Mark the page
Contact form
If you are interested in our offer, use the form and ask a question to our specialist.

USB device management

Is it safe to use USB devices in a professional environment from an IT security and data protection perspective, and if so, how?

The simple answer: Yes! But.

More specifically: Yes, if you follow the security rules! These rules are embodied in a carefully programmed USB device management system that provides a correspondingly high level of security and a relatively low administrative burden.

Big data, small size and convenient operation. USB flash drives and hard drives are indispensable in many organizations as daily companions: to exchange, transport or create mobile copies of data. Often this data is very sensitive and under no circumstances should fall into the wrong hands. Therefore, very rarely should such data leave a trusted environment, and if it does, it should be on encrypted media carried by people authorized to transport such data.

Great advantage = Great danger

The dangers of USB devices are often ignored, and the entire "USB area" is completely ignored in any data protection measures.

Loss, private abuse and deliberate theft are common occurrences, and unfortunately many organizations don't realize it until it's too late.

Solution: Restrictions

However, this is not the best solution, because we increase security at the expense of the comfort of employees and colleagues who will not want to comply. Therefore, a much better option is to prevent data leaks and appropriate protective measures.

A good base for secure data storage in a company, are hardware-encrypted disks, which are then given to employees, usually bundled with a document outlining guidelines for handling these disks.

This document specifies, for example, how complex passwords must be, how often they must be changed, where a drive can be used, and, most importantly, where it cannot be used (e.g., only in a trusted environment inside a company, but not in a private home office). You determine which files can be used, whether the disk owner should have access to data outside the workplace, and much more.

However, controlling all these rules is, practically speaking, almost impossible if we do it "manually." The only saving grace here is a system of central administration

Below we describe what functions such a management system has (must have) and what it is needed for.

Main features and benefits of USB device management:

Enforce rules set by the administrator, such as password rules, file type restrictions, or geographic boundaries. The feature allows you to remotely reset passwords, put devices into read-only mode, and even remotely wipe in case of theft or loss.

Monitor all your encrypted drives, including their location, anywhere in the world. Integrate with Active Directory to easily track users, assigned devices and connected computers.

Check which files have been saved or deleted from your encrypted devices whenever you want. Use a full device background check, tracking by user, including connection data, failed logins, resets and device losses.

Analyze the status of your devices running with SafeConsole - See connections, device inventory, geolocation table, all in one place. In addition, it is possible to integrate SIEM with Splunk or Graylog.

Automatic inventory: Easily accessible overview of all drives in use including information about their type, serial number, software version, user, assigned security policies, etc. Such a list can be exported and used, for example, in RODO cases as an attachment to a procedure catalog.

Management and enforcement of security guidelines

Guidelines can vary widely, from those that specify under what conditions data can be accessed at all to those that say what sanctions follow in the event of non-compliance.

Remote reset to factory settings

If a drive is lost, stolen, or an employee leaves the company and the data remains in his or her possession, the administrator can remotely and irreversibly remove the data and AES key from the drive by resetting the drive to factory settings.

Remote password reset

Every employee, from time to time, will happen to forget the passwords to their devices. The administrator can use challenge response procedures to help employees assign new passwords without losing data on disk.

Compliance Reports

Everything we mentioned earlier, and many other events, are recorded in compliance reports. This means that at any time you can prove who, when, where and what device, caused an event. The extent of the recorded information can be adjusted through settings in the admin panel.

Additional features

With additional licenses, the range of available services can be expanded to include USB port control (USB port blocking/white list of authorized drives), malware protection (direct integration with USB media software) and virtual disks (data stored locally, is backed up to the cloud).

 

Want to know more about the USB media management system from DataLocker?

More about DataLocker
More about USB blocking
Ask a specialist
Back to all solutions