Why Device Control is not Enough in 2021
Published on : Thursday 02-12-2021
To avoid data leaks and breaches, companies need to look beyond Device Control and address the risks posed by sensitive data transfers, says Filip Cotfas.
Removable devices have long been a threat to data security. From employees copying sensitive data onto unsecure devices to malicious outsiders attacking a corporate network through infected USBs, the risks they pose are clear, and many companies have taken steps to address them. One of the main ways they have done this has been through Device Control tools that allow companies to control the use of peripheral and USB ports. But as more and more organisations rely on file sharing and cloud storage services to transfer and share information, is USB device control by itself still enough in 2021 to protect sensitive data?
Today, data breach remains one of the primary concerns. Companies may lose existing and new customers with a data breach as their image takes a reputational hit. Data breach investigations can also disrupt business operations and company systems, leading to financial losses. For all these reasons, companies must ensure that they avoid data breaches. Antivirus software and firewalls are essential for tackling external threats and, for many organisations, Device Control tools are used to address internal data leaks and potential attacks via removable devices.
How Device Control protects sensitive data: Device Control tools, usually part of Data Loss Prevention (DLP) solutions, allow companies to block or limit the use of USB and peripheral ports, but also devices connected through Bluetooth. This prevents employees from copying potentially sensitive data onto unsecure devices. Flash drives, in particular, have long been a data security problem as they are easy to steal or misplace. While some companies have chosen to enforce encryption on USBs to ensure that any company USBs stolen or lost cannot be accessed by unauthorised third parties, others have chosen to eliminate their use altogether. Device Control is particularly effective against the dangers of data exfiltration by malicious insiders. It prevents outsiders from attempting to attack a network through an infected removable device or boot a company computer using a USB to bypass login credentials. Organisations wishing to continue using removable devices also have the option of enabling a system of trusted devices issued by the company.
Why is Device Control not enough?
However, while Device Control is an effective way of controlling devices connected to company computers, what happens when an employee needs to take files with them that are too big to be sent by email? With USB flash drives disabled, they will turn to the internet for a solution: file sharing and cloud storage services. Nowadays, with popular services like Dropbox, Evernote, and Google Drive available to everyone at no cost, few employees will even consider a removable device but will immediately choose the convenient solution of cloud storage services that will make files available to them at all times from anywhere. And while this is very useful for employees, how can companies be sure that the files they upload to these services do not contain sensitive data? Worst still, what if they are not even aware of which services their employees are using to transfer files? Some companies address this risk by blocking the use of certain well-known applications, but that might only encourage employees to seek out lesser-known alternatives that might pose an even greater threat to data security.
Protecting sensitive data beyond Device Control: To avoid data leaks and breaches, companies need to look beyond Device Control and address the risks posed by sensitive data transfers over the internet. One way of doing this is to choose a DLP solution that includes Content Aware Protection features that help monitor and control the movements of sensitive data within and outside of the company network. Through Content Aware Protection tools, companies can define what sensitive data means to them. Using contextual scanning and content inspection, Content Aware Protection tools can identify sensitive data in over a hundred file types and monitor how they are being transferred and used within the corporate network. They can block the transfer of sensitive data through unauthorised channels, even when employees attempt to copy-paste or use a print screen to save or send sensitive data in the body of an email.
Towards a well-balanced approach to data protection: Companies can no longer afford to ignore the popularity of internet cloud storage services in the workplace and must implement security measures against any potential data leaks or data breaches resulting from their use. While Device Control features regulate work computers’ connectivity to other devices, Content Aware Protection tools safeguard sensitive data directly, regardless of what type of files it is found in.
Filip Cotfas has an impressive background in sales and project management. As a Channel Manager at CoSoSys, he is utilising his extensive skills for daily operating efficiency with a focus on the South Asia, Middle East and Northern Europe markets.
Filip`s main responsibility is handling the existing Customer portfolio, as well as acquiring additional revenue streams, mainly by coordinating with the existing partners or enabling new partnerships, in order to help more customers benefit from our award-winning Data Loss Prevention solution. In the past years, he has been developing the sales strategies for his markets and built a successful relationship with channel partners. Filip`s objective is helping businesses overcome their security challenges and protecting their sensitive information. He is goal-oriented with a genuine passion for sales and business development.