Thursday Apr 25, 2024
Thursday Apr 25, 2024
Wednesday, 31 July 2013 00:00 - - {{hitsCtrl.values.hits}}
Povel: Yes, you will get an electronic alert when someone crosses the line, because the manager to go over to every department, every time someone crosses the line would not be possible. They need to solve this on a regular basis. It’s a motivational issue, which will also prevent boredom at work.
Angelo: Let’s say there is a company with 10,000 employees. And this software is going to generate data at a tremendous speed. Who in the organisation should be accessing this data, or have the time to do this? Should there be a team? CEOs don’t have time for this even though a CEO or COO might be the one who needs the info. Is there any organisation that has appointed a monitoring person?
Povel: Usually it is the manager from whom the electronic alert comes. So there is no person specific but the person who is responsible for the performance of that employee. So there is more trust between them than being checked at a higher position. As for a special team, I can’t imagine my company having a special surveillance team. So usually it’s the person who directs employees.
Angelo: In my book (‘Chat Republic’), I talk about how companies should upgrade to a more collaborative, trusting corporate culture, using Web 2.0 tools. Now we citizens and employees are so used to sharing information that organisations are becoming sort of communities of sharing, creators and ‘curators’ of content. We have become knowledge brokers – everybody is trading information. With or without management approval we have begun creating a trust economy. Within an organisation everybody is learning to trust each other. I use Wikipedia as an example. We don’t know anybody who wrote those articles but we sort of trust that it is the right thing. So how can Safetica create trust in an organisation rather than suspicion?
Marawan: Well it’s simple. It gives employees access. Some of our customers take productivity monitoring in a different manner. It’s not the managers who evaluate the data. It’s both the employees and the mangers.
Angelo: So the employees get to see the data? That’s interesting!
Marawan: Yes, it is transparent; employees can see their own data. They can see what they have done in the past week. They can think about the time they spent on work. This can be used to measure your own work. You can measure the time you have spent on different on line media. It can make you think about how you spend your work time, which makes it more effective. With this type of approach in monitoring I think we can build up trust. When your boss is monitoring you and when you know nothing about the software, the trust usually breaks.
Povel: Trust in a working environment is not really an issue, and does not come because of the presence or absence of any kind of software. Trust is to do with human relations. Every powerful tool is only as good as how you want to use it. So if some people can have some self-criticism (and many times I had a lot of discussions with my employees questioning why nobody has noticed how hard they work and why they are not rewarded), that’s the time you can pull data out of the system which will tell you very quickly if the person had spent his time productively during the last three weeks or not. Placing that data on the table will take care of the discussion. This gives the business owner the information he needs at the end of the day. Do you want to really pay people who have not put in their share of work? That’s the question.
Angelo: Let’s talk about leaks. What is there to stop an employee from crossing the line; does the software monitor every data stream on email, etc.?
Povel: Usually you have the DLP software, which prevents only data leakages the moment it happens. Safetica connects the monitoring with file activity. That means you can see that someone is uploading files, copying files or someone is opening or accessing a lot of files, which would be unusual. So you can monitor file activity.
Angelo: Is there any preventive method in this?
Povel: It is more of traffic. If there is a limit to transfer then… there is a difference in the purpose of restriction as opposed to protecting some intellectual property.
Marawan: There are companies that have limited bandwidth allocations form their ISBSs and a lot of people share this bandwidth; if you send and receive a lot of data and you are reserving a bigger space for yourself, other people have problems working and that’s why they have this bandwidth. If you have a regular sales person in an organisation and this person is sending price quotations to customers, and then suddenly in a certain week the software displays that this person is spending three four hours just uploading certain files, this can alert the IT manager of what is going on, and enable him to check why it’s happening. Safetica monitors and analyses data, drawing their attention to what is going wrong in the organisation.
Angelo: What about printouts and people offloading data to flash drives?
Povel: Let me come back to the last question. The traffic of the users could be a sign of a data breach. Safetica even alerts of suspicious activity, measured by the number of copies being uploaded. How Safetica works is that it is like a sand box, which doesn’t need the support of specific network protocol or specific device. You take data and you say that you want this data to be in one place, for instance to stay in a work station or in a file server and that you cannot bring it out or upload it, or you cannot copy paste it or you cannot even screen capture it… so the system basically covers the data from all the different points, even the printouts and flash disks everything.
Angelo: If I want to, for example, even for benign purposes, to print out a PDF and take it home to read, will it prevent me from doing that?
Povel: If the PDF is in a file that is prohibited for printing, then it will be prohibited. 97% of the breaches are unintentional. People just think that they need to work from home and I will send the file over there but on the way the file can get lost. I think there is a conflict between security and availability. You cannot have both at the same time; if you chose security you lose availability. There needs to be a balance between them.
Angelo: This is preventing inside out data breaches. What about breaches from outside? When you talk about productivity, does it make sure that people’s profiles and data cannot be compromised?
Povel: It doesn’t limit the protection of data, even if you connect from the outside as a hacker. Safetica is a unique kind of technology that even protects from malware like Trojan Horse from extracting data off the network. Even the methods used by hackers are useless compared to this engine of ours. Safetica is basically a root kit, going in deep with nothing on the side.
Angelo: Seems like calling it a ‘productivity tool’ is limiting it?
Povel: It is one of the purposes. The productivity measurement was added later. We started with DLP and found that all data leaks are connected with the employees who are leaving the company. The phase of the two or three months before an employee leaves a company is when it is most at risk for data leaks. This is also due to the fact that the last few months of leaving is the time of least productivity. So we want to predict even the risk of losing data or even losing the employee. It is not only about the data, it may not be only an issue of the employee; it could be something to do with the boss. Maybe he/she is not giving him the right tasks, so it is all connected.
Angelo: How long has this software been around?
Povel: Since 2006.
Angelo: If you can give us examples of which kind of organisations are using this?
Povel: We have financial institutes, industrial companies, we have telecom operators, we have even smaller companies like law offices, accounting companies using it. Safetica is made to meet the requirements of customers ranging from a few users to several hundreds of users. Telecom Malaysia, Coca-Cola are some of them.
Angelo: If you want to tell that this hypothetical ad agency who does not want their staff to be on Facebook but want them to use Facebook for clients, what would your pitch to them be?
Povel: They need to have their reasons but I can tell them that technically it could be done. They can allow them to be on Facebook but at the same time prohibit copying data to Facebook or copying and pasting data. So that the same time you can have Facebook and your data protected.
