I've been curious about some of the work done by my team related to this and data collection. We do mass event log collection and aggregate it all into Splunk. Some of the sources are sysmon event logs, AD data, and firewall logs. This is in Europe. The purpose is security.
This data is all made available through the Splunk interface, and any team member can search through the essentially raw data. On a scout's honor system we don't search up individuals unless given consent by the user. It really doesn't sit well with me, thought, and it hasn't for some time.
One of the problems I see is that the employee laptops - vast majority being non-technical users - are allowed for personal usage. Thus we, by virtue of our selective VPN, send not just work-related data.
Anyone with knowledge of the space that can add some light to this and my worries?
This data is all made available through the Splunk interface, and any team member can search through the essentially raw data. On a scout's honor system we don't search up individuals unless given consent by the user. It really doesn't sit well with me, thought, and it hasn't for some time.
One of the problems I see is that the employee laptops - vast majority being non-technical users - are allowed for personal usage. Thus we, by virtue of our selective VPN, send not just work-related data.
Anyone with knowledge of the space that can add some light to this and my worries?