Insider risk management can be tricky for any company, but for a multi-national organization with a highly distributed workforce, the challenges are exacerbated. The ability to understand employee behavior is key to proactive insider risk mitigation, but far too often, employee monitoring solutions are intrusive and have significant implications for employee privacy. Companies operating in multiple geographies also must contend with disparate international laws and regulations related to monitoring computer activities in the workplace. Striking a balance that can effectively mitigate insider risk while ensuring the privacy of employees across the globe is critical.
One technology company in the Fortune 500 with 30,000 employees and contractors across Europe, APAC and the Americas was trying to achieve this balance. This enterprise was looking to improve visibility of remote worker activity and limit workforce security risks without compromising employee privacy. Key requirements for their insider risk management program included:
- The ability to implement a GDPR and CCPA compliant monitoring system to detect and mitigate insider risks in a remote working environment
- Providing full visibility of global enterprise workforce activities while minimizing the collection of data.
The technology company undertook an exhaustive vendor selection process to find a provider that would enable them to achieve both proactive insider risk mitigation and employee privacy. After shortlisting three insider risk management vendors (DTEX, Forcepoint and Proofpoint), the company asked all three to demonstrate a proof of concept (POC) by deploying across hundreds of user endpoints and several servers in production, where data collection was enabled for 30 days across all devices. The company observed the vendors’ ability to meet their requirements for privacy, functionality, scalability, and impact.
Following the POC, it became clear that DTEX was the only solution provider able to meet stringent international privacy requirements while still demonstrating the capability to effectively mitigate insider risk at global enterprise scale. Thanks to DTEX’s Privacy-by-Design approach and patented anonymization technique, the DTEX InTERCEPT platform was approved for deployment by regulatory bodies, works councils and unions across all relevant operating countries, including USA, UK, Germany, Netherlands, India, China, Japan, Singapore, Brazil, and Australia. DTEX concluded a global roll-out in three months, with the cloud architecture fully supporting compliance with data-sovereignty requirements.
The company’s Chief Information Officer offered the following comment:
We evaluated three solutions against nineteen weighted success criteria, with scalability and employee-privacy as absolute must-have capabilities. DTEX was the only solution that could meet the mandatory privacy and scale requirements that are mission-critical for our global operations.
Privacy by design is a top priority for us at DTEX. It’s why we’ve taken painstaking efforts to design solutions that put remote workforces first. We allow organizations to learn from their workforce by anonymizing an employee’s physical interactions with organizational assets – such as data, machines, applications, and people – and aggregating these interactions across the entire business to then perform analysis to understand engagement levels without compromising privacy.