For network managers charged with protecting precious bandwidth from an unlimited number of streaming video, radio, and social networking sites, the only firm rule is that there are no rules. It might have been enough to block streaming radio a few years ago, but today, it's YouTube, Facebook, and streaming Flash that can be culprits. And blocking them all won't work because some enterprise departments demand access to them for legitimate business purposes.
It's this constantly shifting target that has kept Vinson Berry, network administrator for Citizens & Farmers Finance Corp., on his toes.
A few years ago, that meant blocking just what he termed the three human resources no-no's: adult material, gambling, and hate sites. But his minimalist approach evolved as Internet radio began sapping bandwidth and social networking sites began affecting employee productivity.
Berry added a Barracuda Web Filter to his network and modified Citizens & Farmers' policies to reflect the latest threats to bandwidth, blocking shopping and social networking sites and cutting off all streaming media.
The effects were immediate: A business-related download that previously might have taken 15 or 20 minutes would now be completed in 10 to 12 minutes, Berry said. For a company that relies heavily on the Internet for Software as a Service (SaaS) applications and general net sleuthing (such as hunting down faulty creditors), such a reduction in latency was a major requirement.
In fact, much of the Web blocking that Citizens & Farmers Finance implemented was aimed at keeping employees focused. While social networking can definitely be a bandwidth drain, upper management was more concerned about its effects on employee productivity, and they clearly communicated these concerns to the company's 550 employees at three sites before the blocking measures were introduced, forestalling complaints that might have occurred once the new filters were implemented.
But even as these strategies sped up critical network tasks, Berry discovered that a one-size-fits-all approach wouldn't work.
For one, collections employees, working from home, discovered that Facebook could be an excellent resource in tracking down or connecting with customers. And the company's human resources department asked for the same access to pre-screen potential recruits.
So Berry used Barracuda's active directory feature to give these groups of users the Facebook access they needed while restricting the site, and other Web distractions, for everyone else. "There's plenty to do while you're at work that's work related," he said.
Of course, not all businesses have the same bandwidth management -- or even employee productivity -- concerns.
Click & Pledge has only 10 employees, but thousands of high-network-volume customers use its Web-based fundraising software. So bandwidth consumption by employees is not as much of a concern, according to Kamran Razvan, CEO of the company. Instead, he is more concerned with managing the bandwidth consumed by customers. His company uses a load-balancing appliance from Coyote Point to centrally and strategically compress data.
"We don't limit YouTube or such streaming technologies," Razvan said. "We have a huge bandwidth pipeline." But Click & Pledge does still use Web filters (in this case, from SonicWall), blocking out not only what he termed "harmful" sites but also harmful attachments of all stripes -- .EXE files, DLLs and other executable or system files are all stopped mid-track and can be downloaded on only a few quarantined computers, which can then upload them, after thorough inspection, to the corporate shared drive.
"My biggest concern is not managing network bandwidth, it's managing risk and security," Razvan said. And so when decisions are made on major networking equipment purchases and how they are implemented, it's a joint discussion involving Razvan, the security manager and the network manager.
The risk-based approach allows a lot of uses that other companies might prohibit but gives Click & Pledge more flexibility.
"Within the appliance, we can block anything pornographic," Razvan said. "But how can [we] block eBay [when] we buy a lot of stuff for our network through eBay suppliers? Do you want to block CNN? What if the market is falling?"
From Razvan's perspective, trying to stay ahead of all the latest uses, and misuses, of the Web can be an impossible task, so building a flexible infrastructure that heads off the most malicious attacks while allowing individual discretion is key.
"These days, information is everywhere," he said. "You can't say that one site is entertainment, the other site is educational. We are always reactive. We cannot be proactive."