Employee Web-use Monitoring at BNSF Railway



Similar documents
Safeguard Your Remote Employees With CyBlock Hybrid

Prioritize Network Traffic With Bandwidth Management

Filtering and Identifying Web Activity by User Name

Managing Web Application Authentication Problems

White Paper. Increasing Productivity in the Workplace

How ethical are you? Do you know everything employee

The importance of an Acceptable Use Policy

White Paper. Internet Monitoring Versus Web Filtering

Employee Internet Usage February 15, 2007

Sample Employee Network and Internet Usage and Monitoring Policy

Whitepaper: Understanding Web Filtering Technologies ABSTRACT

6 Uncommon Ways to Create Breakthrough Value With Management Within and Beyond the Contact Center

Bates Technical College. Information Technology Acceptable Use Policy

WhitePaper. The Business Value of Call Accounting Software How Call Accounting Helps Reduce Telecom Expenses and Improve Productivity

DIOCESE OF DALLAS. Computer Internet Policy

Technological Considerations

Executive Summary. The Problem

Filling the Threat Management Gateway Void with F5

The Business Value of Call Accounting

ACEYUS REPORTING. Aceyus Intelligence Executive Summary

How To Use A College Computer System Safely

Basic Provisions of California s AB 1825

We help companies operate responsibly and sustainably, grow with a clear understanding of strategic risk and

So, he smirks I guess that means you don t want to know who has choice words to describe you, either. The CEO shakes her head.

Information Technology Security Awareness Training. MIS Department

KNOW YOUR THIRD PARTY

Protect your business. with web security ControlNow TM Whitepaper

Lutheran Education Association of Houston Acceptable Use Policy (Students)

Web Protection for Your Business, Customers and Data

Capturing Barracuda Web Filter Activity in Reports

How To Keep Your Employees Focused On Work

Wavecrest Certificate

A White Paper From Burstek Serious Internet Security Software. Serious Internet Security Software A White Paper

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

HIPAA Awareness Training

Choosing IT Service Management Software

b. Harm to minors. Using the Services to harm, or attempt to harm, minors in any way.

NFORMATION ONTROL OUR BLOOMBERG VAULT. An Enterprise Solutions Offering

SOCIAL MEDIA SECURITY POLICIES: GUIDELINES FOR ORGANIZATIONS

SECURITY THROUGH PROCESS MANAGEMENT

Delaware State University Policy

Effective Date: Oct. 27,

White Paper. Advantages of Company-wide Monitoring over Focused Employee Investigations

Why Buy GoldMine Premium Edition 9.2?

SharePoint Case. Management System. Technical White Paper. Build strong customer relationship with robust and inventively designed Ticketing Tool

A Successful SharePoint Migration: Best Practices Before, During and After Your Migration

Burst Technology. bt-webfilter User Guide

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

INTERNET USAGE REVIEW

Internet usage Policy

U.S. Chemical Safety and Hazard Investigation Board

Leveraging security from the cloud

DICTATION & TRANSCRIPTION. INFO@DOLBEY.com

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

White paper: Unlocking the potential of load testing to maximise ROI and reduce risk.

White Paper: The Seven Elements of an Effective Compliance and Ethics Program

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

How can Identity and Access Management help me to improve compliance and drive business performance?

A Case Study in Integrated Quality Assurance for Performance Management Systems

Evaluating Your Network Security in. 3 Simple Steps

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

Online Transaction Processing in SQL Server 2008

Odessa College Use of Computer Resources Policy Policy Date: November 2010

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

STATISTICA Solutions for Financial Risk Management Management and Validated Compliance Solutions for the Banking Industry (Basel II)

Enterprise Service Bus 101

The problem with privileged users: What you don t know can hurt you

CREATING AN EFFECTIVE SUPPORT PLAN FOR BYOD: A BEST PRACTICE GUIDE

Cisco Security Image Analysis: Protecting the Network from Explicit Images

Firewalls Overview and Best Practices. White Paper

A Guide to Evaluating Security Solutions

The Value of DLP

Understanding and Selecting the Right Secure File Transfer Solution for your Organization

Chat Enhancements Optimize Customers Web Experience

Internet Use Policy and Code of Conduct

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

NetDefend Firewall UTM Services

Server Consolidation with SQL Server 2008

Virginia Commonwealth University Police Department

A Global IT Managed Service Provider

Q&A: The Many Aspects of Private Cloud Computing

Vice President's Office Whistleblower Policy. Approved by: Board of Directors Frequency of Review: Every 3 Year(s)

Facilitating a Windows 7 Upgrade and Application Packaging for a Major U.S. Bank

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

IBM Global Business Services Microsoft Dynamics CRM solutions from IBM

Archiving Compliance Storage Management Electronic Discovery

Human Resources Policy and Procedure Manual

CRM for Customer Service and Support

Sexual Harassment. Managers and supervisors can be named in that complaint if they failed to prevent or respond to the situation.

How Web Security Improves Productivity and Compliance

WHITEPAPER 5 Reasons HR Professionals Are Adopting SaaS Image Filtering

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

Internet Monitoring Versus Web Filtering


No matter how firmly entrenched your company s old habits are, it s easier than you think to achieve EvenBetter customer service

Top 10 Considerations for Selecting the Right RMM Solution

How To Outsource Your Human Resources

5 Factors to Consider When Choosing HRMS Software

Advantages of Managed Security Services

State University of New York at Potsdam. Workplace Violence Prevention Policy and Procedures

Transcription:

Employee Web-use Monitoring at BNSF Railway Choosing the Right Solution Pays Off Wavecrest Computing 904 East New Haven Avenue Melbourne, FL 32901 Toll-free: 877-442-9346 Voice: 321-953-5351 Fax: 321-953-5350 www.wavecrest.net

Abstract Web access in the workplace is a two-edged sword. On the one hand, it can greatly increase workforce effectiveness. On the other hand, personal surfing at work is extremely tempting. As a result, Web-related legal liability, network security and lost productivity issues have become major concerns in all types and sizes of organizations. This case study describes how one such organization, BNSF Railway Company, uses a well-designed employee Web-use management program to deal successfully with these concerns. With a well-communicated Internet usage policy at its core, the program couples management, HR, IT and corporate audit involvement with highly effective technology to maximize the benefits and minimize the problems of at-work Web usage. The technology component of BNSF s program is Wavecrest Computing s Cyfin Reporter application. An industrial strength Web-use monitoring and reporting solution, Cyfin provides critical information that helps BNSF ensure that its employees do not misuse or abuse Web access. Taking advantage of Cyfin Reporter s extensive and growing suite of customizable log analysis and Web-use reporting features, BNSF s use of Cyfin has grown more and more sophisticated over the years as Internet-related risks and issues have steadily increased in number and complexity. This study tells that story. It first describes BNSF s overall Web-use management program and how it functions. It then discusses how BNSF has taken advantage of Cyfin Reporter s advanced capabilities. Finally, it wraps up with a brief summary and several significant conclusions. ****************************** Wavecrest Computing is a pioneering ten-year veteran in the crucial field of employee Web-use management. The company s monitoring, blocking and reporting solutions known for their accuracy, usability, scalability and cost-effectiveness are found in more than 3,000 commercial and government organizations of all types and sizes. Wavecrest s customer base includes well-known names such as Procter and Gamble, U.S. Department of Justice, Honda, Bayer, Pepsi Cola, Blue Cross/Blue Shield, Xerox, IBM and many others.

Introduction BNSF Railway Company is one of the largest railway companies in the U.S. Like most organizations today, it relies heavily on the Internet for many of its operations. And like all such organizations, it faces a blizzard of Web-related issues. Among the most serious are network security, legal liability and workforce productivity concerns. The majority of these issues arise from personal surfing in the workplace. To address these issues optimally, BNSF uses a well-balanced employee Web-use management program. One that simultaneously: Ensures that the workforce takes maximum advantage of the productive potential of the Web Prevents Web-related security, legal and productivity issues from becoming major problems Gives due consideration to workforce morale. BNSF s approach has been successful on all three counts. This is due in no small part to their six-year use of Wavecrest Computing s Cyfin Reporter solution, an advanced Web-use monitoring solution. Cyfin provides BNSF management, HR, IT and corporate audit personnel with the reliable information they need to make sound Web-use management decisions. This case study tells the story of that success. Following this Introduction, Part 1 presents a big picture view of BNSF s approach to Web-use management. Part 2 describes how BNSF s management, HR, IT and corporate audit personnel use Cyfin Reporter to monitor Web-use activity and deal with related issues. Part 3 wraps up the study with a brief summary. Part 1 - Web-use Management at BNSF: a Policy-Based Approach General. BNSF employs more than 40,000 people in hundreds of facilities in 28 states and two Canadian provinces. Of these employees, more than 25,000 have Web access. To ensure that these employees use the Web for productive purposes, BNSF employs a judicious, well-organized, multi-faceted employee Web-use management program. At its core is a clear, well-communicated Acceptable Usage Policy (AUP). Known as the BNSF Internet and Intranet Policy, it clearly defines acceptable and unacceptable Web-use practices and online conduct. The Usage Policy. While BNSF s usage policy is designed primarily to maximize productive use of network resources for company purposes, it does permit limited personal use of the Internet as authorized by local management. The policy is communicated formally to the workforce in writing, in briefings, via the employees computer screens and informally by individual supervisors. It is also covered as part of BNSF s Security Awareness Program, an initiative that management and IT have leveraged to inform BNSF computer users of the company s Internet/Intranet policy and related blocking and reporting processes. Enforcing the Policy. BNSF s policy is supported and enforced through an effective and balanced blend of progressive management techniques and robust technology. The latter stresses Web-use monitoring using Wavecrest Computing s Cyfin Reporter solution. As discussed in more detail later, Cyfin Reporter has a number of customizable features that are specifically designed to monitor and report on compliance with usage policies. Note. As part of its approach to Web-use management, BNSF has a product that filters employees Web access, but the Company chose Wavecrest Computing s Cyfin Reporter solution for the more critical monitoring and reporting functions. They did this because they found that Cyfin Reporter is more reliable and effective and is easier to use than their filtering product s built-in reporting feature.

BNSF s Web-use Management Concept. Also important to note, BNSF does not approach employee Web-use management and monitoring as an exclusively IT responsibility, although IT personnel are deeply involved. BNSF s approach emphasizes workforce behavior, not system or network performance. With this in mind, BNSF management, HR, information security, and corporate audit personnel regularly request and review reports and initiate investigations into suspected cases of abuse (both inappropriate site access and productivity issues). They also use Cyfin s reports to gain a general understanding of the workforce s online activity. This is exactly the type of broad-based, multi-disciplinary approach that Cyfin Reporter is designed to support. Teamwork and Collaboration. Among other actions, these individuals, along with BNSF s Cyfin administrator and other responsible individuals, use Cyfin reports as a basis to discuss and resolve a variety of Web-use management issues such as: Policy-violation allegations or investigations Considerations of disciplinary action or termination (between the business unit and HR) General review of overall Web activity (monitoring and reporting results are presented to a limited group) In the next section, we ll look more closely at how responsible BNSF personnel use Cyfin Reporter on a day-to-day basis. Part 2 Web-use Monitoring and Reporting at BNSF General. As mentioned earlier, Web-use monitoring and reporting are key elements of BNSF s overall employee Web-use management program. For more than six years, BNSF has been using Cyfin Reporter to monitor employees and contractors Web use and deliver accurate, actionable information to management, HR, IT and corporate audit. In providing this information, Cyfin serves simultaneously as an IT security and productivity enhancement tool, helping the company s management deal with numerous potential Web-related threats and issues. Over the years, as Web-related threats and issues have multiplied and become more complex, BNSF has taken maximum advantage of Cyfin Reporter s steadily increasing capabilities to progressively increase and fine tune the effectiveness of the monitoring and reporting processes. This in turn has enabled the company to stay well ahead of these steadily increasing threats. The Web-use Management Challenge. Monitoring 39,000 widely dispersed computer accounts for policy compliance is no small challenge. Doing so in a uniform way with consistent, standardized results makes that challenge all the more stringent. To meet it, BNSF uses a proactive, centrally controlled approach. Centralized Control. Cyfin Reporter is installed at company headquarters in Fort Worth, Texas. From that location, an IT administrator manages the product s configuration and controls the generation and distribution of Web-use monitoring reports. With respect to product configuration, BNSF management specifies policy-related settings which the administrator enters. Providing the Reports. Management, HR and other authorized personnel contact the administrator to request reports to meet their individual needs. The administrator generates 60 departmental reports at specified intervals and additional drill-down reports are generated on a manual/ad hoc basis.

Important Indications in Cyfin Reports. When asked what type of overall reporting results are particularly important, critical, useful, or interesting, BNSF personnel stated that the following are most significant: Indications of excessive personal surfing in seemingly innocent areas, e.g., shopping, sports and news (thus reducing productivity) Indications of personal surfing in especially inappropriate and/or potentially dangerous areas, e.g., pornography, hate and crime Using the Reports. The recipients of Cyfin reports use them in a variety of ways. For example, they utilize the information in the reports to: Counsel employees about policy violations, i.e., inappropriate surfing Counsel or train employees on productive or beneficial use of Web sites Substantiate disciplinary action or termination Brief management on Web-related problem areas Assist legal staff in dealing with sexual harassment, hostile workplace or wrongful termination lawsuits Other Uses. From time to time, management also uses the information in Cyfin reports to discuss (a) possible policy revisions, (b) workforce-related issues such as training, communication, intranet usage, and self-service issues and (c) ways to help recipients interpret the reports. Getting the Most Out of the Product. As mentioned earlier, BNSF has taken excellent advantage of the product s numerous advanced capabilities, many of which are customizable and/or optional. Among the most significant of these are the following: Web Activity Categorization. Cyfin sorts results into content categories, e.g., Shopping, News, Sports, Pornography, Financial, and others. User Grouping. This feature enables BNSF and other customers to group their users by department, geographical location or other shared characteristic. User Audit Capability. BNSF personnel use this feature to obtain highly detailed reports of individual users Web activity. Automatic Abuse Detection. By setting acceptable activity limits (thresholds) for monitored categories, BNSF configures Cyfin to automatically flag instances in which those limits are exceeded. This feature lets report recipients easily filter out low-activity users and concentrate on cases of true abuse. Numerous Customizable Reports. Cyfin provides seventeen customizable reports that depict Web-use activity from a number of high- and low-level perspectives. Accurate Measurements of Employees Web Usage. BNSF also takes maximum advantage of Cyfin s unique Visit Filter, a feature that distinguishes between true visits (human activity) and extraneous hits (automatic activity). When asked about this, BNSF s Cyfin administrator replied, Counting true visits is the most accurate way of gauging actual levels of users online activity, and focusing on total hits can be very misleading. He also indicated that, This approach eliminates noise from the reports and assists in identifying potential problem areas. Actionable Information. BNSF benefits from the actionability of the information in Cyfin Reporter s reports. Because the reports present information that has already been automatically analyzed against the company s usage policy, recipients can reach conclusions at a glance without spending extensive time trying to interpret results. This is a true time saver.

Some Technical Considerations. In terms of Web-use management, BNSF is like all organizations with large numbers of users, i.e., it faces significant technical (as well as functional) challenges. Three of the most critical are large volumes of data, multiple data sources and report-generation speed. 1. Large Data Volumes. BNSF s outbound Web traffic flows through two very large Microsoft ISA Servers located at company headquarters in Fort Worth, Texas. These servers generate a huge volume of log files, i.e., over 2.5 gigabytes (GB) per day. Despite this large volume, Cyfin Reporter handles the load easily. 2. Multiple Data Sources. Cyfin easily handles multiple data sources at widespread locations. At BNSF, the sources are the two Microsoft ISA servers mentioned above. 3. Report-Generation Speed. Most Web-use reporting products generate reports by reading log files directly. This can take many hours. Cyfin Reporter is different. It solves this problem by storing log file data in XML format in a proprietary database from which the data is extracted, analyzed and reported out at extremely high speeds. Vendor Assistance and Support. According to BNSF personnel, a key element in the success of their employee Web-use management program has been Wavecrest Computing s responsive and professional support service organization. As online threats have emerged, and as the art and science of Web-use management have matured, BNSF and Wavecrest personnel have worked together to resolve a number of issues. For example, Cyfin Reporter s previously mentioned Visit Filter grew out of discussions between Wavecrest and BNSF representatives. (The Visit Filter is the key to Cyfin s ability to accurately report levels of Web activity.) Part 3 - Summary BNSF officials indicated that the company has benefited in a variety of ways from using Cyfin Reporter. They indicated for example that the use of Cyfin has significantly reduced personal surfing in the workplace, helped prevent situations that could lead to legal liability, produced credible information to substantiate disciplinary actions, and helped increase workforce productivity. They also indicated that Cyfin has helped improve network security, resource utilization by identifying runaway Web connections, and BNSF management s understanding of how their employees use the Web. BNSF s use of Cyfin Reporter is a classic example of how knowledgeable IT customers and responsive technology vendors can and should work together to solve complex business challenges. In this case, BNSF chose a product and a vendor that were both ideal for addressing the employee Web-use management challenge. The product had all the right features, and the vendor Wavecrest Computing had the right expertise and orientation to help out when needed.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information