This document introduces the business case for implementing a session monitoring system to record login sessions to privileged accounts. It examines a series of technological design decisions that must be considered when developing a session monitoring system and offers guidance about how such a system might be best deployed and managed in practice.
There are three main business drivers for recording the activity of users as they sign into privileged accounts:
In the event that an IT user is suspected of or has been found to act unethically or illegally, it is helpful to be able to play back all of that user's activity, to see what inappropriate actions they may have taken. This data may be required as supporting evidence if the user must be terminated or to support legal proceedings. This data may also be needed to find and reverse any harmful changes the user has made to systems or data.
The knowledge that their actions are being recorded and that they may be held accountable for them may alter user behaviour for the better.
Recording user activity makes it possible to replay work. This can aid in knowledge sharing, under a number of scenarios: