Web filtering considerations

If you've walked through any office with internet-enabled computers (read: practically every office) in the last few years, you will no doubt have noticed a bunch of people sitting on Facebook, Reddit, YouTube, Gmail or any one of a million other time-wasting websites. You may even burn some minutes (or hours, if the stats are to be believed) each day on these sites yourself.

Each hour an employee spends on one of these sites is an hour's worth of work that your boss isn't getting. Sure, on one hand, workers aren't robots that can concentrate 100% for eight to 12 hours in a row without a break. But on the other: add these hours up over the course of a year and you might find yourself with several (or several thousand, depending on the size of your company) employees’ worth of missing labour across your organisation. Hence the existence of web filtering/content blocking - products that can block access to non-work content, so your company's employees find it harder to procrastinate.

(Content blocking can also prevent various types of malware from infecting your network and it can help avoid legal troubles that stem from employees accessing inappropriate material at work. But for this article, we're focusing on procrastination.)

The basic goal of web filtering, in terms of productivity, is pretty well documented, if not well understood. Basically, you want to find a good balance between stopping time-wasting behaviours while allowing employees to access the online resources they need to do their jobs.

A recent Gartner blog sums it up pretty well.

Obvious candidates for blocking include auction, job seeking, social media, gambling, shopping, news and adult sites. But your company's specific needs will naturally depend on your staff's particular procrastination habits and what websites they need to use to be productive.

If yours is a small company with a few employees who all require the same access to the internet, you could get away with merely blacklisting specific sites via router settings. Check your router manufacturer's website for more info.

But, as ever, the devil dwells in the infernal spaces between details, and striking this balance proves quite difficult for many. It's no good instigating a company-wide block of Twitter.com if your boss is demanding more attention to a social media strategy from the marketing department. And blocking access to webmail might cause problems if you have contractors using your network, who may have legitimate need to access their private webmail accounts.

If this sounds like your organisation, you might find a more complex standalone filtering solution is up your alley. The fancier ones allow you to filter access on a per-person or per-department basis, so Brad in Accounts - who is always on Facebook and shouldn't be - can be blocked from that site, while Sally in Marketing - who has legitimate need to use social media - can be allowed access.

Finer grained blocking is available in some solutions, allowing you to filter based on the time of day, category of website and other criteria. Some solutions will provide advanced analytics, including which sites staff have been trying to get to and who has accessed particular sites. Some allow piecemeal blocking of websites - for example, allowing staff to read particular social media websites but not post to them.

There are quite a few vendors in this space, including Fortinet, Websense, Barracuda Networks, Cisco, McAfee and Symantec, among many others.

There are also political benefits to taking a more nuanced approach to web filtering. Analysts often talk about the IT department being perceived by the broader organisation as something that stymies innovation with technological bureaucracy, and the need to change this perception so IT is instead seen as an enabler of creativity and innovation.

If you do implement web filtering solutions, pre-empt problems by asking department heads before time what sites which employees should have access to. Proactively seeking to involve stakeholders may change the perception IT to that of a business-enabler, rather than an unhelpful, obstinate troublemaker that frustrates productivity.

Engendering this sort of goodwill can pay dividends in the long run, making staff and departments more amenable to the changes that IT inevitably brings.