CIOZone.com – Wal-Mart šnipinėjimas: gerai, blogai ar tai tik artima ateitis?

Darbuotojų kontrolė arba, kitaip tariant, sekimas įvairiose kompanijose nėra nei naujiena nei kažkas tokio išskirtinio, tačiau straipsnyje pateikti faktai tiesiog gali priblokšti. Stačiai neįtikėtina ko gali imtis didžiosios korporacijos, kokios pajėgos ir resursai gali būti tam naudojami. Kalba eina ne tik apie savo darbuotojų sekimą, bet ir pirkėjų, partnerių, žurnalistų, t.y visų, kurie tik kada nors turėjo sąlyti su šia korporacija. Tokių monitoringo duomenų kiekis taip pat nerealus.

"At a gathering of security specialists in New York City in January of 2006, David Harrison, the former Army military intelligence officer who was hired by Senser to head Wal-Mart’s analytical security research center, provided a rare glimpse into the company’s monitoring operations. Harrison told the gathering Wal-Mart faces a wide range of threats: "A bombing in China, an armed robbery in Brazil, an armed robbery in Las Vegas, another bomb threat, and that was just yesterday," Harrison said.

To safeguard its employees and operations Wal-Mart has tapped its massive data warehouse of information, now believed to be larger than 4 petabytes (4,000 terabytes), to look for potential threats. It tracks customers who buy propane tanks, for example, or anyone who has fraudulently cashed a check, or anyone making bulk purchases of pre-paid cell phones, which could be tied to criminal activities. "If you try to buy more than three cell phones at one time, it will be tracked," he reportedly told the audience."

"Gabbard, the Wal-Mart employee fired for recording reporters’ phone calls, said in his interview with The Wall Street Journal that Wal-Mart uses software from Raytheon Oakley Networks to monitor activity on its network. The Oakley product was originally developed for the U.S. Department of Defense.

The Oakley software is so sophisticated it can allow administrators to visually see what types of information are moving across the network, from Excel spreadsheets to job searches on Monster.com, or photos with flesh tones that might indicate a user is viewing pornography."

Baugina ir kitas dalykas. Reikalas tame, kad tokiems darbams pritraukiami vyriausybinių struktūrų darbuotojai, kaip spec. tarnybų specialistai ir agentai bei policijos darbuotojai.

Bet straipsnis ne tik apie šios korporacijos "pomėgius", bet jame nagrinėjamas klausimas o kaip tai turėtų būti daroma (niekas nesiginčija, kad kompanijos vienaip ar kitaip saugodamos savo informaciją, kontroliuoja savo darbuotojus): ar viešai, t.y informuojant apie tai suinteresuotus asmenis ir paaiškinant kodėl tai daroma, ar slaptai, niekam nieko nesakant.

"But in 2008 CIOs will be increasingly drawn into discussions about who should be in charge of monitoring employees, what software tools should be deployed to protect corporate resources, and which electronic activities corporations should or shouldn’t watch. "There used to be an argument over whether we should be doing this at all," says Alan Paller, director of research at the SANS Institute, an industry-sponsored research group and computer security training body. "It rarely comes up as an issue any more."

David Zweig, an associate professor of organizational behavior with the Rotman School of Management at the University of Toronto who has written books on the issue of workplace monitoring, says that it is now believed close to 75% of employers have some form of electronic monitoring in the workplace.

Zweig is not against monitoring. He believes in today’s environment, where companies face a wide range of internal and external threats, some levels of monitoring are necessary. However, he believes the monitoring should be in relation to the risk, and that companies need to do more to inform employees exactly how they are being monitored and why. "If you give people a rational explanation for monitoring, they will at least see why the company is doing it," he says. "But you should be open and inform them exactly how it’s being done and what controls are in place.

"It’s easy to monitor—it’s much more difficult to develop proper controls and processes," he says.

Ira Winkler, president of Internet Security Advisors Group of Baltimore, Md., and author of books such as "Spies Among Us" and "Zen and the Art of Information Security," doesn’t believe in coddling employees with lengthy disclosures and explanations for why monitoring is taking place. "Get over it. Companies need to protect themselves," says Winkler. "The fact is nobody should have any expectations of privacy when they’re using the company’s computers."

In fact, Winkler advocates companies apply a blanket approach to security and use of the Internet in particular. Simply tell employees or suppliers accessing a corporation’s network, they are being monitored and non-approved activities will not be tolerated. End of story.

Is that fair? "I think it’s totally fair," he says. "If I want to go shop on eBay or download porn on a company computer, that’s my stupidity, not the company’s," he says."

Šiaip jau man labiau priimtinas pirmasis variantas, nors patirtis rodo, kad net ir informuoti apie monitoringą darbuotojai yra linkę pažeisti ar apeiti nustatytas taisykles. Tačiau kur yra tas "aukso viduriukas", kad būtų apsaugoti ir kompanijų interesai ir darbuotoju ar kitų žmonių privatumas – tai, ko gero, sunkiai sprendžiama problema.

Straipsnį tikrai rekomenduoju perskaityti visiems, net ir tiems, kurie laiko save nesusijusiais su IT.

CIOZone.com – Professional Social Network for CIOs – Wal-Mart Spying: Good, Bad, Or Just The Wave Of The Future?

Technorati žymės: {žymių grupė},,,,

Šis įrašas paskelbtas kategorijoje Computers and Internet. Išsaugokite jo nuorodą.