DeviceLock 6.3 from DeviceLock Inc.

It's a well publicised fact that many of the biggest threats to the security of corporate data lie within the network perimeter. A classic example is removable media which now poses a serious problem as low-cost, high capacity USB memory sticks can be used by staff to copy vast amounts of valuable business data in a matter of seconds. DeviceLock offers a simple solution for controlling the use of all removable media. As you'd expect, the USB port is at the top of its hit list, but DeviceLock also extends control to every imaginable desktop port including serial, parallel and infra-red plus, CD, DVD and wireless network adapters.

New features in this latest version help to control access to local and network printers where you decide who can print to them and shadow, or monitor, all user printing activities. Temporary white lists can be used to permit access to a specific port or device for a single user session, and encryption gets a higher profile as you can now limit access only to USB storage devices that use TrueCrypt or PGP. Palm OS PDAs are now supported, and DeviceLock allows you to decide whether to allow file sharing and the use of objects such as email, contacts, favourites or calendars. We found DeviceLock easy enough to install in the lab and during this phase were offered a choice of three management consoles. The standard console functions as a Microsoft Management Control (MMC) snap-in, and a second integrates with the Windows Group Policy Editor, whilst the Enterprise Manager is aimed at managing larger networks.

There's also an Enterprise Server which requires access to a SQL database to allow it to log client activity, and maintain longterm stores of shadow operations. The Enterprise Manager console is best suited to environments not using Active Directory where it provides a scanning service for locating workgroups and individual systems and tools for deploying the DeviceLock service. Within our test AD domain, we found the standard MMC console the preferred choice, as it allowed us to select devices and port types and decide what access we wanted to allow or deny. A key feature is the ability to set restrictions and permissions at the user and group membership levels, making it a cinch to deploy access policies. Global policies can be used for some devices, but access can be fine tuned for each port or device type as you can add multiple users and groups, each with their own set of permissions.

These include full or read only access and schedules can be used to determine the time periods when specific policies are active. White lists are used when you want to permit access to specific pieces of media. USB devices are indentified by their manufacturer's serial number, whilst for optical media, DeviceLock will compute a unique signature so you can authorise access to selected discs only. The shadowing feature could prove a valuable ally for administrators that want to monitor user activity, as this mirrors data being written to removable storage devices and stores it in a private area on the local system.

From the management console you can open selected files and see what was occurring, and copy them to your own system for further investigation. Businesses that allow the unsupervised use of removable media in the workplace are asking for trouble. There are now clear legal requirements to show corporate data is being adequately protected and DeviceLock offers a simple, yet highly versatile, solution to this substantial security risk. It's simple to deploy and manage, and its pricing structure should make it affordable to a wide range of organisations. NC

Product:

DeviceLock 6.3 Supplier: DeviceLock Inc.
Tel: 0800 047 0969
Price: 50-99 seats - £11.30 per seat excluding VAT
Web site: www.devicelock.com