However, this is only the first part of the security picture. Full-disk encryption is not a magical shield against all types of security threat to portable devices. While it will protect data on the hard drive from compromise if the device is stolen or lost, the hard drive is only one storage medium in use on a typical laptop. This brings us to the second area for endpoint security: the management and control of data leakage.
Data leakage: audit and control of removable media
Endpoint security should ensure that the organisation is able to avoid data leaks onto peripheral devices such as USB drives and portable storage media – such as mp3 players and digital cameras. The starting point for protection against leaks via these USB devices is to include them in the business acceptable usage policy (AUP) and to educate users on the importance of following policy – which will include the business risks of breaching policies.
However, policies alone are not enough. How should they be backed up and enforced? This is the role of port control solutions, which can automatically block a USB device that does not comply with the corporate security policy or prevent the transfer of certain files or file types. An example of a corporate security policy could include allowing encrypted USB devices – but not an iPod or mobile phone – from an authorised user. Again the ability to manage the security policy centrally will be a key requirement to the Security Department as in a large environment it would not be unusual to have 1000s of USB devices. Once the data is encrypted on an authorised device it must be accessible to the organisation if required through central administration of the system.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.