What Are Web Application Controls?

March 28, 2012 - By Tim Chiu

If you've been following Web Security trends lately, you've probably seen the term "Web Application Control" or even just "Application Control" being used quite a bit lately.  You may also be wondering, just what Web Application Controls are and how they differ from the web security you've already got in place today.  Traditional web security involves controlling web access using categories, and the simple controls of blocking and allowing web pages based on their categorization(s).  Web Application Controls takes this one step further.  In addition to basic block/allow control, web application controls gives administrators the ability to have fine grained controls over specific operations within a webpage.  For example, within a website like Facebook, there are controls over whether a user or group can post a comment, upload a photo, or play a game.

Fine grained controls offer the administrator the ability to offer content on websites without having to compromise on security or control around compliance issues.  In the Facebook example, an administrator can now allow employees the ability to keep tabs on their family and friends (perhaps a business imperative from the HR department as part of their recruiting effort), but not have to worry about employees downloading objectionable content, productivity loss due to games on Facebook, or other security and compliance concerns around Facebook.  At the same time, the administrator can offer posting and uploading access to certain individuals in the marketing organiztion (or the entire marketing group), to facilitate the organization's marketing efforts on the company's own Facebook page.

Web Application Controls extend past just Facebook of course and are available for the most widely used web applications, including Salesforce.com, LinkedIn and other social networking sites, blogging sites, chat, webmail, media sharing, online storage, audio and video streaming, and other web applications.  

While Web Application Controls aren't guaranteed protection against malware, they do help in this area as well.  Some of the most publicized malware attacks originate in social networking sites.  By having controls over what end-users download, administrators can prevent malware downloads from social networking without having to block this category.  It's not a fail-safe, but one additional tool for the administrator's arsenal against malware.

As with any new technology, it is buyer beware with regards to Web Application Controls.  While many vendors claim to offer this feature, not all actually offer any controls beyond basic block and allow controls.  For the administrator it is important to determine what functionality they want to allow in specific categories and websites for what users and groups, and find the right solution that lets them have that level of control.

The Blue Coat Web Application Policy Engine provides granular control over specific web applications and operations for popular social networking, email, instant messaging, video and media sharing applications.

As new applications and operations are added, the Web Application Policy Engine is automatically updated, enabling IT administrators to effectively manage the data loss and employee productivity risks associated with social media and other web-based applications. Administrators can also enforce Safe Search and keyword controls for all major search engines.