Removable media security can mean a lot of different things. For some, it is the ability to "turn off" ports. For others, it means encrypting USB sticks. Different organizations have different needs, and the result has been lots of point products in the marketplace that only solve a part of the problem. The good news is that McAfee offers a comprehensive suite of data protection products. This suite covers all the common use cases and gives the added benefit of sharing a single management console - ePO. In this post, I'll outline our most common customer requests as use cases and then map those use cases to McAfee products. Generally speaking, you can cover all of these use cases with McAfee Total Protection for Data.
The best way to think about data protection for removable media is to break it down into three categories.
McAfee Device Control is used to block removable media devices. This includes protection for common removable media, like USB sticks and CD/DVD media, but also has protection for other interfaces like Bluetooth. It also offers reporting so you can know who is trying to use the ports and how they are trying to use them. This visibility allows you to tune the policy and also allows you to show the effectiveness of your policy (you should see fewer violations over time).
Use Case: Block removable media
This is the simplest of use cases. The Device Control policy is set to block all removable media. The user is prevented from writing to or reading from the device. The event is recorded and sent to ePO for reporting. Optionally, a warning message can be displayed to the user. This, hopefully, teaches them about your security policy and modifies their behavior over time.
Use Case: Make removable media read only
This is a less restrictive Device Control policy. It allows the user to read data from their removable storage device, but stops data loss by making it read only. This can be useful when you have contractors or consultants on site and they need to share data with you, but you don't want to leak any data to their devices.
Use Case: Standardize on a secure device
This policy grants users read and write access to the device, but only if the device has been approved. The most common type of approved device is a pre-encrypted USB stick. McAfee, for example, sells pre-encrypted USB sticks and also partners with SanDisk to offer ePO management of their encrypted USB sticks.
McAfee Device Control Demo
McAfee Host Data Loss Prevention is used to filter content copied to removable media. Device Control gives very granular control over devices. Host DLP does the same thing, but for data. The policy could be set to allow any kind of removable media to connect to systems, but Host DLP would prevent any sensitive data from being transferred to those devices. Like Device Control, Host DLP also offers rich reporting and warning prompts to the end user.
Use Case: Prevent transfer of sensitive data to removable media
Host DLP finds sensitive data based on template or custom content types (social security numbers, credit cards, etc). The policy then prevents that data from being copied to removable media. This preserves the end user's ability to work with removable media without putting the organization at risk for data loss.
Use Case: Ensure all sensitive data is encrypted when transferred to removable media
Integration with our encryption products allows Host DLP to do more than just prevent sensitive data transfers to removable media. The policy can be set to encrypt sensitive files when they are transferred to removable media. This allows the use of removable media and allows sensitive data to be on removable media, but only if the data is encrypted. You can see a demo of this integration here: http://www.youtube.com/mcafeetechnical#p/c/4905FE3461BC108A/0/a8KFISLIcUw
McAfee Endpoint Encryption for Files and Folders is used to encrypt removable media. This is a popular choice because pre-encrypted USB sticks are more expensive, and often times it is difficult for organizations to standardize on a secure device. It can also be difficult to classify all data and be 100% accurate with Host DLP. Removable media encryption, at that point, becomes the logical choice. The policy is usually set to simply encrypt all removable media when it is plugged into the host system. This ensures all data copied to that media, is stored in an encrypted container and therefore fully secured while at rest.
Use Case: Encrypt all USB sticks
McAfee Endpoint Encryption for Files and Folders can be set to fully encrypt removable media. Typically, the policy is set to prompt the user and give them the option to encrypt the device. If they decline the option, then the device is made read only. If they accept, then all data is backed up and the device is formatted. Then the entire device is encrypted and the data is restored. At this point, the device is encrypted and it can be accessed on any system - as long as the user remembers their password. The simplicity of this approach, and the portability of the data make this a very popular option. You can see a demo of this here: http://www.youtube.com/mcafeetechnical#p/u/58/Hd6GDxJIBGo Note: this feature is sometimes referred to as Endpoint Encryption for Removable Media (EERM).
Hybrid Use Cases
Having all three of these products managed by ePO allows even greater flexibility. Some organizations have very specific needs for different groups of people. ePO allows us to mix-and-match policy options to deliver coverage for more use cases. Also, ePO allows us to granularly assign these policies so we don't have to settle for global "one size fits all" policies.
- Encrypt all USB sticks, but block sensitive data from being transferred to those devices.
- Allow data transfer only to approved devices, but make non-approved devices read only
- Encrypt files transferred to non-encrypted USB sticks, but don't do file level encryption if the destination media is encrypted
... and many more
Removable media security is a complex task. McAfee's Data Protection products offer the flexibility to cover the most diverse use cases and augment that protection with a common management interface. The granular control and superior reporting offered by ePO gives administrator's the flexibility they need and the assurance they desire to have confidence in the removable media protection strategy.