Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

The dark side of DLP

A few words on the issues around DLP

There is no doubt that technology makes us more effective, engaged and productive workers. Technology also allows for flexibility in how, when, and where people work.

Best data loss prevention tools

Increasingly, employees are blurring the line between work and home in a way that benefits employers. In other words, the amount of work employees do at home has dramatically increased, not decreased.

However, instead of building a foundation of trust, employers are resorting to heavy-handed monitoring of employees' actions. According to the American Management Association, 66% of employers monitor Internet connections, 45% track keystrokes, and 43% review computer files. Increasingly the monitoring is automatic, with 73% of employers who monitor using automatic technology.

There are two primary arguments for Internet monitoring and tracking. The HR department uses monitoring to police and prevent employees from wasting time on the Internet. The data loss protection side protects sensitive information from leaving an organization without authorization.

The argument and necessity for security via data-leak protection is clear: blocking objectionable material is necessary. However, the argument for tracking of employee Internet use as an HR tool and metric of performance or productivity is problematic at best. At worst, it can backfire.

Monitoring creates a culture of distrust. In fact, if you cannot trust your employees' dedication and work ethic, how can you trust their quality of work, or customer interaction? This lack of trust also serves to stifle innovation, as it creates a rigid set of rules and guidelines. Most companies work hard to create a culture of innovation and creativity, and increased monitoring can stifle such a culture.

In fact, the most motivated employees are unlikely to need monitoring. They are already driven and dedicated to their job. Furthermore, employees who aren't are more likely to look for ways around monitoring. In fact, it seems pretty clear that a culture of monitoring will create structures and rules that penalize the most motivated, high-performing employees.

Trust is a two-way street, companies must trust employees, if they wish employees to be innovative, dedicated and aligned with corporate goals. Employees who still lack motivation and dedication clearly are not a good fit, and need to be let go.

In his book, "Good To Great", Jim Collins argues for getting "the right people on the bus." Specifically, Collins found that getting the wrong people off the bus (those who need to be disciplined – and monitored), and getting the right people on the bus (those who are self disciplined) is a key determinant in companies becoming great.

This ties directly into monitoring. The right people will be self-motivated and self disciplined, and not need monitoring. Data-leak protection can provide security against breaches, however when monitoring is used as a tool to examine every minute of work, we create a false metric of productivity and dedication.

Excessive monitoring as an HR practice creates a rigid, inflexible environment where employees are constantly looking over their shoulders, concerned about employer perception rather than actual innovation. The right employees are more productive when given flexibility and freedom.

Kass, is a systems administrator for the School of Education at Drake University, and a Public Administration Graduate Student at Drake University. He can be reached at ken.kass@drake.edu.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: DLP, Drake, LP
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: DLP
Latest Blog Posts
Whitepapers
  • Chapter 2: Protecting Enterprise VoIP Services
    The enterprise network is a complex system, and implementing VoIP brings a new level of complexity into the mix. In addition, security threats are real and many and assuring QoS delivery is a technical challenge. In deploying VoIP, you’re integrating voice technology with the critical data infrastructure. Building process and documentation controls into network operations provides the information about the corporate nervous system to manage a secure operating environment. You use this information to build a layered defense into the network. By gathering knowledge and applying it to defend the network in depth, you can deliver secure, reliable, available VoIP service across the enterprise.
    Learn more »
  • Case Study: HJ Heinz
    Heinz has trusted Sophos to protect its desktop users and email systems from malware and spam for many years. As part of its multi-tier approach to IT security, the company needed more robust protection against web-based threats and the use of unauthorised applications.
    Learn more »
  • Managing Trust - Data protection and compliance for financial services
    If it’s becoming something of a cliché that the financial services industry is one of the world’s most heavily regulated, that’s largely because it’s true. Data retention and archiving, authentication and authorisation, data loss prevention and privacy regulations compete with demands for transparency and accountability, while market imperatives calling for multiple service channels delivered over a broad spread of technologies add to the pressure. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources