Learn about device control technology and how to implement device control solutions in your security program.
A Definition of Device Control
Device control is a measure of protection that restricts user access to devices. Companies and organizations open or block access to devices such as data storage media, including removable devices, CD/DVDs, data transfer devices such as modems or external network adapters, printers, multi-function peripherals, and connection buses such as USBs and FireWire. Most device control restricts user access to devices by access rules. Access rules are sets of parameters that identify two functions of the device control component: providing access to specific types of devices for certain users or groups of users during specified time periods and setting restriction rules on reading and editing files on data storage media.
The Need for Device Control
As companies and organizations become more interconnected than ever before, external devices and removable media are commonplace tools needed to complete daily business operations. While these devices make it easier for professionals to complete their tasks and collaborate with colleagues, they also pose a threat to enterprise data and serve as a potential entry point for malware. Once copied to a removable device, sensitive data is removed from the organization’s control and protection. Malicious insiders often use USB drives to quickly steal data or compromise systems, often without organizations being aware of the problem until it is too late. As a result, device control is a critical component of data protection strategies for enterprises today.
Benefits of Device Control
There are several benefits of device control, whether as a standalone solution or as part of a broader data protection solution. High-quality device control solutions provide data loss and theft prevention, media encryption, detailed monitoring and forensics, and malware protection.
Device control can protect valuable organization and customer data from loss or theft via removable devices. High-quality device control software:
- Provides visibility into who is using what devices on which endpoints.
- Controls how these devices are being used to ensure only legitimate business use.
- Ensures that data transferred onto these devices is encrypted to prevent unauthorized use or dissemination.
Device control requires end users to encrypt data being copied to removable devices in compliance with company security policies and industry regulations. By doing so, device control solutions:
- Enforce encryption policies on all data transfers to USBs or DVDs/CDs to ensure any data on lost or stolen devices is unreadable.
- Limit the amount and types of data that can be transferred.
- Provide visibility into what data is being transferred onto devices from endpoints.
Endpoint Detection and Response
Device control monitors files being transferred onto and off of your network. Robust device control technology should offer the capabilities to:
- Log all device usage and data transfer activities on your network.
- Keep a copy of the metadata and/or the contents of files transferred off your network.
Device control helps organizations protect against USB-borne malware introduction by:
- Controlling use of devices on your endpoints.
- Controlling the types of files which can be downloaded or opened.
- Showing which files have been downloaded.
Device Control as Part of a Data Protection Solution
Organizations choose data protection solutions that offer device control and encryption to secure their data and protect their systems. The best data protection solutions handle device control and encryption in a variety of ways. Some provide automated, policy-based usage controls for removable media devices that alert, prompt, or block when identifying an attempt at risky behavior. Others distinguish devices and data by class and allow only authorized individuals to use or access them. Often this is centrally managed, enabling companies to control and enforce security policies as necessary without disrupting workflows.
Data protection systems that provide device control can also automatically recognize and encrypt sensitive data that is transferred to devices based on classification and/or contextual factors such as recipient and destination. A complete data protection solution with device control is one of the best investments an organization can make to protect its data and systems.