British Telecommunications plc (BT)

Combination of visibility, acceleration and security allows BT to reap the benefits of a trusting work environment without jeopardizing network security.

The use of social networking sites has soared over recent years, with an estimated 64 million people worldwide using the technology for both social and work related purposes. For many employers, an outright ban of such sites is simply not realistic and a growing number are now actively embracing the use of networking sites and other Web 2.0 tools such as P2P (Peer to Peer) and Wikis in order to encourage innovation and collaboration amongst employees and to boost productivity and motivation.

The challenge for these companies is to leverage the positive potential of these applications whilst protecting the corporate network from Web viruses, spyware and other software that could compromise network security. With cyber criminals increasingly targeting the Web and using legitimate, trusted Websites to spread malware and viruses, organizations need to have effective constraints and controls in place to keep pace with these changing threats.

Just such a challenge was faced by one of the UK’s largest employers BT, as it sought to implement a solution that would enable its staff to have access to applications such as Webmail, social networking sites and instant messenger without compromising the security of its network or the capacity of its Internet gateway.

They also required a solution that would tackle the challenge of increased traffic across the network, by accelerating the delivery of content and applications across the Web and reducing overall bandwidth consumption.

BT – A forward thinking employer

BT is one of the world’s leading providers of communications solutions and services operating in over 170 countries. Today, BT’s activities support almost 1.7 percent of all employment in the UK.

Recognized as an innovative employer, BT has a long record of adapting procedures to meet the changing needs of staff, in order to achieve its wider strategic objectives. Part of this evolution, has been to recognize the role that the Web can play in increasing internal productivity for its 106,000 employees.

BT estimates that its employees currently make 135 million requests to external Websites on a daily basis compared with only 27 million a day just two years ago, an increase of 500 percent. Gordon Yule, network security manager at BT comments: “In recent years there’s been a blurring of the lines between work and home and we need to recognize these shifting patterns of behaviour to meet our employees’ expectations. We aim to be as flexible as possible as a company and part of this involves moving from a paternalistic to a more trusting policy when it comes to employee use of the Web at work. At the same time we have a duty of care towards our employees and must ensure that we secure our network and can block sites which are tasteless or offensive.”

A layered approach to security

Following an extensive assessment of the many Web security products available on the market, BT selected Blue Coat ProxySG appliances to secure its data and infrastructure. Blue Coat ProxySG uniquely combines extremely granular levels of security – content filtering, content security and virus scanning – to enforce rules based on a wide range of attributes such as type of user, application and nature of the Web site. More extensive Web analysis is performed by Blue Coat WebFilter, the company’s own Web filtering database of URLs that features real-time, dynamic analysis through its in-the-cloud WebPulse service. With this layered solution, BT can apply comprehensive custom policy controls so that employees have access only to approved sites. In addition, rather than slowing traffic as it applies security and policy control, ProxySG appliances actually accelerate the acceptable content and applications while reducing the bandwidth consumed by significant amounts.

" Before using Blue Coat, we had a more blunt instrument of the 'block all - allow all' approach. Likewise our AV solution simply didn't have the capability to scan everything. With Blue Coat we can now apply more finely tuned levels of policy across multiple Web security services."- Gordon Yule, Network Security Manager

This improved capability means that employees are now permitted access to Websites previously deemed as too dangerous, as the appliance can strip off attachments, prevent automatic downloads of executable software and scan Web pages for viruses or other malicious code. As a result BT now allows its employees access to sites that were previously off-limits, such as Myspace and Facebook and staff are also allowed access to their personal Webmail accounts from its network.

Yule comments: “Before using Blue Coat, we had a more blunt instrument of the ‘block all - allow all’ approach which didn’t take into consideration the needs of different departments or regions. Likewise our AV solution simply didn’t have the capability to scan everything. With Blue Coat we can now apply more finely tuned levels of policy across multiple Web security services.”

The granularity of policy control also allows BT to reflect differing cultural needs amongst its global workforce: “We have to be sensitive to the cultural differences around the world, as customs and practices vary. We have to reflect that by applying flexibility in our policy controls, for instance staff in Asia might need to be protected from some Western sites that they might find offensive. We can now fine tune our policies to meet these requirements.”

Management of the Web Made Simple

Implementation of the solution was also straightforward as Yule comments: “Switching over to the Blue Coat appliances was a quick and easy process – replacing an existing box with a Blue Coat appliance could be completed in half a day.”

From a management perspective the Blue Coat solution will mean huge savings in time and resources. BT line managers now have a “dashboard” of information which provides information on site category, URL, user, department, number of bytes downloaded, time of day or length of download.

Yule comments: “This improved visibility and reporting functionality brings enormous benefits to managers and means that they can devote less time to monitoring Internet usage and more time on their core role. For IT staff, the improved reporting also brings huge time savings as security threats can be detected almost instantly through more detailed logs which are streamed every minute. Before the deployment of the Blue Coat solution, our IT department had to manually search through logs to detect spyware and viruses which was a considerable drain on man hours and resources.”

The Future – Speed of Service

BT initially deployed ProxySG appliances at its facilities in the UK and such has been the success of the first phase roll out – which was completed over an 18 month period – that it now plans to deploy appliances in other locations throughout the world.

Blue Coat ProxySG appliances also feature the company’s MACH5 technology, to optimize the performance of applications across the WAN (Wide Area Network). BT is also now planning to use this technology to accelerate important business applications across the WAN including a Web-based HR solution, so that it can be accessed in branch offices with nearly the same performance as in its headquarters.

“These features will prove invaluable as we make increased use of Web-based applications and other tools such as video streaming – without impacting on overall network performance,” Yule comments.

He concludes: “A key driver for us was to find a solution that is easy to manage, quick to deploy and enabled us to achieve our strategic objectives in terms of a more open policy towards the Internet. The Blue Coat solution enables us to simultaneously protect our network and create and enforce policy. We now have improved control of our network and can manage bandwidth while accelerating the delivery of content and applications.”