ZScaler brings web filtering to the SaaS sandbox
Thursday, August 21st, 2008Many companies have enacted policies regarding employees’ web use, but with every banned site comes an added challenge: how do you enforce these policies? Comprehensive and costly software packages are the answer for large organizations, but even these often fall short of expectations. They cannot necessarily be scaled or customized for different types of users. Smaller businesses often lack the means to enforce web browsing policies at all.
As with many other forms of software, web filtering services are making their way to the cloud. A Silicon Valley-based start up called Zscaler is tapping into the power of web-based software to provide monitoring services for top companies like The Weather Channel and NetApp. However, the appeal of products like Zscaler extends far beyond companies with large, diverse staffs. IDC analyst Brian Burke said in a Zscaler press release, “SaaS is ideal for large corporations with dozens of Internet gateways, where deploying traditional point products is very expensive. It is a good fit for small businesses, which do not have enough IT staff.”
The idea is to provide more value which is easy for any business to manage. Zscaler’s website enumerates a four-tiered approach:
- Enforce business policy and mitigate risk
- Protect end-users from Web-based threats and malware
- Empower organizations with the right access to the right users
- Twice the functionality at half the price
The unique platform works by utilizing a number of interconnected servers to monitor incoming and outbound HTTP traffic from any given client’s employees. Data is collected and scrubbed from both sides, ensuring the safety of any interactions as well as the maintenance of company policy. As Zscaler’s website explains, “Web traffic leaving the customer’s firewall is automatically redirected to one of Zscaler data centers, where user policy is enforced. Web pages returning from the Internet are inspected to ensure that only clean traffic is returned to the user.” The “clean traffic” refers to malware and spybots, both of which are a source of major headaches for IT departments.
In addition, Zscaler can be set up on a per user basis, and they offer a free trial version so clients can check it out before buying. While marketing staff may need access to YouTube, the accounting team probably does not. Salespeople might keep track of contacts on social networks, but customer service representatives could be cut off from their Facebook access. The rules could also be applied across the board, such as a universal block on World of Warcraft. Additionally, since the software is hosted and managed on cloud computers, crafty IT techs would not be able to circumvent or alter the rules for themselves or friends.
A recent profile of Zscaler in the New York Times points out one of the most innovative features of the web-based software: “If Zscaler does not recognize a Web site, it can analyze pages on the fly with technology called “dynamic content classification.” So an employee does not necessarily have to be at YouTube for his employer to know he is viewing Web video when he should be cranking out that spreadsheet.” By adding smart controls to the SaaS service, employers can ensure that mirror sites are also off-limits.
By moving this type of software to the web, it gives the average employer much more control in trying to curb employee web surfing behavior. A program hosted on outside servers, while subject to outages and unexpected changes, prevents employees from circumventing company policy. Some have questioned the privacy issues involved with SaaS filtering services. Even the New York Times article wryly remarks, “it’s [the cloud’s] going to watch your every move online and tattle to your boss.”
That being said, anyone who expects web surfing privacy on a work computer is unrealistic. Our on-the-clock time belongs to our employers, and Zscaler simply found a convenient, inexpensive, dynamic, and frankly a little scary way to ensure we’re on task.
By Haley January Eckels
