Nowadays it’s common knowledge that when you log onto a corporate network that your activities can and will be monitored. Technology has created new possibilities for human interaction and monitoring employees has become a necessity in order to maintain legal, regulatory, security and performance. A written code of ethics and providing the training will help employees understand what is expected.
The organization must adapt the features in technology to suit their community, norms, and culture of the organizations while still meeting any legal requirements under the law. Some sectors have a requirement to provide a continuous monitoring systems that is constantly monitoring the corporate network. So an “it depends” answer would have to apply to the question of the best method of obtaining the proper permissions to monitor user actions.
Monitoring user actions of employees’ behavior will continue to be a controversial topic. To ensure the buy-in from the employees then every level of management and non-management employees must understand the ethical implications of the decision to monitor as it relates to their personal and professional values.
The resounding threats that are present throughout an organization requires that it be monitored properly to ensure that the capabilities are the to ensure the bad guys are not getting access to corporate information.
I’m not a security professional by trade, but I definitely understand the challenges that the security personnel are concerned with so I can identify. So I think this makes me a better architect by understanding the key areas in which a system gets deployed.