Back when this blog was dedicated to all things Microsoft I routinely railed against the spying aspects of Windows 10. Well, apparently that\u2019s nothing compared to what enterprise security, analytics, and hardware management tools are doing.\nAn analytics firm called ExtraHop examined the networks of its customers and found that their security and analytic software was quietly uploading information to servers outside of the customer's network. The company issued a report and warning\u00a0last week.\n\nExtraHop deliberately chose not to name names in its four examples of enterprise security tools that were sending out data without warning the customer or user. A spokesperson for the company told me via email, \u201cExtraHop wants the focus of the report to be the trend, which we have observed on multiple occasions and find alarming. Focusing on a specific group would detract from the broader point that this important issue requires more attention from enterprises.\u201d\nProducts committing security malpractice and secretly transmitting data offsite\nExtraHop's report found a pretty broad range of products secretly phoning home, including endpoint security software, device management software for a hospital, surveillance cameras, and security analytics software used by a financial institution. It also noted the applications may run afoul of Europe\u2019s General Data Privacy Regulation (GDPR).\nIn every case, ExtraHop provided evidence that the software was transmitting data offsite. In one case, a company noticed that approximately every 30 minutes, a network-connected device was sending UDP traffic out to a known bad IP address. The device in question was a Chinese-made security camera that was phoning home to a known \u200bmalicious IP address\u200b with ties to China.\nAnd the camera was likely set up independently by an employee at their office for personal security purposes, showing the downside to shadow IT.\nIn the cases of the hospital's device management tool and the financial firm's analytics tool, those were violations of data security laws and could expose the company to legal risks even though it was happening without their knowledge.\nThe hospital\u2019s medical device management product was supposed to use the hospital\u2019s Wi-Fi network to only ensure patient data privacy and HIPAA compliance. ExtraHop noticed traffic from the workstation that was managing initial device rollout was opening encrypted SSL:443 connections to vendor-owned cloud storage, a major HIPAA violation.\nExtraHop notes that while there may not be any malicious activity in these examples, it is still in violation of the law, and administrators need to keep an eye on their networks to monitor traffic for unusual activity.\n"To be clear, we don\u2019t know why these vendors are phoning home data. The companies are all respected security and IT vendors, and in all likelihood, their phoning home of data was either for a legitimate purpose given their architecture design or the result of a misconfiguration," the report says.\nHow to mitigate phoning-home security risks\nTo address this security malpractice problem, ExtraHop suggests companies do these five things:\n\nMonitor for vendor activity: Watch for unexpected vendor activity on your network, whether they are an active vendor, a former vendor or even a vendor post-evaluation.\nMonitor egress traffic: Be aware of egress traffic, especially from sensitive assets such as domain controllers. When egress traffic is detected, always match it to approved applications and services.\nTrack deployment: While under evaluation, track deployments of software agents.\nUnderstand regulatory considerations: Be informed about the regulatory and compliance considerations of data crossing political and geographic boundaries.\nUnderstand contract agreements: Track whether data is used in compliance with vendor contract agreements.