Bring Your Own Device (BYOD) Environment
DeviceLock’s Virtual DLP feature extends the reach of DeviceLock data leak prevention capabilities to a variety of virtual computing solutions. These include session-based and streamed desktops and applications, as well as local virtual machines on hypervisors. Supported desktop and application virtualization solutions from major vendors include: Microsoft RDS, Citrix XenApp, Citrix XenDesktop and VMware View.
Virtual DLP complements the inherent capabilities of these solutions to isolate virtual and host environments by providing a comprehensive set of contextual and content filtering policies. These policies are enforced over data flows between centrally hosted virtual desktops or applications and redirected peripheral devices of remote terminal endpoints including drives, printers, USB ports and the clipboard. In addition, user network communications from within the terminal session can be controlled by the DeviceLock DLP mechanisms. Centralized event logging and data shadowing are also fully supported for all Virtual DLP scenarios.
As a result, by using the DeviceLock Endpoint DLP Suite in BYOD implementations based on virtualization platforms from Microsoft, Citrix, VMware and others, organizations can fully control virtual corporate environments on employees’ personal devices. In addition they can monitor, inspect and filter the content of all data exchanges between the protected virtual workspace and the personal part of the BYOD device, its local peripherals and the network – i.e., all those destinations outside of the corporate border that should be treated as insecure. DeviceLock Virtual DLP controls enforced on the edge of virtual platforms ensure that data from the corporate IT environment and the host BYOD environment are not intermingled. All necessary business-related data exchanges between the two environments are allowed based on least-privilege DLP policies, and employees maintain full control over the device platform, personal applications and their private data. In addition, the employee remains fully responsible for the device maintenance and support, which provides a distinct advantage over the conventional BYOD approach whereby the enterprise can be responsible for causing problems with the personal device and its owner’s private data.
Best of all, the DLP protection delivered by Virtual DLP to BYOD solutions based on desktop and application virtualization is universal and works for all types of BYOD devices. These can include mobile platforms, such as iOS, Android and WindowsRT, thin terminal clients with Windows CE, Windows XP Embedded or Linux, as well as any computers that run OS X, Linux or Windows. Organizations standardized on any virtualization platform for their BYOD strategies will benefit greatly from deploying the DeviceLock Endpoint DLP Suite, since it is the most effective, straight-forward and affordable way of implementing comprehensive endpoint DLP services for any type of BYOD devices.