Web Protection: Instant Message (IM) Chat Logging
While researching a UTM, I came across an IM chat logger. This will be a nice feature for Sophos UTM to have so I can inspect chat sessions for company violations/data leakage.
It would be useful to be able to monitor, manage, filter and report on social media functions eg: IM, search engine, web apps. Instead of blocking sites like Facebook, Google+, Twitter, etc… enforce access via policy.
Attractive feature particularly in the education space where teachers want to provide access to educational content on social media sites however, protect students and monitor abuse of these sites particularly as far as things like cyberbullying is concern.
Does this log chat history
Nick Holden commented
Keyword filtering would also be good.
Bob Alfson commented
Scott, I thought the EU was stricter on this than we are, and that that was the reason for the anonymization in Web Security reporting. It seems like the same thing could work for IM/P2P. The other comment I'd make is that all of our government and education clients now must archive every email they receive, so I don't think it will be too long before tweets and IMs are included.
I am sure the US is not the only market for Astaro. I am sure a disclaimer can be given whenever this feature is enabled.
Scott Klassen commented
Here's my opinion. Astaro is primarily designed for businesses. The usefulness of this feature would be extremely limited for any customers who fall into the business category in the US. Current case law in the US makes it illegal for businesses to log or monitor the contents of public server chats (ICQ, Yahoo, Google, MS, etc.). You may only monitor/log on a chat service that does not allow connectivity to a public chat, that is you run your own private chat for internal use only. The reason for this is that although your employees may have signed a waiver of privacy when at work, while on work equipment, any external parties your employee may be chatting with have not.
In a work environment, you are using company resources and there is no implicit privacy. At home, you can check your kids IMs or if the significant other is cheating on you! :P
Maybe I misdunderstood but doesn;t that mean that the admin will be able to check the IM chats of all the clients?