practice is to realize that loyalty is not what it used to be, and to get serious about a policy, then employ technology to ensure the data and assetts are protected. When people are conntected to the web or even their web mail, the natural belief is they can “send” important documents to their home email, from their home email, to “work” on it remote. That activity just lost your entire database of customers. Hopefully they dont work for a competitor in the future….

Liability has gone up? You bet!

Giving someone an ipad is enough to cause liability. Imagine them at home accessing things they should not with a copmany resources. Guess who’s fault it is? Yup – it’s the companies. Now imagine an employee downloading music and movies on a corporate owned system through open ports the traditional firewall/filter combos cant block. Again it’s the fault of the company. The third point brings up someone losing their laptop, which happens to have customer information. This happens all the time and brings hundreds of thousands of liability dollars, apologies, letters of shame, identity theft issues and more. Again, the companies responsibility and liability.

How to mitigate:

A couple easy ways; First you need a usage policy defining what can be accessed and what is inappropriate (BorderLAN can help with this template), Second a smart filter that monitors, reports and blocks inappropriate access both ON network AND OFF network on company devices or even personal devices. Third is to outline a web -app policy and procure a device to manage those apps. Think of it as a interal facing web-app firewall.

Technical Recommendations:

We recommend Appliance based Web Filtering with capabilities of controlling IPAD’s and mobile iDevices. We recommend Web Application Firewall appliances to mitigate and enforce usage policies on apps that are accessing critical and confidential data. BorderLAN can help consult with and size these appliances for your organization.

Copyright © 2012 BorderLAN. All rights reserved.
Privacy policy | Terms of service
Find us on Google+