Device Control: Where Does It Fit?
So, where does Device Control fit in your organization? Perhaps we should first stand back and ask the question: What is Device Control and what does it do?
Let's start with a quick introduction.
Device Control allows you to manage permissions for all input/output devices attached to your computer. “Okay,” you say, “I kind of get it, but let’s do better.”
Device Control can allow you to block data either coming in or leaving your organization on removable media such as USB drives or CD/DVD media. It also enables you to encrypt your data—offering further protection if a device was misplaced or stolen. (It can do a lot more, but this is the very core of Device Control.)
Addressing Customer Concerns with Device Control
Now let's review several customer concerns that we can address with a Device Control solution.
Working with and talking to customers, a number of common themes are raised time and time again, namely a concern over 'negligent employees’; concern over loss of ‘Intellectual Property’; ‘accidental loss of data’; the ‘malicious insider threat’; or ensuring GDPR compliance.
There’s an obvious common trait running through those concerns: data.
The information that each organization has stored on their servers, network shares, end users’ computers, and on additional storage devices—and on documents left in printers—needs to be protected. The world today is data-driven. Every business thrives from the data they have, whether it be financials, sales forecasts, sales pipelines, employee records, IP, customer details, etc. There are many security holes where this data can be stolen, leaked, lost, or just misplaced unintentionally (duplicates of data stored in various locations).
The results of “losing” sensitive data, whether intentional or accidental, can have a disastrous effect on your company—stock price devaluation, revenue loss, and loss of reputation leading to a declining customer base and higher spend on public relations and customer relations. The introduction of GDPR comes with financial penalties of up to €20 million, or 4% of annual worldwide turnover for failing to comply.*
You may not think this applies to you—that it’s only for the larger enterprise companies. Yeah, right. One might argue that the effect on loss of sensitive data to SMB could be worse felt than that of a large enterprise who may absorb the additional costs required to remediate the situation.
Now let’s play out some basic work-related scenarios and show how easy data loss maybe encountered in your organization, regardless of size.
Two Work-Related Scenarios
A Departing Employee:
Employees are job hopping more than ever, with more than one quarter (29%) of employees saying they regularly search for jobs. The reality is that during their time in your organization, employees will take information they value with them. Consider your desk. How easy is it for you to plug in your phone and copy files over? How about plugging in a USB drive? Databases, not just files, of sensitive data can be transferred easily to a USB drive.
An Employee Who Travels Quite Frequently:
Consider this pretty basic scenario of an employee, perhaps a healthcare rep, who works in their office a few days a week and has access to sensitive data on customers/patients. They just copy the files they need from the office computer onto their USB stick because it’s more convenient to work from the data on their own computer for additional after-hours work, or to transfer to a separate laptop when traveling.
What happens if they lose the USB drive? Do they know what information was on it? Was the data encrypted and protected? Do they have copies of the data on their home computer also? Is their home computer as secure as their work computer? Has it been patched against the latest vulnerabilities? Is its malware protection up to date?
The Insider Threat is Real
As you can see, the insider threat is very real. In certain cases, there’s an intention to take data, copy it, and use for personal gain; perhaps use it to get ahead in a new job or perhaps for financial gain—sell it to a third party. Other instances where data is lost or stolen may be accidental or unintentional, but they are still classified as ‘insider threats’ because losing data can be just as serious to an organization, depending on what data was lost and whether or not it was encrypted.
Ivanti’s current endpoint Device Control point product can offer a genuine, credible protection against the scenarios discussed above, and more.
This proven solution enables you to:
- Gain visibility into who is transferring data into and out of your organization via devices.
- Gain visibility into what data is being taken from your organization.
- Take action and prevent data leakage through a four-click whitelisting approach.
- Enforce encryption of all data transferred to removable media to prevent sensitive data if stolen or lost.
- Establish centralized, granular control over all devices in your organization.
- Retain a centralized copy of all data copied onto removable media.
- Limit the data type and amount of data that can be copied in/out of your organization.
- Provide greater flexibility of permissions for employees depending on where they work (home/office/travel)
- Prevent malware coming into your organization via removable media.
Please visit Ivanti Device Control for further information.