The User Monitoring Minefield

Posted on November 16, 2015


Continuous User monitoring is a reality and an almost essential component of any organizations IT Security toolbox. To preserve employee privacy and the avoidance of challenges from individuals that corporates have compromised their integrity, it requires double blind protections. Obvious yes, but apparently not as many solutions do not flfill this crucial function.

With the increased Advanced Persistent threats and sensitivity of corporate data comes the widening of continuous user monitoring. Users are the undisputed weakest link in the IT security chain. By and large users are not the enemy but organizations must protect their data and systems form human folly, or more often than not stupidity.

The risks are not getting any less, and the exposures surmountable higher. It will not be long before regulators and insurers alike will wake up to the reality of what this means. Users, the weakest link in any IT security risk assessment, will increasingly become subject to mandatory monitoring. Not just during their working hours but in some use cases and privileged scenario’s, in their offline world as well. This is already the case on an individual basis as anyone who owns a mobile phone has adopted digital tagging voluntarily. Albeit their employers do not have access to the telemetry, but the telco’s and many national agencies do, but that is a subject for a seperate missive.

The corporate requirement is for systems that no longer simply monitor and record, but systems that can also go on the offensive dynamically and in real time lock down user access and even destroy end user systems if the risk parameters are breached.


Fact – Device wiping technology has been around of a while in both the consumer and corporate domains residing in the most domesticated of fondled IT objects, the iDevices. With systems such as Enterprise Mobility Suite from Microsoft this now stretches into the corporate control domain and world of Bring Your Own Device (BYOD). Such tools allows your employer to mandate when a devices has gone ‘out of bounds’ and execute a remote wiped amongst other reporting and usage insights. Monitoring your location and activity on the device itself, documents you read, websites you visit and emails messaging you engage in.

The problem with much of the monitoring software about today is its invasive nature. Some senior systems administrators have complete visibility of these monitoring systems insights and the associated end user’s identity. The sad fact being that they are the dependencies companies rely on to deploy, maintain and support these systems. In many cases these solutions lack the double blind privacy protection that means an employee’s activities can be viewed by any number of people.

So as your organization gets its monitoring policies written or updated and before you commit to that licensing agreement for monitoring software, ask the question.