This memo is in response to your questions concerning enterprise censorship in an attempt to get more productivity out of the workers. I am in favor of these measures, as blocking unwanted or untrusted websites is a great way to prevent targetted infiltration, or falling prey to an automated bot net. But before you make any decisions, let me tell you more about content filters.
There are many types of internet filters, some that protect an organization from outside spam emails, and others that prevent websites from coming into a network. This is the most common type of web filter, primarily censoring content that is not business related, like pornography or other forms of entertainment.
The filtration systems ensure employees are not wasting company resources, namely time, on inappropriate material. As such, they can ensure your employees are utilizing web traffic to the betterment of the company. However, you cannot ensure the effectiveness of this maximization of resources. Another unfortunate truth to content filtration systems, is the extensive configuration involved in installing, updating, and calibrating the rules that allow or deny access.
These systems are regulated by lists. In these, a technician will need to update these lists of unacceptable destinations or restricted email sources. There are newer, and more expensive systems that update automatically, similar to the nature of antivirus programs. These leaves content regulatiuon to the vendor, which they update via key phrases like “Sex” or “free ipad”. Naturally, content creators look to bypass these phrases, and don’t include them in their sites, creating additional woes for content filtration. Furthermore, many of these remotely regulated lists do so for a subscription, with little to no guarantee that everything will be blocked. By keeping these permissions out of our control, it’s also possible that we will be restricted from content we wish to view, but lack the permissions to allow.
Therefore, a popular solution to content filtering risk is the “that which is not permitted is forbidden” approach, that blacklists everything, and only allows access upon request. This is my favorite approach, and utilizing this method is the surest way to harden our company networks, but I believe you should consider voices in opposition to internet filters. Here is a list of textbook examples of the drawbacks to content filters:
- Tools are not human and thus cannot simulate the more creative behavior of a human attacker
- Pattern recognition, can only protect against known issues,
- Tools are made by people and subject to human error
- Tools are programs, and can error our malfunction, cause incompatibilities, or even provide vulnerabilities through patches.
- Some governments agencies institutions and universities have established policies or laws that protect the individual users right to access content, especially if it is necessarily for the conduct of his or her job. There are also situations in which an entire class of content has been proscribed and mere possession of that content is a criminal act – like many forms of pornography.
- Tool usage and configuration must comply with an explicitly articulated policy as well as the law, and the policy must provide fro valid exceptions, this mandate prevents admins from becoming arbiters of morality as they create a filter rule set.
There are many benefits to content management systems, and as you can tell, these benefits all come with their own costs, not to mention the actual cost of the software it self, which comes at absolutely no guarantees. In many instances, proper management should be sufficient to quell unwanted browsing habits, but with our number of employees, I believe a draconian content filtering system that prohibits all that is not permitted would be the safest approach.