DeviceLock Stops Data Leaks at the Source
For any businesses in the modern economy, information used in corporate IT systems in the form of digital data has become a critical intangible asset for their growth, sustainability, and competitiveness. Such information includes intellectual property, customer data, company’s financials and trade secrets, PII and PHI of clients and employees, technology “know-how”, competitive intelligence, and many more types of meaningful knowledge. Data is very much “the blood” of corporate IT, and as a loss of blood is deadly dangerous for living organisms, so it is for businesses with leaks of data from the corporate environment and its users.
Protecting data is critical in today’s hyper-networked reality where ubiquitous mobile data communications, the Internet, social media, email, and other consumer applications, as well as the commercialization of cybercrime, have all combined to sharply increase the threats to IT security. The global pandemic of data breaches resulting from unauthorized access to, and dissemination of, valuable corporate information can lead to heavy financial losses from costly litigation, compliance fines by authorities, damage to reputation, and loss of revenue.
It is especially dangerous that most data leak incidents are related to “insiders” – normal users of corporate IT systems that include employees, contractors, and clients. The primary reason is human nature – people make accidental mistakes and can be negligent in data handling, while sometimes there is actual intentional misconduct. Often, many unwittingly become victims of social engineering attacks such as email or social media phishing.
To solve the problem of insider data leaks, we have developed DeviceLock DLP — a software solution for organizations that require a simple and affordable approach to preventing data leaks from corporate Windows and Mac laptops, desktop computers, and virtualized Windows sessions and applications. DeviceLock DLP implements and effectively coordinates a full-featured set of contextual and content-aware controls over data-in-use, data-in-motion, and data-at-rest that is designed specifically for preventing information leaks from corporate endpoints.
DeviceLock DLP leverages a lightweight enforcement agent that is installed on every protected computer and a central Group Policy MMC snap-in that is adjustable to any size and type of corporate network. There are also traditional central consoles that can be used for managing Macs, non-AD LDAP environments, and/or Windows workgroups. Running transparently for users and applications in the scope of normal business processes, DeviceLock Agents detect and prevent unauthorized data access and transfer operations on protected computers. The Agent’s multi-layered inspection and interception engine provides fine-grained control over a full range of data leakage pathways at the contextual level. For further confidence that no sensitive data is escaping, content analysis and filtering can be applied to endpoint data exchanges with removable media, printers, and PnP devices, as well as with the network protocols associated with connecting to Internet applications and services.
In addition, DeviceLock Discovery Server and DeviceLock Discovery Agents are used to scan and find documents at rest to see if there is any exposed sensitive content stored at prohibited locations on network shares, storage systems, and Windows endpoint computers inside the corporate network. DeviceLock Discovery provides options to protect these potential data leaks with automatic remediation actions, and can initiate incident management procedures with real-time alerts sent to SIEM systems and IT security personnel in the organization.
With DeviceLock DLP, security administrators can precisely match user rights to job functions with regard to transferring, receiving, and storing data on corporate computers. The resulting secure computing environment allows all legitimate users’ actions to proceed unimpeded while blocking any inadvertent or deliberate attempts to perform operations outside of preset rules.
The DeviceLock DLP solution is simple, easy to operate, and designed to effortlessly scale from small to large installations and to simplify DLP deployment and management such that it can usually be performed by in-house Windows administrators using the Microsoft Active Directory’s Group Policy Management Console or DeviceLock’s companion consoles. The complete package delivers an unprecedented level of functionality among endpoint DLP solutions in an affordable price range.
By effectively preventing endpoint data leaks, DeviceLock DLP helps organizations minimize related information security risks and achieve compliance with corporate data use policies, IT security standards, and government regulations.