The Friday Interview: Patrick Jolly, SurfControl

24 Dec 2004

The past two years have seen SurfControl’s filtering products move closer to the top of many an organisation’s shopping list, a fact that EMEA president Patrick Jolly (pictured) is happy to admit took the company by surprise. “We knew it was going to big but we didn’t know what big meant!” he says with a smile. “The business plan saw us hitting 100 million billings within the first seven years. We achieved that two years ahead of schedule.”

Launched in the UK in 1998, the software company has enjoyed healthy growth thanks to the changing business landscape where the everyday adoption of the internet as a workplace tool has had huge repercussions for organisations. Because of the instant communications channels that the web has opened up to employees, employer liability has become a major concern and monitoring employees a necessity.

The SurfControl range of filtering products enables the monitoring and control of content as it enters or leaves an organisation. While such software may encourage sinister Big Brother scenarios, Jolly is adamant that the fear factor is unjustified.

“A fundamental principle that we have is that we supply overt rather than covert filtering,” he says. “It’s about being inclusive with the workforce and explaining why it’s relevant to have filtering products in place.”

He argues that if you explain the reasons for filtering and take time to outline a particular policy for the organisation and the individuals within it, the feedback starts to become very positive.

“We find that if you define and communicate a policy you are showing that you are a caring employer, because some of the reasons for having filtering are to ensure that employees are working in a safe and secure environment,” he reasons. “For instance, it’s not good if a clique in an open plan office are viewing pornography. It can create vicarious liability for the employer and it can offend other people. Employees welcome the creation of a secure and safe environment.”

Another big benefit of filtering is that it has a positive impact on staff productivity. According to Jolly, studies say that if you allow people unfettered internet access employees are likely to use it for an hour a day for non-business related activities. This adds up to 12.5pc of an organisation’s payroll. He is not, however, suggesting draconian measures to put an end to personal internet access. He argues that organisations have to be much more clever than that.

“There may be circumstances where it may be appropriate to allow employees to have the benefit of the typically faster internet access they will have in the workplace. If you have the right tools that are flexible and intuitive to use, what you can do is let them focus on business use between nine and one and then take some of the barriers off at lunchtime so they can do their internet shopping or whatever it is they choose to do. And then bring it back to business settings in the afternoon,” Jolly suggests.

Another legal minefield surrounding email and the net is intellectual property (IP). These days 95pc of IP is in a digital format and is all to easy to send via email. “Someone pressing the wrong button at the right time can do severe damage to an organisation,” warns Jolly. “You can have protection at the perimeter dealing with these kinds of threats.”

Aside from productivity and legal worries, the other bigger issue surrounding internet usage is its ability to suck up network resources. Bandwidth is very expensive. Jolly believes that any organisation that is under budgetary constraints — he namechecks the public sector — needs to take control of its bandwidth. “Without filtering solutions it has just been increasing the size of the pipe so more bandwidth is being consumed without identifying reasons for its use,” he says.

He tells the story of one organisation that had seen a rapid and unexplained growth in the use of its bandwidth. They eventually discovered that staff in the post room were using the internet to listen to the radio. “The way to fix it wasn’t to go and buy more bandwidth, it was to go and buy a radio,” says Jolly. “It could be as simple as that, but the point is that it’s only when you put tools in place to identify what the issues are that you can take control.”

Like many technologies, there is a danger for vendors in that their products are only called upon after there’s been a problem. Is that the way it happens when people decide to deploy filtering products? “It used to be the case but it’s changing,” says Jolly. “You only have to look in the media to see how many high-profile cases there have been. Internet filtering might have been considered non-mission critical a few years ago but we’ve seen a real change within the past year.”

One advantage of such high-profile cases is that non-technical people within organisations can grasp the significance. Because managing directors, chief executives and so on understand the concept of controlling the content, it becomes more of a business sell than a technology sell, according to Jolly.

“IT managers don’t want to have to manage lots of different applications but they realise it’s more and more mission critical. With the rise of compliance legislation and the need to protect confidential information, the board sees it as something central to the way it runs its businesses.”

That said, a fair degree of trust has to come from customers before they invest in products, as Jolly can testify from an experience with a UK banking customer. “Banks are paranoid about confidential information. Only two and half years ago there was an investment bank in London that had a team of people that was physically verifying the content of every email that went in and out of the organisation. It’s not scalable and it’s hugely inefficient but before it replaced people with products it needed to have the confidence that solutions were out that meant it wasn’t going to be sending out price-sensitive material to the wrong people.”

Naturally, SurfControl does not have such a fast-growing market to itself but Jolly is confident that his company has what it takes to differentiate and succeed. He says that SurfControl’s software is more flexible than many of the competitor’s, letting the organisations determine rules and define a policy for each individual employee. “In reality it’s probably not practical to define it for every individual but it is practical to try and understand the needs of each department and define a policy around that.”

Unlike some competitors SurfControl also believes in total filtering. “Others only believe in email or web filtering,” says Jolly, “but having one without the other is like locking the door and leaving the window open from a network security point of view. We firmly believe you need to address all of these issues if you are going to supply a secure network and environment.”

Jolly sums up: “Email and the internet are such valuable business tools that they will not go away but there is an absolute requirement to manage it in a way that is not going to be hugely expensive or time consuming.”

By Ian Campbell