With the rise of Bring-Your-Own-Device (BYOD) policies and the proliferation of personal devices, organizations often risk losing data due to employee negligence or malicious intentions. After all, no matter how secure a company network is, the moment an employee transfers sensitive information onto their phone, USB, or external drive, that data is instantly put at risk. Worse yet, cyberattacks can be conducted through portable devices as well: infected USBs and even Bluetooth can be used by outsiders or disgruntled insiders to steal data.
Companies can address this issue through Data Loss Prevention solutions that come equipped with device control features. Our very own Endpoint Protector has an entire module dedicated to Device Control which offers a number of tools that allow organizations to control or block unauthorized devices. Many of them were developed in collaboration with our customers and serve real-life business needs.
Here are the six features that make Endpoint Protector the most advanced Device Control software on the market:
1. Granularity
While at first companies might be tempted to enforce strict global policies for device control, they will soon realize they can negatively impact employees’ productivity. This is the sort of rigidity much fear when it comes to implementing DLP solutions.
Endpoint Protector’s Device Control module, however, was built with flexibility in mind. Policies can be applied not only on a global level, but also to particular groups such as departments or people involved in a specific project or to certain computers, users or devices. In this way, companies can apply a stricter control over employees with direct access to sensitive data while allowing the rest of their workforce a greater degree of liberty.
2. Easy-to-define policies and whitelisting
Using Endpoint Protector’s modern, intuitive interface, companies can quickly define the rules of usage and restrictions of devices. There is no need for extensive training or burdensome implementation periods. And, with Endpoint Protector’s well-known ease of deployment, organizations can have their Device Control policies up and running in mere hours.
Devices can also be very easily whitelisted from Endpoint Protector’s dashboard, ensuring that admins can respond to unexpected situations without delay.
3. Offline Temporary Passwords
Another feature built with the occasional emergencies that arise in real-world work environments in mind, Offline Temporary Passwords (OTPs) give administrators the possibility to generate a password that, when used, will grant temporary unrestricted access to a specific device, computer, or user.
These passwords can be requested by users with a justification and can be generated by EPP administrators in mere seconds. Their validity period ranges between 30 minutes and 30 days and is customizable.
4. Trust levels
Companies that need to connect devices to endpoints on a regular basis can assign trust levels to devices based on their level of encryption. In this way, company portable devices can be allowed to connect to endpoints as well as devices with a high level of security.
For example, only devices using Endpoint Protector’s Enforced Encryption could be allowed to copy files outside of an endpoint, thus ensuring that data transferred onto USBs will always be encrypted.
5. Time and network-based policies
A feature especially useful for companies with BYOD policies in place, time and network-based policies allow admins to set different access rights depending on whether a computer is being used outside business hours or outside the company network.
Working days and hours as well as a company network’s DNS and ID can be defined in Endpoint Protector’s dashboard. Separate policies that govern outside hours and other networks can then be put in place to ensure that sensitive data continues to stay safe even when devices leave the security of the office.
6. Detailed reports
Endpoint Protector’s USB Device Control module not only monitors the use of devices across the company network but also generates reports on it. In this way, organizations can know exactly what files were transferred onto what device, what attempts were made to copy sensitive data onto unauthorized devices, by whom and when they were blocked.
These reports can be useful not only to identify weak links in a company’s security, but also for auditing purposes and as proof of compliance with data protection regulations.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.
