Tracking users across the file system landscape

This topic was created by Chris Mellor 1 .

  1. Chris Mellor 1

    Tracking users across the file system landscape

    Is it naive to think that users' file system accesses should not be tracked by business' IT systems in order to safeguard business' confidential information? I find the idea abhorrent, like the existence and activities of the US TSA, but have come round to thinking that's a naive view.

    As business should track its staff's file system accesses because their are rotten apples, either through mistakes or malice, in most organisations and they can damage everybody else's interests. Trust, but verify.

    1. jake Silver badge

      Re: Tracking users across the file system landscape

      Wrong way of looking at it, Chris. Instead, one should only give users access to the bits of the file system that they actually need in order to do their job. We are talking business systems, not toys, right?

    2. gjtgj

      Re: Tracking users across the file system landscape

      Why do I get RunDll error message 'file xzbjgmzz.dll not found' at evey start up of my laptop?

      1. jake Silver badge

        Re: Tracking users across the file system landscape

        Simple, gjtgj. It's because you installed unapproved, untested code on corporate equipment. You are fired. Please follow the nice security guard to HR to do some exit paperwork.

        Have a nice day :-)

  2. Anonymous Coward
    Anonymous Coward

    Users cannot be trusted, it's human nature to take the piss, so they do (MPs expenses, Mark Hurd etc).

    There are cultural differences to, where Indian Employees given a company laptop take it home and "share" it with the family, and little Brother starts using it for torrents.

    Enterprise-level permissions modelling is a nightmare, account dormancy processes are left until last because it's not a "broken thing" under ITIL, so it's lower down the priority list. Often the Business will not understand security modelling of their data because they want it simple and non-restrictive (like capacity management...), and with enterprise request processes as they are.....business tries to KISS it. Users cannot be trusted, because IT over-complicates.

    1. Anonymous Coward
      Anonymous Coward

      Not exclusive to Indians

      Have you ever worked in a school?

      1. Hellness
        Happy

        Re: Not exclusive to Indians

        i think he is

  3. Anonymous Coward
    Anonymous Coward

    Maybe

    Just read the DatAnywhere article and I'm of the mind that users should expect that this sort of tracking can take place, but lets get rid of the bullshit terms. The article says "It's not snitch and snoop: it's trust, but verify". I think that's bollocks - there is no trust in such a setup.

    It's less offensive to be honest and tell your staff "sure we'd love to trust you, but we can't ...". And especially less offensive if the technology is applied to all users, regardless of position in the company.

  4. Destroy All Monsters Silver badge
    Flame

    "Like the TSA, the facility wouldn't exist if it weren't necessary."

    I really would like to not have the TSA considered "necessary". Political theatre to provide cushy jobs to well-connected players, shift taxpayer money to services We Don't Need, shorten the dole queue and keep the population aware of the fact that Big State can finger your rectum before inviting you to a visit to a political prison. Sure. But necessary or even useful? No.

  5. Bob726

    Today you have to be a large company or government to warrant having "confidential information." For the rest of us, our data can be mined at will for the most part.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon