- Combating industrial sabotage
- Ensuring the productive use of Internet and computer facilities
- Monitoring mobile users with laptops
- Securing sensitive corporate information
- Preventing use of company machines for storing personal images and videos
- Prevent use of company time by R&D members for playing games
- Measuring the effectiveness of their central blocking system to prevent access to unproductive sites
With 25,000 employees, the company faced various challenges in monitoring and securing their desktop and network environment, ranging from productive use of facilities to securing corporate information. To secure their networks, the company deployed Websense security, to monitor and block unwanted material at a global level, and Trend Micro Anti-virus on the endpoint devices. However, this approach was proving insufficient in solving the issues. With respect to information security, the company had installed Symantec DLP for certain departments but its complexity and price were major inhibitors in a mass rollout. Furthermore, Symantec DLP had no ability to control the information being sent over social media sites such as Facebook or online chat applications such as Gtalk. Consequently, the majority of their endpoint devices were mostly unguarded and the company constantly received reports of people are using 3G modems, proxies, etc. to bypass Websense. The issues were further multiplied when the company implemented a ‘bring your own device’ policy with more and more staff bringing their own laptops and the company had no means of identifying what employees did with the company’s data once they had left the office.
As a leading equipment manufacturer, the company has a substantial R&D department whose staff members needed to be given admin rights. These rights meant they could install whatever applications they like. In many instances, the company discovered employees had installed games and other non-productive applications but faced an uphill battle in locating these software applications, and in the absence of an audit trail, identifying who installed them, as employees simply denied they were responsible.
More importantly, the company had recently become a victim of industrial sabotage, the source of which it was unable to trace. The company produced HDDs at its factory, with the resulting products being rigorously tested against a range of parameters to ensure their quality prior to their release. The test results of random batches of HDDs were being manually altered so that faulty HDDs were released onto the market, damaging the company’s reputation.