With each product update, we strive to make IT administrators’ experience better and to enhance data security features, with the final scope to prevent data losses and data thefts in organizations. Today I would like to drill down into the refined cross-platform Enforced Encryption module (available for Windows and Mac OS X), the most recent release for Endpoint Protector 4, our DLP and MDM solution.
We call Enforced Encryption…
The capability of automatically encrypting data on USB storage devices and authorizing the use of only encrypted USB devices. We do this with the correlation between Endpoint Protector 4 Data Loss Prevention product and the EasyLock, password-protected USB encryption software. Referring strictly to the DLP tool, it monitors two main channels as exit points for sensitive data: portable storage devices and online applications and services. Besides the possibility of blocking the use of devices for certain users, computers, groups, to assign Read-Only rights, or to create a custom class to allow rights to a specific brand of removable device, we also enforce encryption for data stored on USB devices. It’s a win-win situation – users are able to copy data to devices to continue working from home or in business travels, or simply to move data from one computer to another; CSOs can rest assured that data is securely stored on devices and the misfortune of users’ losing USB thumb drives doesn’t lead to third party individuals getting access to company’s vital data.
In Endpoint Protector 220.127.116.11, we introduced the automatic deployment for EasyLock and the master password, among other features. These translate in several advantages for administrators and employees:
- Fast installation of USB encryption. With the added options, each USB device that connects to a computer where the Endpoint Protector 4 DLP agent is installed will automatically get the EasyLock software. This requires the application of the policy “Allow Access if device is Trusted Device Level 1+”.
- Convenient licensing. The license will be also assigned automatically, through the Site License, making all the process extremely easy and convenient for both users and administrators.
- Increased control. For a better control, the master password allows Admins to manage users’ passwords and to recover or to delete data from the USB device in case it is lost or stolen or in other potentially harmful situation that threatens the security of stored data.
- Raise employees’ awareness. The Admin is now capable of sending personalized messages to the user to increase employees’ awareness of data security, to alert users on password changes, or any other message.
- Alerts for security incidents. Administrators can setup and receive alerts by e-mail whenever events like users’ passwords are changed, password login to EasyLock failed, the number of retries exceeded the limit or other events they want to follow.
- Simplified user’s experience. The experience of the user that connects an EasyLock encrypted USB device on both Windows and Mac OS X computers consists in simply defining a password and logging into the application to be able to copy data on the device.
Lost unencrypted USB devices along with human error still represent a major cause of data breaches. In the UK, a research revealed that 22,000 USBs were left in dry cleaners every year. That’s only in the UK, so you can imagine that, at a worldwide level, the number is extremely high and if we consider the many places USB sticks are lost or forgotten, it is safe to say that it adds up to millions. The good news is there are solutions to address this type of situations, so businesses of all sizes can and sectors can minimize the impact of a misplaced USB thumb drive with companies’ digital information.
What about you? Whether you choose encryption, USB control or other solution, please tell us your experience and what is your wish list?
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.