The Paper illustrates the need for monitor information flow in IT systems (Especially network), and the challenges today's supervisors face when the needs is required to be satisfied. Paramount in this discussion is the trend of growing needs of internal auditing and correspondent solutions.
Along with Information Technology spreading over Corporations and different Organizations through the entire world, the information flow then became one of the most key flows in enterprises as Logistics and work flow is.
The Demand
Behavior Management
Internal abuse is one of the most common problem the IT system faces. The IT infrastructure grows stronger and stronger along with the development of hardware technology like ASIC, multi-core, FPGA. Does that mean the IT resource is tending to be infinite? We shall never worry about slow network connectivity? While we have a 10Gigabits connection there, is QoS from now on merely a joke cause we have infinite bandwidth that can never be exhausted?
The answer is no. The users are greed. What they want pullulates as fast as the hardware technology does. Just like the history of Operation Systems, what kind of hardware platform there is, and also there must be corresponding software running over it - how many infrastructural resources there is, how much the needs from users will be.
Users can never be satisfied by pure technology. And on the other side, this is also why technology evolves continuously - there are endless demands from users.
Therefore, management against network abuse is absolutely necessary.
An auditable monitoring system would be a good control over your IT resources. It does not only protect vital applications like VoIP meetings from negative impact conducted by internal abuse, but also improve productivity by constraining users' private use of network.
There is a list which provides the most common needs of different companies. These needs are direct and specific:
It is easy to figure out the demand for secure sensitive data.
However, this is no technology can be used to identify whether a stream of data is sensitive or not, no mention protect the data from disclosure.
A better and practical way to confront the challenge is to make the information flow auditable in your IT system and with a proper regulation/policy/law, can hold up the disclosure and make people think twice.
Nowadays, enterprises, especially IT business companies, are highly concentrated on anti-spyware (Refer CSI Computer Crime & Security Survey). We can surely infer the need of securing private information/data.
The research of InformationWeek Analytic 2009 said the motive for monitor - "detecting potential leakage of sensitive data", grows from 42% (2008) to 53% (2009). The trends told us how much they care about protecting sensitive data.
And the information flows in IT systems are mostly in two forms:
The storage media like hard disks, tapes, Flash can be well controlled in the physical level thus any access to such information is static, explicit and auditable.
Since the network is designed to share information at the first place, it was build up with high accessibility - the path/route exists logically and dynamically, and the information flow can hardly be tracked of.
The network part is illusory for its flexibility. To track the information flow running in it would not be an easy work.
But it is lucky that the application for data delivering through network is commonly monitorable - Email, MSN, WEB download, FTP.
Colasoft Capsa is a product which provides multiple modules to monitor the commonly used network applications:
It enables the supervisors to monitor all SMTP/POP3 based email traffics. The email message can be reconstructed and the context inside is then readable. The attachment sent with the email can be copied and saved in specified directory on your hard disk.
This would allow Capsa to record every http request in the traffic. While if you had SPAN configured to monitor the out-bound traffic to internet, you will be able to inspect the internal Web browsing activities.
DNS request and response will be record for reference. It is also useful in web behavior monitor. And also important in accidentally connection establish like Trojans.
Colasoft Capsa provides visibility to information flows in your IT systems and accountability for surveillance.