USB Security and Data Encryption

Safeguarding your data is critical to running your business and protecting the privacy of employees and customers. The news is rife with reports of data being lost or stolen from laptops left in cars, USB flash drives dropped in airports, or unencrypted CDs and DVDs lost in the mail.

What’s at risk - employee information, patient medical records, credit card numbers, corporate intellectual property and much more. All can be lost or misused in an instant, unless you have complete control over how data is stored, copied, and transported and whether or not it is encrypted. In fact 53% of organizations would never know what data was on a lost USB device¹.

Physically Blocking USB devices or port access hinders the flow of business, so enforcing a flexible policy that puts controls over the movement of information, but does not altogether ban it is imperative. In order to effectively protect your information, you have to know where your current risks reside. Take the first step by downloading the free Lumension® Device Scanner to find all of the USB devices that have ever been connected to your network.

Download the Solution Brief

Lumension® Data Protection Delivers USB Security

Lumension® Data Protection eliminates data loss or theft by enforcing USB device use policies to:

• Identify all devices, past and present, ever connected to network assets. Each device is identified by type (e.g., USB thumb drive, CD burner, smart phone), manufacturer, model number, and MAC address (if applicable).
• Control and manage any removable devices through ports, including USB, FireWire, WiFi, Modem/Network NIC, and Bluetooth.
• Provide detailed forensics on device usage and data transfer by person, time, file type, and amount. By monitoring and creating shadow logs of file transfers, you can replicate the actual files or just record file name, type, and ownership.

Lumension® Data Protection Enforces Encryption of Data Written onto Removable Devices

Lumension® Data Protection solution allows you to require your employees to encrypt data written USB sticks, CDs, DVDs and more, using state-of-the-art 256-bit AES encryption. Encryption is self contained on the device, allowing only those with an encryption key to copy to an unmanaged computer. In addition, you can:

• Control who in your organization can access devices / media and control whether or not those devices / media can be accessed outside of your organization, giving you peace of mind if they are lost or stolen, knowing that the contents are encrypted and therefore inaccessible.
• Assign access permissions to removable devices / media, and one of the several encryption methods, including Non-Portable Encryption (access on network only) and Portable Encryption (self-contained for use outside of the network).
• Control encryption centrally, or assign permissions to specific users or groups of users to manage it on their own.
• Limit the types of files which can be transferred onto removable devices / media, and the amount of data which may be transferred per day of the week

Lumension® Data Protection is PGP-aware

Lumension® Data Protection supports PGP implementations, giving you central control over access to PGP encrypted drives: use the Whole Disk Encryption (WDE) capability via PGP Desktop console to encrypt and decrypt the devices / media and Lumension® Device Control’s Management Console to assign access permissions. You can also use the Management Console to:

• Authorize the use of PGP-encrypted removable drives.
• Grant general access to all PGP-encrypted removable drives assigning the appropriate permissions.
• Define specific rights to use PGP-encrypted removable drives for specific users and/or user groups.
• Define Shadow rules for PGP-encrypted removable drives.
• Review all attempts to access or use PGP-encrypted removable drives by all or certain users or computers.
• View audit logs of all changes done to permissions related with PGP.
• Review PGP permissions using the Reports module.