Learn how to secure your business data using USB Enforced Encryption from Endpoint Protector:
One of the greatest sources of data leaks is data in transit. Especially, in the current COVID situation, where most of us are working in virtual office space, we use devices for work that are very much outside the security of the company network.
Or, even before, many organizations have BYOD (Bring Your Own Device) policy at work wherein employees bring in their own USB sticks and connect them to company computers. A minor mistake with the use of these devices can lead to a big incident of data loss or theft.
What You Will Learn:
USB Enforced Encryption
Data security is vital – and one of the major steps towards security is encryption. Encryption is a way to protect your data in motion i.e. when it is transferred or copied as well as data at rest, i.e. when it is stored at some network device or computer.
Safeguarding your business data through encryption is so much critical from a security and compliance perspective. Enforced encryption is one of the modules by CoSoSys Endpoint Protector, which is used for automatic USB encryption. It is just the right tool for keeping the data secure, not only on hard drives but also on removable devices, such as USB.
It permits IT Administrators to expand their Device Control and InfoSec policies and ensure all confidential data transferred to USB storage devices is automatically encrypted. The solution can be employed on both macOS and Windows computers.
Also read =>> USB Device Not Recognized Error: Fixed
Enforced Encryption forces users to use only encrypted devices while moving the data. Instead of denying access to external devices, which would sound impractical, with the help of USB Enforced Encryption, your data stays protected in case USB devices are lost or stolen.
#1) Cross-Platform Capabilities
- Works for external devices connected to both Mac and Windows machines. Data encrypted on Mac can be decrypted on Windows and vice versa.
- The same set of features are given for both Mac and Windows.
- Admins do not have to switch the dashboards. They can control the settings from a single dashboard irrespective of the OS.
#2) Automatic and manual deployment
Using EasyLock with Endpoint Protector is easy through its intuitive interface.
- IT administrators can automatically deploy EasyLock to all entrusted USB devices when they get connected to the machine on the company’s network.
- Users and admins can also perform manual deployment by copying EasyLock on the USB device and executing it from the root.
#3) Complex Passwords
- Admins can enforce strong password settings, thus ensuring that data on the device stays secure.
- Password length, the minimum number of uppercase, lowercase letters, special characters & numbers, password validity duration, allowable limit for incorrect passwords – all this can be controlled by Admin.
#4) Resetting Passwords and devices Remotely
Admins can remotely control USB devices having EasyLock installed.
- Send messages to users
- Reset passwords in case of forgotten or stolen password
- Reset the device
#5) File Tracing
- This option is helpful for auditing and compliance purposes.
- All the data transfer to & from the devices using EasyLock can be recorded and logs are generated.
- The logs are sent to the Endpoint Protector server whenever the device is connected to a computer having an Endpoint protector client installed on it.
- Also works in offline mode, i.e. even when a device is connected to the company’s computer outside the company network.
How Does Enforced Encryption Work In Endpoint Protector
Concept Of Trusted Device Level
In addition to the normal allow access, deny access, and read-only access permissions, the Endpoint protector also provides some special rights known as ‘Allow access if Device is Trusted Device Level 1 to 4’.
Trusted devices are those devices that have some kind of encryption – it could be software encryption, hardware encryption, or combined encryption.
There is a total of 6 security levels of trusted devices in the Endpoint Protector 4 Device Control solution.
Let’s talk briefly about the Trusted Device (TD) levels:
Allow Access if TD Level 1: This is software-based encryption that converts any USB device into TD level 1 through EasyLock. It requires the IT admin to pre-install the EasyLock application on the USB device and employees’ computers.
When the device is connected to the computer, EasyLock decrypts the already existing data on the device and encrypts the newly transferred data during processing, and also it is password protected.
Allow Access if TD Level 2: This is advanced software-based encryption. It is considered a medium-security level with biometric data protection. An example of this is Trek ThumbDrive.
Allow Access if TD Level 3: This is strong hardware-based encryption. It is considered as a high-security level and is needed by certain regulations like HIPAA, SOX, GLBA, etc. For example, a device encrypted with FileVault on a Mac or a device encrypted with BitLocker on Microsoft Windows will fall in the category of Trusted Device Level 3.
Allow Access if TD Level 3, otherwise Read Only: This means that if the device is not TD level 3, then the user will get only read-only access on it.
Allow Access if TD Level 4: This is the maximum level of security and is generally for secret services, military, and government use. Devices with TD level 4 security have hardware encryption and are FIPS 140 certified. Examples include SafeStick BE, Stealth MXP Bio.
Allow Access if TD Level 1+: This is the next level after TD 1. It is recently introduced. The advancement comprises the remote installation of EasyLock on USB storage devices, which is a time-saver and can be easily and simply done.
If an employee will connect portable storage devices to a machine having Endpoint Protector client installed on it, EasyLock gets pushed and opened automatically, compelling employees to copy or transfer data only to the encrypted container of the device.
The TD Level1+ is highly useful because even if an employee brings in a USB device that is not encrypted, then TD Level 1+ with Endpoint protector will enforce encryption on the device.
By now, you must have understood clearly about TD levels.
Now, why do you think there is a need for Endpoint Protector Enforced Encryption? It is because the individual encryption solutions are not cross-platform.
If you would have observed above, then in TD Level 3, we mentioned that a device encrypted with FileVault on a Mac or a device encrypted with BitLocker on Microsoft Windows will fall in the category of Trusted Device Level 3.
But, the challenge with these individual encryption solutions is that they are not cross-platform, i.e. if you encrypt a device on Mac, you won’t be able to use it and decrypt its data on the Windows system. To overcome this challenge, Endpoint protector has integrated into its a cross-platform encryption application called EasyLock, which we just introduced above when we talked about TD Level 1 and TD Level 1+.
So, let’s try to understand more about EasyLock and how it works with Endpoint Protector to enforce encryption and secure your data.
EasyLock With Endpoint Protector
EasyLock Enforced Encryption application can be integrated with Endpoint Protector.
When used in combination with Endpoint protector, EasyLock provides enforce encryption options for any USB storage device that connects to a protected machine.
It helps in ensuring that any data transfer through the external device will be always encrypted. It also allows remote management of storage devices – sending messages, display customization, resetting passwords, resetting devices, etc.
Any USB device having the EasyLock application installed on it will fall into the category of TD Level 1. You can verify this easily: make an external device a TD Level 1 by selecting the option ‘Allow access if Trusted Device Level 1+’ option. By doing so, the EasyLock application will be deployed on the root of the external device.
In the case of USB devices, EasyLock is required to be deployed on the root of the device.
Let’s explore through an example of how Enforced Encryption works in Endpoint Protector.
#1) Connect a USB device to a Mac machine.
The device appears in Finder and the EasyLock application is pushed to the device and it automatically opens.
#2) When the application runs for the very first time, you need to accept the license agreement and set the password for the USB device as shown in the below screens:
That’s it. You can now log into the EasyLock application on the device by giving a password you have set.
#3) Upon login, you will see a computer’s drive on the left side from where you can transfer data to the right, i.e. to the USB device where the data is encrypted.
#4) Upon closing the EasyLock application, the data will remain in the encrypted container. The next time user connects this device to the computer, the EasyLock application will get started automatically. Upon entering the correct password, you will get access to the encrypted data on the USB device.
The benefits are enlisted as follows:
- Cross-platform: Enforced Encryption with EasyLock is cross-platform and works on almost any Mac and Windows machine.
- Government-approved: It employs US government approved 256bit AES CBC-mode encryption.
- Cost-effective: Using Endpoint Protector Enforced Encryption on regular USB devices is a much cheaper and affordable option as compared to using hardware-encrypted devices.
- A great solution for a financial business domain: Super useful for financial companies as they collect and process highly sensitive data and have an utter need to protect the data from unauthorized disclosure.
- Security & Compliance: Makes your organization meet security and compliance standards. Same security implementations for both Windows and Mac OS X.
- Great user experience – highly intuitive UI, easy to use: Makes administrator’s and user’s job easy as they do not need to switch to different dashboards for controlling devices connected to different operating systems.
- Sends alerts in case of security breaches/incidents
- Increased device control
- Convenient licensing
- Quick and easy installation
- Increased employees’ awareness
Failing to properly implement organization-wide encryption can lead to compromise and huge financial and reputation loss in business.
Endpoint Protector’s device control technology combined with EasyLock Enforced Encryption is a very convenient, affordable, and easy to use solution for organizations to minimize the risk of data loss and enforce encryption during copying or transferring data to and from any USB device that is connected to the company computers.
Suggested reading =>> Best Data Loss Prevention Software
What makes EasyLock USB Enforced Encryption stand out from other encryption solutions available is the fact that it is cross-platform and works on both Windows & Mac OS X, simplifying the tasks for IT admins and users on cross-platform networks.
Its other unique features like automatic deployment, controlling devices remotely, password settings, file tracking in both online & offline mode, etc. also make this solution super effective in securing your sensitive business data.