Matt Keil, Palo Alto Networks

Encrypted tunnels enable users to circumvent security controls

By Matt Keil, Palo Alto Networks
In the previous article, I talked a bit about how employees are using external proxies to hide web activity from the prying eyes of the IT department. This article discusses the use of encrypted tunnel applications to hide from detection. To someone like myself (an admitted web 1.2 kinda guy), using one of these applications seems a bit extreme. They all require the installation of a client software – but once installed, they virtually guarantee that corporate security won’t see (or stop) you from using your favorite application.

How employees evade IT security controls

By Matt Keil, Palo Alto Networks
Prior to January of 2007, I had very little exposure to the vast array of applications that employees use while at work. Sure, I used IM, webmail and listened to music online, but I was being paid to do a job, not entertain myself. After joining Palo Alto Networks, and analyzing 18 months worth of customer traffic, it has become clear to me that my application exposure is outdated. I say this because I am surprised by the broad range of applications we find running on corporate networks – business and end-user oriented. Examples include inappropriate web surfing (obviously), watching HD movies, streaming music, file sharing or running a side business. The bottom line is that employees are using their favorite applications whenever they want with little regard to the associated business and security risks.