Overview
Today, organizations have many users who must continue working with business-critical information when they are disconnected from the corporate network. For example, traveling sales representatives, insurance agents and regional inspectors increasingly use corporate laptops or notebooks at disconnected locations. Protecting the sensitive information on these mobile computers has become a priority for many organizations.
DeviceLock provides greater protection of sensitive corporate information in disconnected environments. You can control user access to devices and protocols as well as the shadow copying of the data written by the user or transmitted over the network in different offline scenarios. DeviceLock also offers more management flexibility, as you can define different online vs. offline security policies for the same user or set of users.
A user’s online policies are applied when connected to the corporate network, or specified DeviceLock Enterprise Servers, or Active Directory domain controllers. Offline policies are applied when the user is working disconnected from the corporate network, or specified DeviceLock Enterprise Servers, or Active Directory domain controllers.
For DeviceLock to enforce different policies in online vs. offline scenarios, configure settings for two profile types:
•Regular Profile - These settings are used by client computers that are working online.
•Offline Profile - These settings are used by client computers that are working offline (for example, when users travel with their corporate laptops).
If offline profile settings are not configured, regular profile settings are used in both online and offline scenarios.
You can use different regular vs. offline profiles for Permissions, Auditing, Shadowing rules and Alerts, USB Devices White List, Media White List, Protocols White List, Content-Aware Rules, Basic IP Firewall, and Security Settings. You can manage offline profile settings using DeviceLock Management Console, DeviceLock Service Settings Editor or DeviceLock Group Policy Manager.
The following examples describe typical scenarios in which you are likely to set different online vs. offline security policies to better protect your corporate data.
•Scenario 1. Suppose you have a Finance group in your organization. As an administrator, you can allow members of this group to write files to Removable, Optical Drive, USB, and Floppy devices when they work online. Their online activity will be audited. Any copied files will be shadow copied; and audit and shadow logs will be sent to DeviceLock Enterprise Server. When offline, members of the Finance group will be denied write access.
These security policies let you monitor the activity of the Finance group members in real-time mode. By examining audit and shadow logs on DeviceLock Enterprise Server (often on a daily basis), you can respond promptly and appropriately when a data leakage incident occurs. In this case, a user will not be able to copy sensitive information to a device while offline in an attempt to avoid sending shadow copies to DeviceLock Enterprise Server and thus alerting the Security department of the data theft.
•Scenario 2. Imagine Mary, a sales representative of a large company, who has a notebook computer and frequently works out of the office. She needs to be able to provide her business partners with information files resulting from her work. In this situation, you can allow Mary to write certain files to Removable, Optical Drive, USB, and Floppy devices and enable the shadow copying of these files when she works offline. When online, she will be denied write access to the specified device types.
These security policies give you greater flexibility in managing users within an organization while providing better corporate data security.