Request/approval for playback and text input censorship

Session monitoring can have serious implications on user privacy and so should be implemented with great care. The session monitoring infrastructure is subject to strict access control rules and workflow processes. For example, an auditor must first request the right to perform a given search through session data. If approved, he can execute the search and may find sessions of interest. The auditor must then request the right to playback selected sessions. Only if this second request is approved can the auditor retrieve session data. Of course, all such requests and searches this is indelibly logged.

Another measure used to protect user privacy in Hitachi ID Bravura Privilege is a pattern-matching censorship process. Hitachi ID Systems customers are encouraged to define regular expression patterns, matching passwords, social security numbers, credit card numbers, bank account numbers, etc. A process on the Bravura Privilege server post-processes keystroke and keyword data captured by the session monitor, searching for matches for these patterns. Matches are deleted from the keystroke and keyword database.

Real time surveillance

Bravura Privilege can monitor user activity, including video capture and keylogging. This data can be replayed both in real time (one user watching another's current activity) or later, subject to request/approval workflows and privacy protection measures.

Bravura Privilege supports but Hitachi ID does not recommend real time session surveillance (one user watching another):

  1. If screen sharing is intended to be interactive, there are already off-the-shelf solutions that Hitachi ID customer almost certainly uses, such as WebEx. The added value of doing this through Bravura Privilege is minimal.
  2. If session viewing is intended to not be evident -- i.e., a watcher and an unaware user being watched -- then there is significant opportunity for privacy compromise. Consider a user, being watched, who takes a coffee break and does some personal banking, while being watched. Hitachi ID customer legal would almost certainly forbid such activity.

There are a range of views among vendors in the marketplace regarding how to approach session monitoring. At one end of the spectrum are vendors who encourage non-apparent session viewing, up to and including real time surveillance. This viewpoint ignores the risk of privacy compromise and the possibility of corporate legal liability as a result. At the other end of the spectrum are vendors who value privacy first and surveillance second. Hitachi ID is firmly on this privacy-first end of the spectrum.