Problem Overview

The New Challenges In Implementing An Organization’s IT Policy

Every organization has rules for their employees for their use of IT resources. These rules are implemented in the form of Acceptable Use Policies or IT policies. These policies can be summarized under the following 3 areas:

Productive use of IT resources
In today’s dynamic business environment, an organization must stay competitive by investing on high performance IT infrastructure.This area ensures the workforce is maximizing the IT resources to generate the best ROI for the organizations.

Information Security
Over the past 10 years, information breach incidents have increased dramatically. It is vital for organizations to develop an effective security policy to ensure their confidential and sensitive data are well-protected to avoid internal and external security breach.

Responsible use of IT resources
This area outlines the expectations for responsible use and the access to IT resources. Individuals with certain responsibilities and privileges to access related IT resources may be revoked due to violations. It ensures the IT resources are supporting organization’s mission and value.

However to date the existing solutions mostly focus on corporate compliance by concentrating on the server or network level. The end point machines are mostly left unmonitored. With rapid changes in the field of IT this approach is fast becoming insufficient in implementing the company’s desired objectives. Below are some of the new challenges faced by companies in this regard:

  • +The Facebook and The Social Media Phenomenon

    Facebook and similar social media applications and websites are a wonderful medium for sharing ideas and to monitor customer feedback. However left unmonitored they are a major source of productivity loss and hence lost profit.

    What most companies’ are forced to do is to block them via firewall and other server side solutions; however with the presence of thousands of proxy sites it is really easy for staff to bypass these server side solutions. Further by blocking the company has no means of taking advantage of these powerful customer relationship management tools. The only effective way of handling this problem would be to have a tool that can monitor what people do on Facebook, other social media websites and applications and report if they are wasting time or they are doing company’s work.

    Question:

    How can you effectively monitor what your staff is doing on Facebook and other social media applications and websites without blocking them?

  • +Advent of Mobility – Information Is No Longer Bound To The Corporate Network

    More and more companies’ are opting to give their staff laptops. However this strategy in turn has caused a serious information risk to the company as the traditional means of blocking unproductive websites via server side solutions fail when the laptop is not hooked on to the corporate network. Companies nowadays are faced with the dilemma of how to monitor and secure these mobile devices when they are not connected to the corporate network. For example a sales staff having a laptop might be sitting in a coffee shop the whole day and giving out confidential corporate information over Facebook without anybody knowing about it. Further, with the advent of 3G, 4G and other wireless internet services company staff can use these devices to connect to the internet hence bypassing the corporate network totally.

    Question:
    1. How to effectively monitor laptops even when they are not in the corporate network so that they follow the company’s IT policy and do not become sources of information breach?

    2.How to monitor the internet on company’s PCs irrespective of how staff connect to the internet?

  • +Lack of Control Over Non-Internet Based Media and Monitoring Offline Information

    The flow of information is not only restricted to the internet. There is a huge amount of information which flows via offline means such as accessing unauthorized information over the network and saving sensitive information into offline storage mediums such as thumb drives, DVDs,LAN etc. Apart from sensitive information this can also contain unproductive things such as movies, games, music, images etc which have been downloaded using the company’s internet connection. The existing server side solutions are obsolete against this trend. Further they are not even able to locate if such unproductive information is present in any particular machine or if it was accessed during working hours. Companies’ try to manage this by blocking all forms of thumb drives and CD Drives but this in turn means a simple and effective means of data transfer is lost to the company.

    Question:

    1. How to effectively monitor laptops even when they are not in the corporate network so that they follow the company’s IT policy and do not become sources of information breach?

    2. How to monitor the internet on the company’s PCs irrespective of how staff connect to the internet?

  • +The Information Security Threat From Internal Company’s staff

    A company can often detect or control when an outsider (non-employee) tries to access company data either physically or electronically, and can mitigate the threat of an outsider stealing company property. However, the thief who is harder to detect and who could cause the most damage is the insider—the employee with legitimate access. That insider may steal solely for personal gain, or that insider may be a “spy”—someone who is stealing company information or products in order to benefit another organization or country. – FBI

    Question:

    How to effectively monitor internal company’s staff from deliberately stealing company confidential data?

  • +Hardware, Software And Network Abuse

    Companies’ need to perform regular audits of their hardware, software and network to make sure they are not being used for unproductive activities and are line with company’s policies.

    Question:

    1. Is all the hardware accounted for?

    2. Are all machines installed with only licensed software?

    3. Are people having games installed in their machines?

    4. Locating where the licenses of particular software is installed?

    5. Locating from which machine and user the huge of amount network traffic is originating?

  • +Existing Solutions Are NOT ENOUGH

    – Gateway solutions, firewall solutions, intrusion detection solutions, etc are like the walls of a fortress which only focus on securing against outside threats such as hacking, sniffing etc.

    – Only monitor the companies’ internet connection hence they cannot determine staff’s productivity.

    – Limited defense against encrypted and coded data.

Login

Password Reset
Please enter your registered e-mail address for ZEBRAGUARD Partner Portal. You will receive a new password via e-mail.