I am in preparing to replace our current DLP solution with McAfee's solution. I have a Removable Storage Protection rule to require justification when data is moved to removable storage. There are two strange things I noticed:
Because questions often come with "what are you trying to accomplish" type questions, I'll clarify now. Our primary goal to have an audit trail for data that leaves the system. We don't need a justification, but they should at least have to acknowledge the dialog (Yes/No). Since we still have a lot of legitimate uses of USB drives, blocking or setting to read-only is not appropriate. The most important requirement is that the content process be as user-friendly as possible.
Thank you in advance for any help or feedback.