What are your expectations or your thoughts when it comes to having a discussion about user device tracking technology? Have you really given it much thought or had a good conversation recently? For as long as I have been working in IT and have been given a company computer or other technology asset to use, I pretty much have given the expectation that this computer, laptop, phone or any company device, belongs solely to the company and as such the company has the right to be able to have total control of those devices as well as the final say on how those devices are used. That would be a fair assessment? Don’t you see some similar type verbiage that can be found in most company’s onboarding paperwork?
I am pretty sure that most of you that are reading this post might be involved with the administration of user devices and I am also willing to bet that a good portion of you might actually be handling that task of utilizing SolarWinds own User Device Tracker software (UDT). Before I really express some of my thoughts in the attempt to provoke a riveting conversation, I want to be clear in that I believe that software like this is a must for corporations to be able to manage and protect their technology assets and the company infrastructure from unauthorized access from stolen or disgruntled device or person.
But hold on for a second, what about outside the corporate network? Isn’t there just as much of a need to maintain, be able to control, as well as track those corporate devices once it leaves the safety and comfort of the company infrastructure? While giving that some thought, one of the first scenarios that flashed into my mind is something that is the type of scenario that has already been played out and gotten great press coverage multiple times already. I know you have all heard about or read about these different kinds’ stories where someone loses or gets their device stolen along the way. In most cases like this, it is not the loss of the device that is the most important, but rather the data that was stored on it. Private company documents on future products, company business strategies or yet, one of my personal favorites, a database of customer account information or even better yet, private patient medical information. Security protocols should in place to encrypt this data as well as have multiple type authentication mechanisms in place to secure that data, but I digress and will leave that topic for another discussion. Let’s be honest in that no matter how much security is preached, not all companies go to such lengths to protect their devices and data. The ability to have some kind of a nuclear option to wipe these devices when needed can be a life or job saver. Can you really put a price on not having bad press and a loss in customer confidence?
Those are some pretty profound use case scenarios that can help easily justify the need for tracking and control of the devices both in and out of the datacenter, but there is an old saying that immediately comes to mind. Even the most honest and justified intentions will tend to have unforeseen unintended consequences that come with it. Case in point, using SolarWinds User Device Tracker as an example, this software has the ability to not only track down devices either by its IP or MAC address, but a search can also be done on a user logon account itself. There are multiple scenarios that can be easily argued for the need to be able to search for a specific user, but I present to you the thought that this function easily changes the topic of this conversation from user device tracking to just user tracking? Circling back to a point I made earlier, when at the company’s place of business and utilizing company resources this idea of device tracking and monitoring should be fully well understood and expected.
Now, what about outside of the company’s place of business? Do you feel that the justification to manage and protect company’s physical resources extends to both inside and outside of the corporate offices? Is there a line that should be drawn in regards to tracking devices and in all other practical terms, tracking the users or employees, if you will, once they leave the office? There lies an interesting question and as you develop your answer to that question, lets expand the parameters to include not only corporate devices but let’s also add non corporate assets that are commonly known as Bring Your Own Device (BYOD). Does that change your answer at all? Hold on to that thought and join me next time to contemplate tracking the BYOD.