www.idc.

com

WHITE P APER Thinking Inside the Box: Benefits of an Internet Filtering Appliance
Sponsored by: St. Bernard Software Brian E. Burke May 2004 Christian A. Christiansen

P.508.872.8200

F.508.935.4015

IDC OPINION
The phrase "thinking outside the box" is often used to describe the creative process of coming up with a unique idea or process outside the norm. In this white paper, we use the phrase "thinking inside the box" to describe the benefits of an appliancebased Internet filtering solution that provides corporations, government agencies, and educational institutions with a cost-effective way of managing Internet access. This white paper describes the implementation and management issues of traditional software security solutions and discusses the critical elements that make for lowercost and easier-to-manage Internet filtering solutions. The document outlines the benefits of security appliances that focus on reducing complexity, increasing end-user productivity, minimizing configuration errors, and providing management with an easy-to-deploy true hardware appliance. This white paper highlights St. Bernard's iPrism solution and addresses the key ingredients in a comprehensive, cost-effective means for monitoring, filtering, and reporting Internet use. The security appliance market ranks among the fastest-growing segments of the worldwide IT security market. Because appliances have a low total cost of ownership (TCO), ease administrative overhead, facilitate management, consolidate support, and scale efficiently, their success is not surprising. Worldwide revenue from the security appliance market reached $2 billion in 2003. IDC forecasts that the security appliance market will increase at a 24% compound annual growth rate (CAGR) and reach $4.73 billion in 2007. Moreover, the secure content management (SCM) segment of security appliances (which includes Internet filtering) reached $379 million in 2003, representing an 83% growth over 2002. IDC believes that the market for SCM appliances will grow explosively over the next five years. We forecast the SCM appliance market to grow from $379 million in 2003 to almost $1.6 billion by 2007, representing a 66% CAGR from 2003 to 2007.

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA

METHODOLOGY
IDC developed this white paper using a combination of existing market research and direct, in-depth, primary research. To gain insight into the challenges facing various organizations and to learn more about how St. Bernard's iPrism helps address these challenges IDC conducted in-depth interviews with IT executives at companies in the banking, education, and marketing sectors. In addition, IDC met with the St. Bernard team to review its goals and tactics. This study reflects all of these research perspectives.

SITUATION OVERVIEW
Simplifying Web Filtering
Corporate IT departments continue to experience budgetary pressures with regard to proper staffing levels while simultaneously being asked to provide higher levels of network accessibility, business continuity, and most of all, security. IT managers often must manage these expanding infrastructures with relatively bare-bones staffing and resources. Given these limits, they often look for "staff-easy" solutions that require minimal human intervention and relatively little training to manage. The cost associated with training the IT staff alone can be a heavy burden for corporate IT budgets. To meet these objectives, organizations are increasingly looking to appliance-based solutions (see Table 1).

T ABLE 1
Web Filtering Critical Success Factors
Provide easy installation and configuration Single-purpose, ready-to-go appliances often deploy with a simple wireline plug-in. Unlike software deployments, appliances eliminate many time-consuming separate installation and operating system version synchronization processes. Overall, organizations can administer appliances with fewer highly trained staffers because they need not deal with system synchronization and upgrade issues. Appliances do not require IT staff to learn arcane manual commands and protocols in order to configure and monitor network security or maintain the product itself.

Offer low learning curves and a good user interface

Simplify administration

Products that enable central management of multiple remote configurations simplify administration. Moreover, the ability to handle administration tasks conveniently from a Web-based system administration console that IT staff can access from any location is extremely productive and cost effective. Users have a tendency to "experiment" with things, and the black-box approach limits the damage caused by curious users. Appliances not only improve security, they also reduce trouble calls to the help desk.

Offer less operator interaction

Take the trouble out of troubleshooting

Customers rarely have the time or expertise to troubleshoot a problematic appliance. Therefore, it is more efficient to replace the faulty system with a fully functioning machine rather than try to fix it onsite. A quick replacement strategy ensures that customers quickly return to normal operations. Moreover, nontechnical personnel at remote sites can easily disconnect the old system and replace it with a new one. Because the new system is configured from a central location, the need for technical staff members to be onsite or to travel to remote locations is eliminated.

Source: IDC, 2004

#4097

2004 IDC

Threats Associated with Inappropriate Internet Access

The value of Internet filtering, unlike that of many traditional security products, is easily understood. Protection from legal action, increased productivity, and maximization of IT assets are demonstrable benefits. However, one must be aware that Internet filtering needs differ from customer to customer depending on the type of industry in which the solution is to be deployed. With iPrism, St. Bernard not only provides organizations with a cost-effective and easy-to-manage appliance solution, it also offers a flexible and customizable solution that can be tailored to an industry's specific needs. In this paper, we examine Internet filtering from the perspective of three vertical slices of the overall market: corporations and human resources, government agencies, and schools and libraries. We look at the specific needs and concerns addressed via Web filtering techniques in each of these areas.

Threats Facing Corporations and HR Departments

Although the Internet is a powerful research tool, distractions are only a click away. Even the most benign, business-oriented searches lead users to Web sites that deal with vacation travel, entertainment, sports, news, pornography, and politics. Employees who access inappropriate Web sites drain both time and resources valuable commodities in any organization. It is not difficult to see why excessive personal use of the Web is a critical concern in corporations across the globe. Employees who visit pornographic or racist/hate sites also represent a major legal liability concern. In fact, according to a 2004 study by the Employment Law Alliance (ELA), nearly one-quarter of workers (24%) said that they or their coworkers use workplace computers to visit pornographic Web sites, engage in sex talk through instant messaging, or pursue other sexually oriented Internet activities. This finding provides clear evidence that surfing adult Web sites from the office is still a risk to organizations. Moreover, legal liability risks around employees' downloading of MP3s and full-length DVDs from Web sites are becoming a major concern. The Recording Industry Association of America (RIAA) recently collected a $1 million fine from an organization found to have copyrighted music files on the corporate network. In addition, the RIAA, the Motion Picture Association of America, and other groups recently warned CEOs of Fortune 1000 companies that their corporations will be liable for breaking copyright laws if employees use company networks to download music or movies illegally. The benefit of unclogging valuable bandwidth resources in organizations is becoming increasingly important as more Web sites offer access to streaming audio, video, FTP, and chat. Many corporate users are unaware of the network bandwidth consumption associated with listening to online music or downloading MP3 files. This type of activity not only affects the network performance of the responsible party, it also degrades network performance for all users in the organization.

2004 IDC

#4097

To help circumvent the preceding situations, the ideal solution for corporations and HR departments should offer: ! Customization and flexibility. Corporations and HR departments need a customizable and flexible solution to easily enforce their acceptable usage policy (AUP). ! Ease of installation and configuration. One of the main benefits of security appliances is that they have very few installation and configuration issues. ! Accurate database and comprehensive reporting. Corporations and HR departments require an accurate database of URLs to minimize employee complaints of false positives and reduce help desk calls. They also need a comprehensive reporting tool that is easy to use and accurate.

Threats Facing Government Entities

Productivity, liability, and IT resources are issues in government just as they are in the corporate world. Like corporations, government agencies want to ensure that employees use their IT resources only for business. Government employees who spend time on the Internet surfing for pornography or racist and hate material can expose the government to serious legal liability and expensive lawsuits. However, unlike corporations, government agencies must ensure that public funds are used appropriately by definitively specifying how public funds are spent. Legislative bodies, internal inspectors, and the media continuously scrutinize government organizations programs and expenditures. IDC believes the ideal solution for government agencies should offer: ! Strong security. Government organizations are a target of hackers; therefore, they require secure and robust solutions that can withstand hostile hacking environments. ! Reporting and auditing. Government agencies require strong reporting and auditing capabilities to ensure that government workers are not wasting taxpayers' money by surfing the Internet for personal reasons or, even worse, spending time visiting gambling and adult-oriented sites. ! White lists. Because government employees, unlike private-sector workers, typically have very structured duties, government agencies can successfully utilize white lists that allow employees to visit only specific approved sites.

Threats Facing Schools and Libraries

Over the past several years, the U.S. Congress has made many attempts to regulate pornography on the Internet. The result is an assortment of laws that are designed to protect children from materials that are considered unsuitable. The legislative action against pornography has produced various protection acts for children, including the following:

#4097

2004 IDC

! Children's Internet Protection Act (CIPA). CIPA pertains to filtering requirements for K12 schools and libraries that provide Internet access and receive certain types of federal funding. This law requires schools and libraries to adopt an "Internet Safety Policy" and install filtering technology in order to receive certain federal funds. CIPA applies to all schools and libraries that receive discounted rates for the purchase of equipment and services used to access the Internet through the E-Rate program, the Library Services and Technology Act (LSTA), or Title III of the Elementary and Secondary Education Act (ESEA). ! Child Online Protection Act (COPA). COPA offenders who make "harmful" material available to children can be forced to pay a daily fine of up to $50,000 per violation, and they could spend up to six months in jail. The federal government can also sue in civil court for up to $50,000 per day and per violation. The enforcement of COPA is on hold as the Supreme Court and the American Civil Liberties Union (ACLU) consider the First Amendment issues raised by COPA's restrictions on Internet speech. The ideal solution for schools and libraries should offer: ! Ease of use. Because of scarce resources, overextended IT staffs in many schools and libraries struggle with implementing and maintaining a complex security and filtering system. Therefore, ease of installation and maintenance is essential when providing a Web filtering solution. ! Customization. Schools and libraries need solutions that can be customized for certain grade levels and that offer different policies for staff and students. ! Low total cost of ownership (TCO). The TCO for Internet filtering is very important because most schools and libraries have tight budgets and limited IT staffs. TCO involves not just the cost of the solution but also the time spent by IT managing the solution.

ST. BERNARD'S IPRISM SOLUTION

Company Overview
St. Bernard Software Inc. is a global provider of security solutions that protect against data loss, system threats, Internet abuse, and unsolicited email. In 2000, St. Bernard Software broadened its security expertise by acquiring Internet Products Inc., an Internet filtering company with an appliance-based solution called iPrism.

iPrism Overview
iPrism is a hardware appliance that monitors, filters, and reports on inappropriate Internet access within businesses, government agencies, and educational institutions. iPrism is a true hardware appliance that provides IT professionals with an easy-touse, comprehensive solution for managing users' Internet access while ensuring

2004 IDC

#4097

enforcement of an organization's AUP. The five most important characteristics of appliance-based solutions are: 1. 2. 3. 4. 5. Optimized for single-application Web filtering A true appliance with a hardened operating system for optimal security Automatic updates for database, operating system, and software Easy to install, configure, and maintain for decreased TCO Self-contained solution (no additional hardware or software required) to be full featured

Completely self-contained and transparent to end users, iPrism can be installed into a network without any additions to workstations or installation of software. The most common and easiest way to deploy iPrism is as a transparent bridge. When iPrism is configured to operate as a bridge, it is generally deployed between the firewall and internal network. In this configuration, iPrism transparently bridges all protocols between its interfaces. As a bridge, iPrism requires only one IP address, which it applies to both of its interfaces, as shown in Figure 1.

FIGURE 1
iPrism as a Bridge

Source: St. Bernard Software, 2004

#4097

2004 IDC

Key Features of iPrism

iPrism offers the following features: ! Convenient administration. The iPrism solution can be managed from any workstation with a browser connected to the network. Benefit: Administrators don't have to go into the office or school to manage the device. ! Flexible enforcement options. The iPrism solution can define unique profiles for different users and groups. It can also create policies based on time of day, day of week, and category. Benefit: Because users are not created equally, groups such as sales, research, and management can have different access privileges. ! Extensive category list. The iPrism solution contains 60 predefined categories and 8 customizable categories with daily database updates. The product allows administrators to add specific sites to or exempt specific sites from the category list. iPrism's 100% human-reviewed list ensures superior accuracy. Benefit: The comprehensive and accurate database reduces end-user complaints and provides organizations with accurate filtering. ! Customizable block page. The iPrism solution enables organizations to point users to a page showing a customizable message such as the AUP. Benefit: By instantly informing users of unacceptable usage and reiterating corporate policies, customized page blocking indicates why requests are denied and possibly reduces future violations. ! Flexible overrides. The iPrism solution's real-time override capabilities allow only certain individuals to visit a blocked site for legitimate reasons. This feature is especially useful in schools, libraries, and law firms. Benefit: Overrides permit designated users temporary access to blocked Web sites (e.g., lawyers often need to conduct online research on blocked sites if they represent clients in adult entertainment or gambling industries) ! Email alerts. The iPrism solution allows administrators to set email alerts for notification when certain URLs are accessed or when bandwidth/time thresholds are reached. Benefit: Real-time alerts inform administrators of violations, allowing them to quickly take action. ! Comprehensive reporting. The iPrism solution provides dozens of customizable reports with no extra server or reporting packages required. Benefit: Different departments and management levels see reports with the appropriate level of information and analysis. ! Scalability. The iPrism solution works with F5 and Cisco load balancers to provide redundancy and load sharing options. It also provides central management so that IT departments can administer multiple iPrism appliances as though they were a single device. Benefit: Scalability ensures that filtering works well even when loads vary for larger organizations.

2004 IDC

#4097

Customer View of Appliances' Value

Our talks with iPrism customers revealed the benefits of appliance-based solutions over those of software-only products. We have categorized these elements into four sections: ! Evaluation ! Installation and Configuration ! Operation ! Future planning

Evaluation: Using Appliances to Lower IT Costs and Simplify Management

Because IT budgets are so stretched at many organizations, customers wisely focused on reducing administrative costs (i.e., the time salaried personnel spend on management tasks), not hardware and software purchase costs.
Software Versus Appliance-Based Solutions

On the surface, the repurposing of existing hardware and operating systems would seem to save money. However, IDC believes that this situation creates an inequitable trade-off. In other words, the cost savings from reusing old hardware is eliminated by the IT administrative costs of uninstalling unnecessary applications, deleting old data, reconfiguring the operating environment so it is secure, and reducing access privileges to just administrative personnel. Like many appliances, iPrism's operating environment reduces administrative overhead. Because there is no operating environment licensing fee with iPrism, IT departments do not have to deal with licensing issues, upgrades, and patches from a third-party vendor. An advertising agency summarized the appliance benefits as follows: "I would give it [iPrism] an A for ease of installation, management, and setup. The depth of coverage is definitely an A. Across the board it has been an awesome appliance. It really was painless."

Installation and Configuration

IDC believes ease of installation and configuration are key benefits of security appliances, and our discussions with iPrism customers reinforced this belief. Customers commented to IDC that iPrism's physical installation was "trouble-free." Moreover, iPrism allowed for easy configuration options to suit the varying needs of different organizations. The key to an effective Web filtering solution is the ability to configure the solution to fit a customers unique environment, as there is no one-sizefits-all solution. Simply turning on and blocking out of the box can result in high help desk calls and initial employee dissatisfaction. iPrism provides the flexibility and adaptability for organizations to customize the solution to meet their individual needs.

#4097

2004 IDC

Facilitating Reporting and Auditing

The majority of customers we interviewed said that they collected data before turning on the blocking. This makes the reporting feature critical to the customers' evaluation process because the reports essentially guide their initial policy creation. Because Web filtering is often a partnership between IT and HR, the reports must be easily understood by all parties. Moreover, senior management often wants to see the results as well. Therefore, reporting must supply graphical output that can accommodate their requests for high-level and detailed views of employees' Web browsing. All HR-related information is sensitive and may be the subject of litigation (e.g., contested disciplinary actions or wrongful dismissal suits); therefore, IDC believes reports must be protected from unauthorized access or changes. iPrism provides this protection by allowing the administrator to delegate access to run and view reports only to specified people in the organization. The flexibility of reporting is highlighted by a midwestern school district's need for auditing in an unusual situation. A number of teachers in the school district participate in virtual race teams, including NASCAR. The superintendent was concerned with the amount of work time being spent on these hobbies. Using iPrism, the school district was able to track employee activity and report on this activity on a daily basis. The IT administrator for the school district told IDC, "We found that some people were spending 4 or 5 hours a day [on these virtual race team sites]." Equipped with this information, the school district was able to tackle and resolve the problem. The reporting was accurate and easy to use, with the IT administrator remarking that "having those reports sent to my email box makes it even nicer." In this case, not only was the IT administrator happy, but the superintendent also appreciated his efforts. An advertising agency pointed out the need for good reporting so that IT could report to HR and tune iPrism: "The [policies] we have been able to self-define have been great. We can tweak [the reporting] and find out things that we needed to see in order to take numbers up to HR." In particular, management personnel at the agency appreciated the detailed reporting and the amount of information they were able to gather during their 30-day evaluation period. They stated that being able to sort by type of site as well as by usernames was extremely helpful. Reporting was essential to the IT administrator, who further commented, "The reporting was very solid."
Easing Customization

After monitoring and evaluating users' Internet usage, companies must then address the next major step: policy creation. Policy creation is an iterative process that evaluates the early reports against business units' individual needs. Customization is needed to handle the many policy creation issues. For example, several education IT administrators pointed out that a commercial filtering solution with a "one-size-fits-all" configuration doesn't work for them. iPrism gives organizations the ability to add sites to and/or delete sites from the iPrism database as well as create custom categories.

2004 IDC

#4097

A bank indicated that iPrism required very little customization. The network administrator at the bank told IDC, "We just checked off certain groups of Web sites that we wanted to eliminate, such as sports, gambling, games, etc." Moreover, many organizations also want the ability to set custom policies depending on the time of the day. For example, organizations may allow employees to visit nonbusiness-related Web sites during their lunch hour. The same bank said that it allowed everything to go through at first to provide a baseline of what sites were being accessed. Armed with this knowledge, the bank was able to configure iPrism to allow its employees to access the most popular sites only during certain times of the day.

Operation
Keeping the appliances and Web filtering running consistently and reliably is crucial. This means reducing downtime to a minimum and ensuring that failures are quickly resolved.
Managing Remote Sites

To further simplify network management, Web-based management interfaces enable IT to manage these appliances from any location. One IT administrator reported that he was still able to administer his iPrism appliance when he was out of town, which he felt was a particularly important benefit. Administrators do not have to worry about software or database updates because they are automatic with iPrism. All these features lead to streamlined, centralized administration that reduces complexity and travel to individual sites.
Minimizing Downtime and Support Issues

Small and medium-sized firms just don't have the time or resources to deal with complex support issues. IDC believes these firms like appliances because they want one vendor and "one throat to choke" when things go wrong. Downtime is especially loathsome for any IT manager, but small and medium-sized companies often can't afford highly available systems. In the event of failure, customers want a rapid fix or replacement. Several IT administrators said, "[Our iPrism] hasn't had any downtime at all." One education customer felt confident that the failure of one box would not cause any problems: "Since St. Bernard has a 24-hour replacement policy, if it does go down, I can have one here the next day." When we asked the IT administrator at a regional bank in the western United States whether or not appliances have any specific benefit over software, he said, "I need something that I can completely rely on. If I have any issues with the [iPrism appliance], I know I can just call the manufacturer and they will support me from the screw to the software. I don't have to worry about a hard drive or a CPU or something like that going down. I feel that an appliance has big advantages over a software-only solution [in ease of maintenance and support]."

10

#4097

2004 IDC

However, customers like it even better when support is not needed. Several IT administrators commented, "Yes, once you get it [iPrism] all set up and configured, you can pretty much just leave it alone. You don't need to baby-sit it, which is nice." Because appliances are integrated at the factory by a single vendor, they tend to cause fewer problems, and the appliance's single-vendor solutions mean that support questions are handled quickly and completely. Overall, iPrism customers rarely had support problems and felt that any problems that occurred were handled efficiently.

Future Planning
Planning for the future is a broad topic, but respondents pinpointed two major goals: dealing with growth in headcount and changing user behavior.
Anticipating Scalability Needs

A bank voiced concern about the scalability of client-based solutions relative to that of appliance-based solutions. The bank considered several software packages, but it did not like the fact that implementing them meant leaving software on each workstation. It also had concerns with scalability. In the end, it felt that iPrism addressed both of these concerns. The bank simply stated that with iPrism "you don't have to worry as you scale." Because the bank felt it could easily add appliances for scalability, it was comfortable with iPrism's ability to support its long-term growth plans. Moreover, the bank, along with several other customers, cited iPrism's central management feature that allows administrators to manage additional appliances at remote sites without deploying additional administrative personnel.
Changing User Behavior

Modifying user behavior to reduce administrative overhead is another factor in lowering cost. When asked about iPrism's performance, an IT administrator for an advertising agency addressed this issue but also commented about user behavior and bandwidth utilization. He mentioned that iPrism keeps up with the load and added, "I haven't noticed any slowdown in traffic. If anything, since people know that [iPrism] is now in place, they are not using up bandwidth to [access disapproved Web sites]." Most customers with whom we spoke cited the reduction in bandwidth usage as a significant benefit. While they could not enumerate the benefit, customers generally view bandwidth as limited and costly. Moreover, senior management is often asked to fund more bandwidth and would naturally favor a Web filtering solution that conserves bandwidth and thereby avoids expensive upgrades.

CHALLENGES/OPPORTUNITIES
Customers were decidedly positive about iPrism. In fact, it was difficult to elicit any criticisms or challenges. When pressed, they mentioned two concerns: 1. Product range is not a current issue, but a few customers indicated that they would like a larger model in the future. (Currently, iPrism is available in only one model, although St. Bernard plans on releasing a high-performance model in August 2004.)

2004 IDC

#4097

11

2.

Storage capacity for logs is driving the need for larger appliances, not CPU. To solve the storage issue, some customers have moved the logs to other servers, but they would like to keep the logs on the box in the future. This would provide a complete audit trail in case of legal challenges. However, we believe the customers who noted this issue were probably using older models of the hardware. St. Bernard informed IDC that it had addressed this issue with a product release last year.

Opportunities
In addition to their interest in larger appliances, customers raised the possibility of integrating Web filtering with email security. Many customers indicated that they are running iPrism with St. Bernard's ePrism email security appliance, yet we found it surprising that no one asked for the consolidation of these two appliances into a single box. Overall, we believe that St. Bernard may provide this merged capability in a future product release. Given St. Bernard's position as a leading appliance-based Web filtering solution vendor and the high levels of current customer satisfaction, we believe that its future developments will accelerate the acceptance of Web filtering and email security appliances.

CONCLUSION
St. Bernard's iPrism appliance provides corporations, government agencies, and educational institutions with a comprehensive, cost-effective way of managing Internet access. Appliances combine flexibility, performance, and administrative efficiency into one box. iPrism takes these benefits and applies them to the Web filtering market. More important, it offers a robust solution that complies with midtier customers' unique requirements for simple operation, lower administrative costs, and solid support. St. Bernard has done a superb job of providing an appliance-based approach to the complexities of Web filtering. Greater content management and access control will help enterprises, government agencies, and educational institutions enable essential Web-based business initiatives more securely and easily. Overall, IDC believes the iPrism appliance from St. Bernard is well positioned to serve the broad base of market demand for an easyto-use and cost-effective Web filtering solution. iPrism is a registered trademark of Internet Products Inc. Internet Products is a wholly owned subsidiary of St. Bernard Software Inc.

Copyright Notice
External Publication of IDC Information and Data Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2004 IDC. Reproduction without written permission is completely forbidden.

12

#4097

2004 IDC