Does the IT Manager really know what’s going on over the network?

Blue Coat’s EMEA marketing VP Nigel Hawthorn explores why IT Managers no longer want to police the network, but have complete visibility on what type of applications are being used.

What’s really going on……?
According to a recent independent UK survey commissioned by Blue Coat Systems, IT managers are losing control over what applications are running on their networks. Over half of the network managers questioned, stated that the IT department knows about less than 60% of the applications being run on the corporate network.

It’s scary to even contemplate the amount of valuable bandwidth capacity that is being wasted, not to mention the potential loss of productivity for the users waiting for their data when non-business traffic is using the available space in the pipe.  For too long network administrators, security managers and application experts have been locked in a battle each fighting for their own budgets that sometimes  pulls IT in different directions. Today, so many applications use the browser as the user front-end and the same IP port numbers (and often HTTPS encryption), so packet-level devices cannot identify the applications. Now just to add to the difficulties facing IT managers the growing use of business web applications such as software-as-a-service (SaaS), videoconferencing and Web 2.0 technologies, many of which look the same to the firewall and routers – and its clear that just when we need the clearest view of traffic, we are obscuring the information.

The Organisation must come first…..
For most people, the boundaries between the home and office are becoming ever more blurred. An element of trust now pervades most companies which means that contrary to popular opinion, most IT managers don't want to stop staff from using the organisation’s network for private purposes.  Allowing personal use at the office keeps users at their desk instead of going out shopping at break-times – therefore if they . spend two minutes of their lunch hour doing private stuff, they probably spend the other 58 minutes on work.
Policies nowadays need to flexible as they relate to worker productivity. But what about the effect the traffic they produce has on the network – and the performance of other more critical, business applications? Buying online instead of leaving the office may end up helping productivity, but it may well hinder the network resources available to the business. With the explosion of bandwidth hungry recreational apps like Facebook and Twitter, and with network expenditure under increasing scrutiny, you would be amazed just how much of our recurring bandwidth spend is supporting employee’s social networks or personal views. This was highlighted from the survey findings that revealed that IT managers believe that around 40% of traffic on company networks was non-work-related. This traffic competes with mission-critical traffic for bandwidth. A sensitive transaction from the order processing department accessing the ordering application is crowded out by a more aggressive video download, so recreation frequently wins. The quality of a Voice over IP call can be wrecked by an MP3 download You’d imagine that controlling recreational traffic and its impact in the business would be close to the top of the IT agenda. You’d be wrong – incredibly, most of the people we spoke to don’t realise they can identify and control bandwidth from “the web”. Constrained as the IT manager is by the port- or packet-level view that network-level tools give them, a web-hosted application, a standard web page, a YouTube video and a browser-based Oracle form may all look very similar, which makes spotting recreational web traffic and its impact on the network and the business seem unachievable.

To complicate maters, an increasing number of applications and web sites are in a grey area - used for both personal and business purposes, so it’s difficult to classify them as strictly one or the other. Popular services such as instant messaging (IM), some social networking sites and even YouTube are increasingly used by businesses, because that’s where their customers are.
Against this backdrop, at least half of respondents confessed they could account for less than 60% of the traffic on their networks. This doesn’t just pose direct cost implications for network expenses, but also raises security concerns with the threats from malware, trojans, botnets and phishing attacks. Sadly, hackers, spammers and phishers see Web 2.0 applications as a great resource, placing malware on social networking pages and employee social networking posts can inadvertently send confidential information out of the organisation.

The truth is that companies need to identify the traffic that is going across the network in order to identify the applications and behaviours that are clogging the company pipes and putting them at risk. They should then use application- and content-savvy tools and technologies to prioritise business critical traffic. Furthermore, in a time of economic woe, strong decisions have to be made that put the company first. This shouldn’t necessarily be about cutting off staff access to applications such as Facebook, YouTube, Spotify and iPlayer (as this results in dissatisfied employees); it’s about putting the organisation before the requirements of the individual.  For the IT managers, it should be less about pure numbers or service level agreements, and more about enabling the complete business process. Therefore, IT managers can potentially save the organisation money by limiting recreational use of corporate networks by staff and accelerating the business critical applications to provide the best possible balance of work productivity and efficiency. So how can the IT manager do this?

Complete Visibility, acceleration and control…..
The nature of business applications is changing fast, with most key network applications available via a web-browser front end. Network measurement is moving from simple connectivity and uptime to performance, response-time and consistency for office workers, home workers and those accessing computing services while outside the office. Organisations should therefore look to adopt application-level intelligence solutions to identify and track all traffic on the network.

When recreational applications or traffic hijack an organisations network, the IT manager may respond by increasing bandwidth capacity. But without other controls in place, throwing more bandwidth at the problem won’t solve the issue or prevent it from recurring. Indeed in many cases, it provides no improvement to the individual user. Often specifically designed to be more aggressive than the business apps they compete with, recreational applications quickly absorb the additional bandwidth while critical applications still suffer from poor response times.

A much better response would be to use the application awareness to actually drive control technology – apply and enforce service level policies that reclaim the bandwidth from recreation and use it instead to ensure great performance for business applications. Then any additional bandwidth, and indeed any additional network goodness from the optimization or acceleration technologies you invest in, go directly towards benefitting the business. By identifying and limiting the social bandwidth hogs and inspecting traffic for unknown applications entering the organisation (often malware) the IT manager can ensure response times for critical business applications will be quicker resulting in greater IT value to the business.

The good news is that there are now solutions available that can provide the level of visibility and ensure those levels of service for business applications. This capability enables the IT manager to administer appropriate policy controls to contain unsanctioned traffic, protect mission-critical applications, and optimise demanding business applications. Through simple policy-setting, this provides complete visibility and control over all the applications, users and content on the organisations network.

These policies can be as flexible as the business demands – enabling them to quickly determine which key applications to protect and where to allocate appropriate network resources. And the policies can be enforced proactively so that if, for example, response time for VoIP falls below a certain level, more resource can be shifted from the web surfing pool to solve the problem.

With this technology deployed, the organisation can manage the increase in recreational applications today, and just as importantly anticipate and protect their network – and the business processes their network investment is supposed to support – no matter what these business applications become and no matter what the next wave of recreational Internet phenomena sends their way.