Viewing 3 reply threads
  • Author
    • #26409
      Member Points: 0

      Hello all IT pros,

      I’m conducting some market research and I hope asking this question here is not considered as spam.

      Our company is designing an enterprise software product to help IT administrators prevent/track most activities of employees such as copying files to USB drives, programs used, websites visited, keyboard usage and also fully monitor their screens. Everything can be managed through a web-based interface and modules can be enabled/disabled throughout network on demand, and only features that are used, are charged for.

      The actual question is “Do you think an IT manager will consider using this product to improve security of their network?”

      I would really appreciate if you explain what you expect to see in such product, or what are other concerns that can be addressed. Any suggestions or comments are welcome.

    • #26410
      Michael Pietroforte
      Member Points: 31,761
      Author of the year 2018
      Rank: 4

      In my view the main problem of employee monitoring tools is that they significantly increase the attack surface of a network. If an attacker gains controls of the tool, the company is in serious trouble.

      Thus, it is of utmost importance that an employee monitoring tool also monitors those who are supposed to monitor the employees. The tool has to log precisely who had access, from where and when. It should also contain a notification module that notifies authorized admins whenever someone accesses the data that has been collected by the tool.

      All in all such tools don’t really improve security. They are usually just used to make sure that employees do their work instead of playing Facebook.

      As to charging for certain features, many vendors of IT management tools have tried this concept and most of them give it up after a while. Studies exist that show that if you give customers too many choices about a product, they don’t buy at all.

    • #26416
      Kyle Beckman
      Member Points: 352
      Rank: 2

      Would I use it?  No.  The monitors “keyboard usage and also fully monitor their screens” seriously concerns me.  You’ve got a huge privacy issue here.  In my environment, my legal and HR departments would never let me put something like that on a machine.  What possible security reason could you possibly have for spying on an end user to this level without document-able justification?  Best case, you’re going to have so much data to sort through that it would never be useful.  Worst case, you’re going to intercept an end user’s personal passwords, personal credit card numbers, or something far worse.  I can’t imagine what would happen if you do this in the wrong country or locale without properly warning your end users.

      Standing over an end user physically or virtually with software isn’t going to keep your network secure.  If you’re not following best practices or implementing security controls, the software is useless.  If you’re using antivirus, application control/whitelisting, patching systems, etc., all these systems have audit functionality to tell you if they’re working.  You don’t need a third-party product unless you need correlation in one place.

    • #26417
      Michael Pietroforte
      Member Points: 31,761
      Author of the year 2018
      Rank: 4

      Kyle, I think only few educational institutions would use such a tool. However, what I really surprised me when I first heard about employee monitoring is that it is actually legal in the US and probably not even uncommon. However, this doesn’t apply to all countries. For instance, in Germany most of the functionality offered by employee monitoring tools is illegal.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2021


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account