Vendor Highlight

Mobile Broadband Boost

As the demand for a smooth and seamless integration of Wi-Fi access becomes increasingly important part for the mobile broadband service, Ericsson has announced its 3GPP compliant Wi-Fi network access, control and management solutions.

Read more ...

Expert Talk

Securing Utilities Infrastructure

As a highly critical sector, the oil and gas infrastructure should be one of the most secure, both physically and digitally. This is not the case.

Read more ...

 

Monitoring employee behavior in digital environments is on the rise. Approximately 60 percent of corporations are expected to implement programs for monitoring external social media for security breaches by 2015, according to market analyst Gartner.

eye

 

Many organisations already engage in social media monitoring, but less than 10 percent use these same techniques as part of their security monitoring program. “The growth in monitoring employee behavior is enabled by new technology and services,” says Andrew Walls, research vice president of Gartner.

 

“Surveillance of individuals can both mitigate and create risk, which must be managed to comply with ethical and legal standards.” In order to prevent, detect and remediate security incidents, IT security companies have traditionally focused on the monitoring of internal infrastructure.

 

The impact of IT consumerisation, cloud services and social media means the traditional approach is inadequate for an organisation’s security and information. “Security surveillance must follow enterprise information assets and work processes into whichever technical environments are used by staff to execute work,” says Walls.

 

“Given that employees with legitimate access to corporate information are involved in security violations, monitoring must focus on employee actions wherever the employees pursue business-related interactions on digital systems.” In other words, the development of effective security intelligence and control depends on the ability to capture and analyse user actions that take place inside and outside of the enterprise IT environment.

The popularity of consumer cloud services, such as Facebook, YouTube and LinkedIn, provides new targets for security monitoring. However, surveillance generates additional ethical and legal risks. There are times when the information available can assist in risk mitigation for an organisation, such as employees posting videos of inappropriate activities within corporate facilities.

However, there are other times when accessing the information can generate liabilities, such as a manager reviewing an employee's Facebook profile to determine the employee's religion or sexual orientation in violation of equal employment opportunity and privacy regulations.

A wide range of products and services have emerged for monitoring. Public relations firms are providing social media monitoring as a standard client service. Security organisations are beginning to see value in the capture and analysis of social media content, not just for internal security surveillance, but also to enable detection of shifting threats that impinge on the organisation.

This may be physical threats to facilities and personnel revealed through postings concerning civil unrest or it may be threats of logical attacks by hacktivists. Early detection of shifting risks enables the organisation to vary its security posture to match and minimise negative impacts.

“The problem lies in the ability of surveillance tools and methods to produce large volumes of irrelevant information,” says  Walls. “This personal information can be exposed accidentally or become the target of voyeuristic behavior by security staff.” There are a number of issues that should be considered. While automated, covert monitoring of computer use by staff suspected of serious policy violations, can produce hard evidence of inappropriate or illegal behaviors and guide management response.

 

It may also violate privacy laws. In addition, user awareness of focused monitoring can be a deterrent for illicit behavior, but surveillance activities may be seen as a violation of legislation, regulations, policies or cultural expectations. There are also various laws in multiple countries that restrict the legality of interception of communications or covert monitoring of human activity.

--------Gartner

You have no rights to post comments