I recently visited a company that had banned the use of instant messaging (IM) in the workplace. To make sure the ban would stick, the IT team used functionality within its web filter to block popular IM clients.

A few weeks after the ban started, a company director, walking through the office, noticed
several employees looking intently at the bottom right hand corner of a distinctive blue and white web site.

He learnt that with the removal of the standard IM clients, staff had quickly swapped to use the IM tool integrated in Facebook and were carrying on IM conversations as if the ban had never happened.

This story illustrates a real problem with web security. There are few web security policies that people cannot get around if they want with a little consideration and ingenuity.

Rapid development of flexible, interactive web applications, Web 2.0, has made skipping over traditional security measures much easier. What is to be done? As with many IT security issues, the answer is procedural as well as technological.

There are many scenarios in which Web 2.0 tools can be useful to business operations. Before reacting negatively, management ought to evaluate if and how new tools can provide benefits to the company.

If the benefits they find are significant, the company would be better off attempting to find ways to encourage the use of those tools in that context. If a blanket ban of genuinely useful tools is put into effect, end users are likely to consider the negative policy irrational and try to work out how to bypass it.

A more positive attitude to adoption of useful new web applications does not come without risks. Given the human ability to make mistakes, guidelines about acceptable usage should be publicised and be backed up by a technological enforcer.

However, with the never-ending development and launch of new web applications, finding a suitable security product is something that can be easier said than done. No sooner has a company found a tool to manage and secure its employees’ use of IM than another application appears.

In May 2008, analyst group IDC introduced a new security tool category, eXtensible Threat Management (XTM). Some security vendors identify new threats and rapidly integrate protection into their solutions ­ extending the protection available.

The beauty of XTM solutions is that users receive extended protection as a software update, which automatically integrates into their security infrastructure and is managed through the same interface.

This makes the use of the latest web applications as secure and easy to manage as it is possible to be.

The channel can help customers concerned about maintaining web security to assess whether or not the latest web applications can increase their business efficiency.

If they can, the channel should steer companies away from reactionary blanket bans and work out how to let employees have secure access to them.