- Financial Services
- Public Sector
The DeviceLock Endpoint DLP Suite is a software solution that protects corporate endpoint computers and virtual desktops on BYOD devices against insider data leaks thus significantly reducing business risks and helping organizations comply with corporate policies, government regulations and industry standards for information security.
DeviceLock enforces a comprehensive set of contextual and content filtering controls together with centralized event logging and data shadowing for practically all local and network data channels on protected computers and for a variety of virtual computing solutions including session-based and streamed desktops and applications, as well as local virtual machines on hypervisors.
DeviceLock Virtual DLP “remotes” the enforcement of endpoint DLP mechanisms from the VDI host server down to the BYOD endpoint and creates there a full-function “virtual endpoint DLP agent” that prevents data leaks via practically all local channels and network communications of the BYOD device.
The DeviceLock Endpoint DLP Suite is a data leak prevention software that protects corporate endpoint computers and virtual desktops on BYOD devices against data leaks resulting from insider negligence, mistakes or deliberate misconduct. DeviceLock reduces business risks and helps organizations comply with corporate policies, government regulations and industry standards for information security.
Controlled endpoint data channels include local and session-redirected remote peripheral devices and ports, document printing, connected smartphones and PDA’s, clipboard operations, as well as user network communications via email, webmail, instant messaging, popular social media and cloud-based file sharing services.
Designed for use in IT organizations of any size, the DeviceLock DLP solution supports both native and web-based central management consoles. In large deployments, DeviceLock can be managed in the most economical and scalable way from a custom-made MMC snap-in for Microsoft Group Policy Management Console used with Microsoft Active Directory and Windows Server platforms.
When used together with desktop and application virtualization solutions, such as Citrix Virtual Apps and Desktops, formerly XenApp and XenDesktop, DeviceLock complements their inherent capabilities to isolate corporate and private environments on a BYOD device with the ability to control the content of data flows between them. The DeviceLock Virtual DLP feature supports content filtering of data transferred between centrally hosted virtual desktops or applications and redirected drives, removable storage, USB ports, printers and the clipboard of BYOD endpoints.
In addition, the content of user network communications from within virtual desktop or terminal sessions are controlled by the DeviceLock DLP agent installed on the terminal or VDI host server.To facilitate security monitoring, audit and evidence collection DeviceLock supports centralized event logging and real-time alerting for all Virtual DLP scenarios. Content-aware shadowing of data transferred to BYOD endpoints is supported for the redirected clipboard and USB storage devices.
Essentially, DeviceLock Virtual DLP “remotes” the enforcement of endpoint DLP mechanisms from the VDI host server down to the BYOD endpoint and creates there a full-function “virtual endpoint DLP agent” that prevents data leaks via practically all local channels and network communications of the BYOD device.
As a result, by using DeviceLock in BYOD implementations based on Citrix Virtual Apps and Desktops, organizations can inspect and filter the content of data exchanges between the protected virtual corporate workspace and the private part of the BYOD device, its local peripherals and the network – i.e., all those destinations outside of the corporate border that should be treated as insecure.
DeviceLock Virtual DLP controls enforced on top of virtual platforms ensure that data from the corporate IT environment and the private BYOD environment are not intermingled while all necessary business-related data exchanges between the two environments are allowed based on least-privilege DLP policies. At the same time, employees maintain full control over the device platform, their personal applications and private data, yet they remain responsible for the device maintenance and support. This provides a distinct advantage over the conventional Mobile Device Management-based BYOD approach whereby the enterprise can be responsible for causing problems with the personal device and its owner’s private data.
Data leak prevention delivered by DeviceLock Virtual DLP to BYOD solutions based on desktop and application virtualization is universal and works for all types of BYOD devices – including mobile platforms, such as iOS, Android and WindowsRT, thin terminal clients with Windows CE, Windows XP Embedded or Linux, as well as any computers that run OS X, Linux or Windows.
All DeviceLock DLP solution’s components, including endpoint agents, servers and management consoles can run in Windows virtual machines on Citrix Hypervisor, formerly XenServer. Organizations standardized on any virtualization platform for their BYOD strategies will benefit greatly from deploying the DeviceLock Endpoint DLP Suite, since it is the most effective, straight-forward and affordable way of implementing comprehensive endpoint DLP services for any type of BYOD devices.
For more information, click here.