The DataDefence client software implements the policies defined by the DataDefence server management console. It routinely checks in with the server, in the background, whenever an internet connection is present, requiring no end user intervention. If rules or device status is changed by the enterprise, these are communicated directly to the client agent transparently.
The DataDefense solution uses Microsoft's Encrypting FileSystem (EFS) to begin encrypting after the setting is downloaded by the DataDefense client during installation or check-in with the DataDefense server. This takes the encryption process compliance away from the user — the user has no choice or control over what gets encrypted on his PC.
The DataDefense solution encrypts all data files that are location based (My Documents, Desktop, specified folders, or Local C drive, etc.) or file type based (*.doc, *.txt, *.xls, *.ppt, etc.),by using “Data Sets”to define what and where files are encrypted. DataDefense comes installed with predefined default data sets, as well as giving the enterprise the control to define new data sets to address the organization's particular needs. In addition, DataDefense includes a blacklist of key operating system files that should not be encrypted to
ensure smooth operation. The enterprise specifies the encryption location or file types. By encrypting the specified folders that contain these files, all newly created files in these folders are created in an encrypted state. In fact, with folder encryption, even the temporary files that are created in the encryption conversion process (during a first-time file encryption) are encrypted, ensuring complete data protection on those files.
It does not, by default, encrypt the operating system or applications, thereby avoiding performance degradation and ensuring no interference with disk utilities such as partitioning, image backup and data recovery programs. In addition, the DataDefense solution automatically sweeps the device's hard drive every six hours to ensure that any targeted files that may have been added or changed in different folders/locations will be encrypted.
A key strength of the DataDefense solution is how it manages the EFS encryption process.
When the DataDefense solution is installed on the client, it turns on EFS for the locations and file types specified by the administration server. It sets the EFS encryption process as a background process in the user space to ensure that it has no measurable effect to the user on the application processing speed of the device.
Given the intensive disk I/O necessary to encrypt files, this is a key capability to ensure that the additional security does not hamper the user's ability to execute her work.
An organisation must also be able to respond to security breaches.
Employees will lose their laptops, have them stolen or simply leave with them when they terminate employment with the company, and passwords will be hacked or compromised. Temporary employees present another set of security implications as well. The organisation must have ways to monitor for these situations and an ability to react in a way that eliminates, or at least greatly minimizes, the potential losses from these events.
Obviously, encryption alone does not provide this level of data protection. In fact, in the situation where the device is no longer under the control of the enterprise, the data is always at risk, with no clear end date for the organization to be certain the data no longer is a security risk. Clearly the enterprise needs an additional solution that can:
|
