Lumension® Data Protection

USB Security and Data Encryption

Safeguarding your data is critical to running your business and protecting intellectual property as well as the privacy of employees and customers. The news is rife with reports of data being lost or stolen from laptops left in cars, USB flash drives dropped in airports, and unencrypted CDs and DVDs lost in the mail.

Sensitive information can be lost or misused in an instant – possibly requiring a data breach notification, and the associated costs and disruption – unless you enforce data encryption policies regardless of where it is stored: fixed storage (e.g., laptop hard drives) or removable storage devices / media (e.g., USB flash drives or CDs).

Physically blocking USB devices or port access hinders the flow of business, so enforcing a flexible policy that provides visibility and puts controls over – but does not altogether ban – the movement of information is imperative. In order to effectively protect your information and prevent data loss, you have to know what your current risks are. Take the first step by downloading the free Lumension® Device Scanner to find all of the USB devices that are being connected to your network.

Lumension® Device Control Delivers USB Security

Lumension® Device Control eliminates data loss or theft by enforcing USB device use policies to

  • Identify all removable devices / media connected to your network assets, by type (e.g., USB thumb drive, CD burner, smart phone), manufacturer, model number, and MAC address (if applicable).
  • Control and manage any removable devices through endpoint ports, including USB, FireWire, WiFi, Modem / Network NIC, and Bluetooth.
  • Provide detailed forensics on device usage and data transfer by person, time, file type, and amount. By monitoring and creating shadow logs of file transfers, you can replicate the actual files or just record file name, type, and ownership.

Lumension® Device Control Enforces Encryption Policies

Lumension® Device Control allows you to require users to encrypt data written USB sticks, CDs, DVDs and more, using FIPS 140-2 level 2 validated encryption. Encryption is self-contained on the device, allowing only those with an encryption key to access that information. In addition, you can:

  • Control who in your organization can access devices / media and control whether or not those devices / media can be accessed outside of your organization, giving you peace of mind if they are lost or stolen, knowing that the contents are encrypted and therefore inaccessible.
  • Assign access permissions to removable devices / media, and one of the several encryption methods, including Non-Portable Encryption (access on network only) and Portable Encryption (self-contained for use outside of the network).
  • Limit the types of files which can be transferred onto removable devices / media, and the amount of data which may be transferred per day of the week.

FIPS 140-2 Level 2 Validated

The Lumension® Cryptographic Kernel (LCK), a stand-alone software cryptography module which powers the Lumension® Device Control encryption capabilities, has been FIPS 140-2 Level 2 validated. It provides the core ciphering capabilities that protect organizations from malicious or accidental data loss through the use of removable devices and media. This validation by the National Institute of Standards and Technology (NIST) assures governmental and private-sector users alike that:

  • It meets the highest standards available for software-based cryptography modules.
  • The design and implementation of the cryptographic module itself is highly secure.
  • It is certified and ready for use by governmental agencies and other organizations requiring the highest level of security and encryption commercially available.

Please see the FIPS 140-2 Validated Encryption page for more detailed information.

Lumension® Disk Encryption Delivers Full Disk Encryption (FDE)

The Lumension® Disk Encryption Add-On (powered by Sophos) helps you avoid embarrassing and costly data breaches by encrypting your hard drives so that data is protected if a computer goes missing. And it’ll keep your business in compliance with security regulations too.

Lumension® Disk Encryption allows you to:

  • Encrypt all machines without getting in the way of your users
  • Recover lost passwords themselves without troubling the helpdesk
  • Use existing management tools to keep track of compliance
  • Leverage extra biometric security options include support for Lenovo fingerprint readers*

* Available on certain PC models

Learn more about Full Disk Encryption.


Ready for Your Free Trial?

Get Started Today

In just a matter of minutes you can start your evaluation Lumension® Device Control. Centrally control and enforce security policies regarding use of removable devices and media to prevent data loss, thwart malware intrusion, and protect data via encryption.


  1. Ponemon Institute, 2006 Cost of Data Breach Study, November 2006