When you log on at work, many of you probably—know it or not--click on an acknowledgement that you consent to monitoring of your activities.
When you are working, your time and your “privacy” are not really your own!
Organizations routinely conduct various sorts of monitoring include network monitoring, intrusion detection monitoring, and now more and more, monitoring of employee activities online. This is an important part of the organization’s technical and security architecture.
- Network focused--“Network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. It is a subset of the functions involved in network management.”
- External focused--“An intrusion detection system (IDS) is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).” (Wikipedia)
- Internal-focused--An activity monitoring tool, according to ComputerWorld Magazine, 7 April 2007, “monitors all activities on an end-user’s system to make sure that no data or computer usage policies are violated. If a violation does occur, the agent issues an alert to the company’s security team and begins collecting data for further review.”
While we all can understand the need for network monitoring and intrusion detection systems, many find internally-focused activity monitoring, a put-off, a display of lack of trust in the employees, or a violation of our privacy.
However, companies do actually have much to fear from their employees—especially the disgruntled or corrupt ones:
CyberDefense Magazine, August 2004, reports in “Beware of Insider Threats to Your Security” as follows: “Gartner estimates that 70% of security incidents that cause monetary loss to enterprises involve insiders…[that] recent FBI statistics show that 59% of computer hackings are done internally…[and that] a source inside the United states intelligence community stated that more than 85% of all incidents involving the attempted theft or corruption of classified data involved an individual who had already been thoroughly vetted and been given legal access to the data.”
According to ComputerWorld, activity monitoring tools “features a video-like playback feature that lets security administrators view precisely what a user was doing before, during and after a policy violation was flagged. That can help the admins determine almost instantly whether the violation was an accident or the result of deliberate action…[Additionally, other tools] keeps an eye on all internal network traffic for sensitive or inappropriate material…[or] monitor database activity and check for improper access and other abuses.”
“Because the software [tools] can quickly correlate log even from practically every IT system, it also serve as both a “real-time alerting system and an after-the-fact forensic tool.”
Related products can actually be set up to quarantine a computer, when a policy violation is detected.
The architecture for monitoring the network and internal and external threats is becoming ever more sophisticated. While according to ComputerWorld, Gartner estimates that “less than 30% of Fortune 5,000 companies have installed such [activity monitoring] tools,” we can expect many more to adopt these in the near future.
These tools are vital in today’s information-rich environment where confidentiality, availability, and integrity are the backbone for our enterprise decision-making.