Network processing services, such as web security services (e.g WebSense, SurfControl), mail processing services (e.g. Mailsweeper) or IM (“instant messaging”) processing services (e.g. IMLogic, Facetime) are conventionally deployed within or at the perimeter of a corporate computer network. Operating within the corporate environment has several disadvantages, including the costs associated with installation and maintenance of the service and the hardware on which it runs. If the service is to remain current and up to date, regular upgrades are often needed, adding to these burdens associated with ownership.
On the other hand, locally hosted services like this have the benefit that they have ready access to local (i.e. corporate) network information (e.g. user information available from a local network directory and network traffic information). The information may be useful, or even essential, for provision of the service, as it can be used to selectively process requests or other network communications received by the service and can enable more granular auditing in relation to the operation of the service and the activities of the users.
The costs and other disadvantages associated with locally owned and hosted services have led to a growth in managed services provide by third parties, typically hosted off-site, communicating with the corporate network via an external network, very often an unsecured external network such as the Internet.
Such managed services afford a multitude of benefits to users, including no installation or maintenance costs, regularly updated/upgraded services and generally more stable and faster processors running the service.
These managed services suffer from the drawback, however, that they cannot access certain local network information, such as private corporate network details (e.g. internal IP address, user name, directory group membership, quota usage and local time), as this information is generally absent when network communications leave the corporate network (via the firewall), either as an artefact of the firewall operation or through deliberate removal for security reasons. This seriously limits the functionality that can be provided by internet-level network processing services.