NetSTAR

TOKYO February 5th, 2009

NetSTAR, Inc. (Headquarters: Shibuya-ku, Tokyo; president: Noboru Ogahara; hereinafter “NetSTAR”), a developer of URL filtering product technologies and services, also involved in the collection, categorization, and delivery of URL lists, hereby presents the findings from its 4th “Survey of Corporate Internet Management” conducted on system administrators in corporate and public workplaces.

NetSTAR has been conducting a series of surveys since 2006 to better understand the actual situation of Internet access management in the workplace. The latest survey targeted approximately 1,000 system administrators who are current users of URL filtering systems. The findings can be largely summarized by the following two points.

(1) Filtering has become a common information security measure for the workplace. While many acknowledge the effectiveness of filtering, some dissatisfaction still remains.

Most adopt filtering services to enhance security against threats such as viruses and information leakage. There has been little change in the results since the last survey, indicating that filtering services are becoming well-established. Regardless of the organization size, over 70% responded that they were satisfied with the products and services used. It should also be noted, however, that there were also complaints such as “reduced work efficiency” (36.6%) due to excessive access control, as well as “inaccuracy of database” (30.8%), and “difficulty of managing multiple policies” (29.4%). Furthermore, with regards to the URL databases, which directly affect the filtering accuracy, over 30% stated that they would prefer to have "multiple updates per day.” However, only about 10% actually manage to do so with such frequency, indicating that there is further room for improvement in the products and services themselves. With only about 10% of the system administrators being aware of the access control settings for each department and user, management features in particular can use much improvement.

(2) Administrators themselves use forums and blogs as information sources, but may be required to limit use by other employees

About 70% responded that they use forums and blogs to gather business-related information. At the same time, due to lack of better alternatives for preventing information leakage and inappropriate usage, many organizations are forced to limit the use of forums and blogs by non-administrative users. There is clearly a need for filtering products and services that can meet the needs of each office with flexibility, allowing limited use of interactive websites, for example by “providing access only to websites that are beneficial to the business” or by “providing read-only access.”

With increasingly-sophisticated use of the Internet in both corporate and public settings, filtering systems and other products and services for access control must become capable of supporting a more efficient, productive, and safer environment.
NetSTAR will use the findings from the survey to enhance fundamental filtering technologies and improve the collection and distribution of URL databases, and continue to work towards an Internet that is safer for everyone.

■Survey Background
Uncontrolled web access by employees is becoming a large management risk for an organization. The latest survey aimed to reveal the actual situation of Internet management in offices with URL filtering, so as to clarify the needs for network management in the business scene.

■Survey Method
Under the request of NetSTAR, an online survey was conducted by Macromill, Inc. from December 24 to 26, 2008. 1,037 valid responses were collected from system administrators who work in offices with a URL filtering system. The respondent body was aged in their 20s to 60s.

■Main Findings and Comments(Graphs in Japanese only)
 ▼Most adopt filtering solutions for security enhancement
- The incentives for adopting a filtering system were topped by “security enhancement” at 53.3%, followed by “reinforcement of internal control” at 39.2%. For the anticipated results, security-related responses ranked high, with “prevention of illicit code” at 78.7%, followed by “prevention of information leakage” at 76.8%. There was no notable difference in response between organizations of different sizes. Furthermore, there was little change in the results compared to past surveys, indicating that filtering is already well-established as a means for security enhancement. (See Graph 1. Graph2. Graph3. Graph4. Graph5)
- When asked of specific reasons for restricting access to websites of certain categories, “inappropriate postings” (74.1%) and “information leakage” (50%) were ranked high for “Forums,” while “offensive contents” (91.9%) and “illicit code” (73.3%) were notable for “Adult contents.” (See Graph 6. Graph 7)
 ▼Respondents generally satisfied with effectiveness of filtering, but are left wanting for greater efficiency
- Over 70% responded that they are satisfied with the current filtering solution, with organization size having little effect on the results. More specifically, “eliminated viewing of inappropriate websites” was the most popular reason for the satisfaction, at 48.7%. On the other hand, many also expressed discontent with “decreased work efficiency" (36.6%), “inadequate accuracy of database” (30.9%), and “difficulty of managing multiple policies” (29.4%). The results suggest that users are requiring improvements that allow for more flexible operation and management. (See Graph 8. Graph 9. Graph 10. Graph 11)
- Over 80% are satisfied with the outcomes of adopting a filtering solution, such as “prevention of illicit code” and “prevention of information leakage.” It should be noted that “allow employees to concentrate on their business” ranked significantly lower than others at about 70% the score. (See Graph 12)
▼Organizations of different sizes showed different requirements for filtering solutions
- When asked what kind of features would be effective in a filtering solution, “making websites of specified categories read-only” ranked highest at 50.8%, followed closely by “allow time-limited access to websites of specified categories after displaying a notification” at 48.9%. In organizations with 30 to 100 employees, the demand was strongest for “time-limited access,” while in larger organizations, greater demand was shown for “making all websites read-only” and “using log files to recover files submitted over the web.” The results indicate that as the organization size grows, stronger emphasis is placed on preventing posting that may lead to security troubles, and on verification of facts in the case of a trouble. (See Graph 13. Graph 14)
▼More than 70% use filtering throughout the organization, yet few administrators have a grasp of the policies in place
- While 78.3% use filtering throughout the organization, usage declined for smaller organizations, with increasing numbers of unfiltered departments and sites. (See Graph 15. Graph 16)
- The most common reasons for not implementing organization-wide filtering was “cannot provide administrator for each location” at 33.5%, and “solution can only be managed at the headquarters / solution cannot be managed at each location” at 32.4%. It is clear that the market is in need of products and services that can be easily installed and managed by small & medium organizations as well as in remote locations. (See Graph 17)
- Only 14.1% of the system administrators had “full grasp” of access control settings for the individual departments and users. With respect to organization size, 20.1% had "full grasp” in organizations with 30 to 100 employees, while the number dropped to about 10%, indicating that the introduction of filtering does not necessarily lead to organization-wide thoroughness of security policies. (See Graph 18. Graph 19)
▼URL database for filtering solutions are expected to offer advanced features such as “immediate response to malicious sites” and “multiple updates per day”
- With regards to filtering databases, system administrators place an emphasis on “immediate response to malicious sites” (46.5%), “accuracy of database” (19.1%), and “detailed categorization” (16.8%). While there was little difference due to organization size, results showed a stronger demand for “immediate response to malicious sites” as the organization size increased. (See Graph 20. Graph 21)
- At 34.4%, “multiple updates per day” was the most commonly desired update frequency for the filtering database. However, only 12.6% actually use solutions that offer “multiple updates per day,” leaving a notable gap between the ideal and reality. Larger organizations showed a stronger preference for “multiple updates per day.” (See Graph 22. Graph 23)
▼System administrators make personal use of forums and blogs, but have concerns about other employees doing so
- 69.2% of the system administrators responded that they have used forums, blogs, and SNS during work. There is no notable difference due to organization size, indicating that the business use of interactive websites has become commonplace. (See Graph 24. Graph 25)
- Over 60% responded that use of forums and other interactive sites by employees will increase the risk of “information leakage,” “wasted time” and “inappropriate postings.” However, smaller organizations tend to think that there is “none particular,” illustrating that risk awareness may differ depending on the organization size. (See Graph 26. Graph 27. Graph 28. Graph 29. Graph 30. Graph 31. Graph 32. Graph 33)
- When asked to list specific actions that may be considered a risk with employees using interactive websites, “inappropriate postings” ranked highest at 79.3%, followed by “taking out corporate data via storage services” (60.8%) and “sending file attachments via webmail” (57.6%). In particular, larger organizations showed notable concerns for “inappropriate postings,” “commenting on blogs and SNS," and “diary entries on blogs and SNS.” (See Graph 34. Graph 35)
▼Trouble-free use of forums and blogs requires solutions that allow access only to work-related websites
- For effective use of forums, blogs, and SNS, most feel that it is necessary to “allow access only to work-related websites” (55.4%) and “establish internal rules” (51.7%), as well as to “allow read-only access” (24.1%). In organizations with 300 to 1000 employees, demand is highest for “allow access only to work-related websites,” while organizations with less than 300 employees showed greatest interest to “establish internal rules.” (See Graph 36. Graph 37)
- Popular measures taken to prevent online troubles by employees were “access control by filtering and other measures” (75.4%), “make known that filtering and other management measures are in place” (67.4%), and “training on web use” (58.1%). Larger organizations tend to rely less on their employees’ awareness, and take more systematic measures such as “allow read-only access” and “allow access only to work-related websites.” (See Graph 38. Graph 39)
▼Log reports from filtering solutions are used to track inappropriate web usage by employees
56.7% responded that they use “log reports” from the filtering solution to detect suspicious web usage by employees. When asked to list problematic actions that may require caution, “frequent access to websites within a particular category” ranked highest. (See Graph 40. Graph 41)

■About NetSTAR, Inc.
NetSTAR specializes in the development of URL filtering software and services, and in the collection, categorization, and delivery of URL lists. Its URL lists boast the largest market share in Japan for corporate filtering products, at well over 40%, and are also used widely for home filtering services. Over the years, NetSTAR has gained much recognition for the quality and reliability of its collection/categorization and publishing processes. Its URL lists for filtering services have been adopted by all mobile phone operators in Japan, and is the de facto industry standard.
For more information, visit http://www.netstar-inc.com/.