Manage Learn to apply best practices and optimize your operations.

Will an application usage policy best control network bandwidth?

When it comes to speeding up the network, what works best: policy or technology? Both are important and should be used together, says expert Michael Cobb.

According to research from Palo Alto Networks, nearly half of all bandwidth within corporate environments is consumed by personal applications such as YouTube, peer-to-peer file sharing and various other consumer applications. Is it better to control this with technology or with an application usage policy? What's more effective?
At the end of the day, you will need both technology and policy. An acceptable application-usage policy can state which of these applications can be used, by whom, and for what purposes, along with strict guidelines about what information can be shared using them. Awareness of this policy should be part of staff training so that everyone understands the purpose behind the rules, as well as the potential risks involved in using third-party tools. Employees should be required to sign off on their awareness of, and agreement with, the guidelines and policy.

If you want to keep your network free of certain applications, such as Skype, your policy must clearly state that...

they are prohibited. It must also present the penalties for any employee found using them.

It's always helpful to state why certain rules and restrictions are in place. Use of a particular application, for example, could slow down the network for essential tasks and communications. I'd back this up with graphs or statistics showing the effect certain apps have on the availability of bandwidth. People are far less likely to circumvent or ignore policy rules if they understand the logic behind them.

Just having a policy, however, is not enough. To make policy enforcement the norm within an organization, you must be able to detect and punish violators, and this requires technology. There's an abundance of products to choose from that control users' network activities. I personally like Web security gateways, such as the Web Security Gateway from Websense Inc. Deploying this type of technology, along with sensible rules, will manage your data and control employees so that your organization can benefit from social networking tools while avoiding many of the dangers. A tool like Microsoft's Windows SteadyState can also help system administrators control what users can and can't do, such as access programs, configuration settings, removable storage devices and websites.

A security policy is essential to manage how enterprise resources, like bandwidth, are used as it's the document that binds all of your security controls together, making sure they complement and strengthen each other. Failure to enforce your policy and apply the stated penalties, however, will render it moot. This is why you need to back it up with technology to not only monitor any misuse, but also to preempt any attempted misuse, either intentional or through simple oversight.

For more information:

  • Read more "Ask the Expert" responses from application security expert Michael Cobb.
  • This was last published in August 2009

    Dig Deeper on Web application and API security best practices

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.