Computer Equipment Manufacturer
- Combating industrial sabotage
- Ensuring the productive use of Internet and computer facilities
- Monitoring mobile users with laptops
- Securing sensitive corporate information
- Preventing use of company machines for storing personal images and videos
- Prevent use of company time by R&D members for playing games
- Measuring the effectiveness of their central blocking system to prevent access to unproductive sites
With 25,000 employees, the company faced various challenges in monitoring and securing their desktop and network environment, ranging from productive use of facilities to securing corporate information. To secure their networks, the company deployed Websense security, to monitor and block unwanted material at a global level, and Trend Micro Anti-virus on the endpoint devices. However, this approach was proving insufficient in solving the issues. With respect to information security, the company had installed Symantec DLP for certain departments but its complexity and price were major inhibitors in a mass rollout. Furthermore, Symantec DLP had no ability to control the information being sent over social media sites such as Facebook or online chat applications such as Gtalk. Consequently, the majority of their endpoint devices were mostly unguarded and the company constantly received reports of people are using 3G modems, proxies, etc. to bypass Websense. The issues were further multiplied when the company implemented a ‘bring your own device’ policy with more and more staff bringing their own laptops and the company had no means of identifying what employees did with the company’s data once they had left the office.
As a leading equipment manufacturer, the company has a substantial R&D department whose staff members needed to be given admin rights. These rights meant they could install whatever applications they like. In many instances, the company discovered employees had installed games and other non-productive applications but faced an uphill battle in locating these software applications, and in the absence of an audit trail, identifying who installed them, as employees simply denied they were -responsible.
More importantly, the company had recently become a victim of industrial sabotage, the source of which it was unable to trace. The company produced HDDs at its factory, with the resulting products being rigorously tested against a range of parameters to ensure their quality prior to their release. The test results of random batches of HDDs were being manually altered so that faulty HDDs were released onto the market, damaging the company’s reputation.
The Solution: e-Safe Compliance
The company evaluated e-safe Compliance and found it increased visibility of employee IT activity and provided solutions to their issues in the following ways:
- By setting DLP rules to monitor documents containing test results, the company was able to track who was changing the test results and most importantly what those changes were, allowing it to find the insiders responsible for the industrial sabotage.
- e-Safe Compliance gave the company the ability to monitor communications and documents, not only in desktop machines, but also on laptops. Even if the laptops were to be removed from the office premises (network), e-Safe Compliance is still able to monitor and report on any infringements.
- e-Safe Compliance provided a complete audit trail of sensitive information being discussed over online media and sensitive documents being copied onto thumb drives.
- The application usage reports from e-Safe Compliance gave the auditors clear evidence against the staff who were playing games and spending time on unproductive applications. All employees were informed that they were to be monitored and as a result, non-work -related and unproductive activities have ceased.
- By using e-Safe Compliance’s Software Audit and Application Monitoring facilities, the company was able to block unauthorised applications.
- With e-Safe Compliance’s advanced porn detection technology, the company was able to identify staff who were responsible for storing and accessing pornographic material on both their machines and on the server shared drives.
- The company no longer has to worry about employees connecting to the Internet using non-corporate network sources such as 3G modems or external Wi-Fi networks, as they are now constantly being monitored by e-Safe Compliance.
- e-Safe Compliance has assisted the company in analysing their Internet utilisation. The greater part of their Internet activity was found to be unproductive. Using Websense, the company could only view the number of hits on URL’s but had no idea how much time was spent on these websites. Furthermore, it was difficult to identify who was responsible for the activity. By using e-safe Compliance, they are now able to obtain reports on time spent on unproductive Internet websites at various organisational levels such as by overall company, department or individual user. This has enabled the company to manage employees more effectively and raise productivity.