We have a 10Mbps (synchronous) connection with our ISP. Recently we have discovered that if a single user is watching Netflix, or if I run Windows Update on a PC, we will totally saturate that 10Mbps and the rest of the users in the company (~200 at this location) suffer very poor internet speed.
Our current firewalls are Fortigates but we're in the process of migrating to Watchguard. That being said, we haven't noticed this being an issue except for in the last few weeks, but we can't imagine what would have changed, and if we run the same sort of traffic through the Watchguard, the same issue crops up (we thought maybe the aging Fortigate was to blame).
Is this something that we should be talking to the ISP about? Is this something we should be controlling with our firewalls?
I had a problem with my co.'s 20Mbit conection, shared between 25 people, that sounds similar. The ISP gave us an Ethernet connection from the MPOE, which we plugged right in_to the firewall, no router. That worked great for 18 months, then suddenly not very well. The connection would slow, to as little as 100Kps, then eventually recover for a while. The ISP told us we were regularly maxing out our bandwidth, where once we hit 95% of cap they would start to drop return packets. They said the solution was to put a router in place that could do traffic shaping, or any device that could limit the connection speed. The problem disappeared after about million phone calls, I believe the ISP put a traffic shaping rule on thier end , that must have been there originally but disappeared. The long term solution is supposed to be a managed router from the ISP. A couple of further notes-- if you use testing sites like speedtest.net, you will only aggravate the problem, since those work by maxing out your bandwidth. The ISP provided an FTP site I could do uploads and downloads with, I made some 50 &100 MB "lorem ipsum" files, uploaded those and a small Linux .iso, then wrote a script using wget to output speed values into text files that I could check on with another script.
What is a company user doing watching Netflix anyway!
But seriously, this is not the kind of question where one can give you a definite answer as it depends largely what you want to do, what you consider valuable, what improves the business, etc.
However, there are a few points worth noting here that can help you make your own decisions:
As pointed out by @kasperd, 10Mb for 200 people is not all that much - if these 200 people use the internet for important business related functions. If it is only to pull up emails, then that would be enough. If it is only for some casual browsing, then it would be enough.
200 users would, we think, mean 200+ stations and servers. WSUS is key here. You set up a box with WSUS, you'll download the updates once. And you won't download all Windows updates, only the recent ones that you don't have.
Traffic shaping and controlling is key. Is watching Netflix valuable to your company? If so, then you prioritize this traffic. If not valuable but wanted, then you lower it. If not wanted, then you block it. While 10Mb line isn't a huge line, it does not mean that it's properly used. Before upgrading, you want to make sure what you pay for is properly used for true business needs. You would do this with some router/firewall/appliances - the kind depends largely in the size of your business, what you currently use and what you are willing to learn.
Upgrade your bandwidth. I hope you don't pay more than $50 for that line (ok frankly I don't know the going rates but generally you can get business class 100Mb fiber lines for not much).
Should you talk to your ISP about this? Sure, you can. But if you are simply maxing out your line, then they most likely will tell you to get a bigger line.
Do make sure however that you have a good line. 10Mb is one metric, but what's the latency? That's another factor.
Check for other devices that may cause trouble. Seen more than once where there is an old hub or dinky switch on the line somewhere that is creating packet storms or is simply unable to handle the amount of traffic going through it and you find it on a core part of the network!