back to article Psst. Need some spy-on-employees tech? Ask Oriium

Yorkshire-based "IT solutions" firm Oriium was hawking its CX:inSync spy-on-your-employees platform at ITExpo Europe today. Its cx:inSync product is sold as an endpoint device management solution. Its big selling point is the ability for network admins to implement deduplicated backups of end-user devices. Bundled with that …

  1. simmondp

    The usual "credit card" string

    Every vendor in the spaces used Credit Card strings and they are really simple and unique format, and thus easily defined.

    The trick is finding all that "other stuff", so every time with catch someone doing something bad then in retrospect we write another string search......

    Else you let your IT and/or security team go trawling for anything suspicious. [and that's so good for employee moral].

    1. Anonymous Coward
      Anonymous Coward

      Re: The usual "credit card" string

      How well does this work if the employee installs a virtual machine running, say OpenBSD, with an encrypted file system and a VPN tunnel to a remote server? Asking for a *cough* friend.

      1. K

        Re: The usual "credit card" string

        "installs a virtual machine running, say OpenBSD"

        If a company is following a good "whitelisting" based practise, this wouldn't be possible. As not only would you be restricted from creating the VM, but also all outbound traffic filtered, so VPN tunnels are only allowed from approved sources..

      2. Number6

        Re: The usual "credit card" string

        No idea how well the security measures work against it, but the VM with the VPN works quite nicely. It also helps that if you want to go browsing patents or competition websites, it's not immediately obviously your employer's IP address, which can be enough to trigger a lawsuit if they've got a trigger-happy lawyer in need of a new yacht.

    2. Justicesays

      Re: The usual "credit card" string

      "Every vendor in the spaces used Credit Card strings and they are really simple and unique format, and thus easily defined"

      Sure,

      That's any number between 13 and 19 digits long then, with maybe some other characters in there dividing them into groups.

      Hey, my phone number is 14 digits long in international format...

      As the saying goes "now you have two problems"

    3. Doctor Syntax Silver badge

      Re: The usual "credit card" string

      "Every vendor in the spaces used Credit Card strings and they are really simple and unique format, and thus easily defined."

      But not once you've encrypted the file. I'm assuming the system will unzip zipped files - if not that would be equally effective.

  2. Number6

    Before installing any employer-related app on my phone I read the Ts&Cs. The Outlook app requires permission to do a factory wipe on the phone, and even though I was assured by the employer at the time that they'd never do that, I refused to install it on my personal phone. OK, I lose some functionality (although it turned out that I could have IMAP access to my email without any strings) but if it's important then they can provide the phone.

    My device, my rules. If you want your rules then supply the device.

    1. wyatt

      Agreed! Their device is their device, they can do what they want to it and monitor what they want. Mine however is different, I don't have my work email on it as I'm not in work when I'm generally using it. Only thing I have sync'd is my calendar and provisioning is off..

    2. P. Lee Silver badge

      >My device, my rules.

      Exactly, but sometimes you can afford to be flexible.

      For example, I run Windows in a VM over Linux on my laptop.

      It costs me, ahem, nothing to clone that VM and integrate it into a customer's network. As long as I don't bring up two clones simultaneously, it works fine. At the end of a contract, the VM can be wiped or archived.

      The basic problem is that to be very secure you have to hobble your business. You are then into a "risk" vs "actual revenue loss / increased cost" situation. Which path you take will depend on what type of employer you are and what kind of data you deal with. Financial call-centres will take one path, infrastructure transformation consultancies will take another.

  3. apolodoro

    Straight out of the BOFH toolkit

    This sounds like the sort of user re-education tool that the BOFH would use. All it needs now is a way to edit a user's mail and browser history.

  4. Anonymous Coward
    Anonymous Coward

    for companies that don't trust any of their employees an inch

    They must at least trust their IT staff. Giving them the means to easily scan an employers files seems crazy, I hope the auditing is up to spec, I've seen several cases of people being harassing and even stalking of female employees, it unfortunately happens when a good percentage of technical staff fall into the stereotypical geek profile.

  5. Christoph

    We found the details of one of our customers on your phone and you don't work in sales or support so you must have been taking our customer files unauthorised. So we wiped your phone clean.

    But that's my wife's work address!

    Oops. Tough luck, too late.

    1. JLV
      Joke

      To: C.

      From: HR

      As per our company's ethics policy we strongly discourage non-work related fraternization with our customers' employees.

      We have retained the services of the law firm of Hobbs & Charnsworth to assist you in your divorce proceedings.

  6. Frank N. Stein

    No

    No BYOD for me. They deploy a device to me, it will only be used for work. Nothing personal. I'm not installing anything from work to n my Money.

  7. Anonymous Coward
    Anonymous Coward

    Red flags all over the place.

    The moment I read "Bundled with that is the ability for network admins to see the location of devices such as smartphones and tablets and even remotely brick them." the red flags started flying like New Year's Eve party confetti as all the Ref's on the field screamed bloody murder. I may be using my device to assist in my work but you do NOT get to wipe it. You destroy my data & I'll return the favor by turning your network into a smoking, smouldering, slagged pile of molten glass & melting electronics.

    1. Neil Barnes Silver badge
      Mushroom

      Re: Red flags all over the place.

      " smoking, smouldering, slagged pile of molten glass"

      Seems a bit harsh. Just nuke it from orbit, it's the only way to be sure.

  8. Anonymous Coward
    Anonymous Coward

    You know, stuff that..

    I prefer to start with being selective with whom I employ. We have surveillance on most systems, but that's more set to prove compliance, so to prove that people do the RIGHT thing rather than scan for doing the wrong thing.

    I may have more exposure to attempts to liability charges if something goes wrong, but the atmosphere is much better if you start with a team that feels you trust them, which reduces the likelihood of that happen. In my experience, people seek to meet your expectations, so set them high and positive.

  9. jake Silver badge

    So, basically ...

    ... root access and a handful of perl scripts, then?

    Well, it works for me, anyway. Same results, near as I can tell ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021