Metering Social Networking Sites At The Gateway

Posted by Randy George
March 29, 2010

Most managers have no problem with a little internet frivolity during business hours.  A personal E-mail here and a Facebook posting there can't possibly interfere with productivity on any measurable scale, right? Then there's "that guy." You know him, the guy who is on Facebook all day long. The guy who's connected with everyone on LinkedIn. The guy who tweets every detail of his day to the world. In other words, the guy who ruins everything for the rest of us.

Increasingly, IT Managers are being asked to rein in staff who lack the self-control needed to balance work and play effectively. From a technical perspective, the traditional approach to solving the problem has been somewhat Neanderthal: block social networking sites completely at the firewall. Alternatively, you can generally apply bandwidth quotas on a per connection basis to a particular site with your caching appliance, which is a somewhat effective way to police usage.

A more interesting approach, and one that I predict will become more widely used, is time-based metering.  For example, suppose you could define a new policy at the gateway using Boolean logic that says: "Only allow Bill Smith to access Facebook between 12-1PM," or, "Only allow Bill Smith to access Facebook for 30 minutes per 24 hour period."

Organizations are asking for more versatile policy enforcement capabilities in their proxies, and just today, I saw a demo of a SaaS based Web Security solution that implemented this very feature. Politically, it's much more palatable to enforce a tough-love usage policy as opposed to breaking out the nuclear option.

If you're applying time-based or bandwidth metering in your environment, I'd love to hear more about what tools you're using to do the job, and how the policy itself is going over with your employees. Respond to the thread here and share your experience with us.

Related Reading

More Insights