Firewalls failing to keep generation Facebook in check

Workers are increasingly using online applications like Facebook and Google Apps as collaboration tools. How can businesses keep the net generation happy at work while keeping confidential data from leaking out of the enterprise?

It's a question Sean Whetstone, head of IT services for Reed Specialist Recruitment, is wrestling with. Whetstone told silicon.com his company is concerned about online applications such as Facebook as people could potentially post material that the business may not want to be public, yet the influx of tech-savvy workers means access to these services is essential for encouraging creativity.

"Security is very important to us [but] I absolutely agree that generation Y is coming into our workplace," he said.

Traditionally, firewalls have been the watchdogs of enterprise networks but analysts believe they are no longer suited to coping with the challenges presented by web 2.0 technologies, online applications and mobile devices, which are prompting businesses to open up new ports in their firewalls for access to corporate networks.

Datamonitor analyst Alaa Owaineh said: "Many companies are starting to have to punch so many holes in their firewall to allow these things that the firewalls are becoming less effective and they're becoming less relevant in a way."

With data moving in and out of corporate networks through an increasing range of channels and with work taking place online to a much greater extent, firewalls need to evolve to keep up.

For traditional firewalls, one key problem is the failure to distinguish between internet use and data moving to and from online applications, meaning there is little way of controlling the flow of information in and out of a business.

"It's kind of going beyond this view that we have a wall protecting the enterprise and once you're in, you're in and you're trusted and if you're out, you're out and you're not trusted. It doesn't work like that anymore," Owaineh added.

For Reed's Whetstone, technology that allows people to access online services but which controls what information that can be uploaded is the ideal, helping businesses to protect their interests while allowing staff to be more productive.

As a result, Reed is now planning to trial technology from firewall company Palo Alto Networks (PAN) in the near future.

Along with the likes of Detica-owned StreamShield, PAN is aiming to tackle the online apps catch 22 with firewalls that can identify applications, content and users to keep secure data in while allowing online collaboration to continue.

But firewalls are not the only answer to preventing data leakage. Quocirca analyst Clive Longbottom said additional technologies - such as deep packet inspection and denial of service protection - are increasingly important in keeping organisations safe.

Both Longbottom and Datamonitor's Owaineh agree enterprises' focus should now be more on protecting and controlling data itself, rather than using firewalls to ring-fence corporate networks, such as through encryption and wider use of permission-based access to information.

Quocirca's Longbottom added: "You can't just do periphery protection any longer. You've got to regard your pieces of data as intellectual property to the business so what you need to do is put protection around those directly, so when it's on the move it carries around its security with it."