Macs used in office - protect intellectual property?

Discussion in 'macOS' started by ericmachine, May 21, 2016.

  1. ericmachine macrumors newbie


    May 21, 2016
    Hi all,

    Need some help here.

    I have a company of 12 people (may increase to 15 by end of this year). All of us are using either iMac, MacBook Air and MacBook Pro. Mostly on El capitan, if not Yosemite.

    Since my team is growing, I want to protect my company intellectual property (IP).

    1. Ability to detect on who plugged a thumbdrive/hard drive to their laptop.
    2. Ability to detect files being uploaded to emails (outside of company email) maybe via yahoo/outlook/gmail.
    3. Ability to detect who copies files from my file server (NAS, etc), servers (mostly on ubuntu 14.04 servers and 1 centos 6/7)

    Is there any software free or paid which I can go for? I know windows can do such stuff. Not too sure about Mac. But nowadays more and more companies are embracing for Mac. Believed there must be some solutions for this.

    Any help? Thanks.
  2. dyn macrumors 68030

    Aug 8, 2009
    A couple of things to remember: any auditing/logging you do on a machine will decrease its performance, how much depends an what, how much, what you use to audit/log and how you do it. Also be aware that this extensive auditing might cause legal issues (mostly privacy related) and issues with employees (not everyone will agree with what you are doing as they find it creepy or see this as you not trusting them). And lastly, the most important thing to note: there is no waterproof system as any system you'll use still requires you to trust your employees.

    As for points 1, 2 and 3 you'll need to ask yourself the question what it is what you want to accomplish with those points. What's the sense of registering plugged in drives? If someone does this quite often you'll end up with a very long list. How can you tell from that list they plugged in a drive rightfully so or not? The same for copying from fileservers (which btw, is not something you do on the client side but on the server side and is already available). As for number 2 I highly doubt it is even technically doable (no matter the OS).

    The solution here may not lie with auditing the clients but using a dedicated system containing the IP documents as well as some governance put in place (contracts with some clauses in them, quite common). The tooling you are searching here are only meant for enforcing company policies. The best way would be to develop the policies first and use those as a basis for searching tools that will enforce them. What you are doing here is the exact opposite and will almost never lead to success.

    Btw, you may want to look into software like OS X Server where you can set up profiles that will lock down the Macs and iPad/iPhones. There is other software similar to this such as Casper from Jamf. The official name for this kind of software the industry uses is MDM (which in this case is actually wrong because it stands for Mobile Device Management).
  3. hallux macrumors 68030


    Apr 25, 2012
    Check out a tool called Digital Guardian. I have no experience with it on an admin side but I know there are clients for Windows and Mac. I believe it can track file movements and I know it can block USB write access. It may be more than you need for your environment but the tools exist.

Share This Page