Phil Vasic, Australia and New Zealand manager, Websense, talks to CRN.
'For a number of years, the security industry built effective defences from security threats using technologies including firewalls, anti-virus software and intrusion prevention systems.
However, today the majority of security threats have moved to the Web instead of through e-mail and attackers' techniques have matured. This shift, coupled with the proliferation of collaborative Web 2.0 sites, has changed the threat landscape and the way businesses need to think about security.
More and more businesses are starting to use Web 2.0, i.e. those sites with dynamic or user generated content. A recent Websense survey found that 95 percent of businesses already allow access to some Web 2.0 sites and applications in the workplace.
The same survey also revealed that 75 percent of IT managers felt pressured to allow more access to more types of Web 2.0 technology. It's clear that simply blocking access is no longer an option.
It used to be commonplace for businesses to block sites or lock down access entirely, believing that the freedom to check personal email or visit a favourite site to catch up on news or gossip meant a less productive employee.
Not only is that attitude actually counterproductive, the idea of productivity slipping due to more open access to the Web is a red herring. About 37 percent of IT managers admit that their users try to bypass their company's security policies anyway.
So, a happy 10 minutes checking email is clearly better than spending hours working out how bypass the system.
Encouraging productivity, helping the business
The workplace today is significantly different to how it was five, even two years ago. The lines between work and play have blurred, and a happy employee is a productive one and is seen as a key to success. This is especially the case in the current economic climate as workers are being asked to contribute more towards productivity for less in return.
About 57 percent of IT managers believe that Web 2.0 is not just a "nice to have" but necessary to their business.
With Web 2.0, companies can interact with their customers, employees are encouraged to exchange ideas with one another more cohesively, and employees who telecommute can also benefit from the Web 2.0 platform.
Sites such as Twitter, Facebook, Blogger and other Web 2.0 applications, previously thought to be used only for personal interaction, are now increasingly used for professional reasons.
New research from Frost & Sullivan has revealed that Web 2.0 solutions are being used by companies more and more to cut costs and stay competitive in this recession-hit global economy.
Protection in a communication-rich society
Blended threats are on the increase and it's often the most popular and trusted sites and search engines that are targeted by attackers.
However, simply blocking access to certain sites won't help the company stay safe and it is counterproductive.
Malware is a real issue today because most people don't know what they have to do to keep themselves (or business) safe.
Does the average employee know about drive-by Trojan horses?
Do they know not to click on every link they see or receive in an email or to check they're not being redirected to an undesired page? Do they know what phishing is? Do they need to know?
Indeed, recent research has revealed that there are a still a great many people who are not clear on what Web 2.0 sites are or how Web 2.0 threats are realised. Many are also unaware that the top 100 most popular sites hide the majority of malware.
Employees expect their company to keep them safe and have adequate protection in place. They expect to carry out day-to-day office life without thinking about malware or data leaks.
The IT department plays a crucial role in protecting the enterprise and enabling a company to function to the best of its ability. These unsung techie heroes are entrusted to remain vigilant at all times; to keep the bad guys out, the good stuff in, and to stay on top of an ever changing threat landscape.
Companies don't need to limit the amount of access employees have to the Web - they need to deal with the threats more effectively.
Opportunities for the channel
By positioning themselves as experts, the channel can educate the customer so they can make an informed decision on what solutions and systems to deploy.
By offering awareness, consulting and the potential to drive down costs with managed services or hosted solutions, the channel can provide real value.
Help your customer understand where threats lie and the importance of an integrated solution which encompasses data, web and email security.
Staying patched and up to date is one obvious way for users to protect themselves, however, behavioural solutions can obviously only go so far.
Every month unknown viruses are proactively identified by the Threatseeker network which traditional AV companies lack the proactive scanning ability to detect.
A solution that automatically analyses and secures Web traffic in real-time, instantly categorises new sites and dynamic content, proactively discovers security risks, and blocks dangerous malware is clearly essential in today's sophisticated threat landscape.'