End-point-device, data encryption
Encrypting data when device is idle and in-use
Full-disk and volume encryption protects data if device is physically lost, but does nothing to protect data once a valid user has logged-on and encryption is essentially bypassed.
Many organizations use full-disk and volume encryption products to protect the data content of end-point devices in the event that the device is lost or stolen.
However, in today’s work-from-anywhere world, the risk of physical loss is out-shadowed by the significantly greater vulnerabilities that occur whilst the device is being used by its legitimate owner in on-line activities such as banking, accessing membership details, purchasing products, paying bills etc.
Public Wi-Fi networks, unmonitored Bluetooth connections, browser connection to compromised websites can all present opportunities for hackers to gain access to end-point devices after the point where full-disk or volume encryption provide no protection, that is encryption has been bypassed.
Randtronics DPM easyCipher provides agent-based, file/folder level transparent data encryption (TDE) that allows sensitive files and folders on end-devices to be protected whilst in use:
Data is protected at all times from:
- other users on the machine including OS system administrators
- from non-whitelisted applications
And by policy, additional restrictions can be placed on the users access to protected files/folders. Sensitive data folders can be temporarily locked whilst working on unsecured networks and unlocked on demand.
Full-disk and volume encryption helps address the risk of physical compromise (when a device is lost or stolen) of end-point device contents — but offers nothing to guard against data compromise during everyday use on unsecured networks.
Randtronics DPM easyCipher can work alongside full-disk or volume-encryption to protect end-point-device data whilst the machine is in-use.
Randtronics DPM easyCipher
DPM easyCipher provides transparent data encryption for databases, web/app servers, file servers, NAS storage and end-devices.
Data policies and encryption keys are managed centrally providing enterprise-wide control of sensitive data.
DPM agent installed on end-point-device mediates all access to secured folders and prevents access from any non-whitelisted user or application.
DPM easyCipher co-resides and adds privacy control depth without complications alongside full-disk or volume-encryption such as Microsoft Bitlocker. DPM easyCipher when used with Microsoft Bitlocker can provide an added layer of protection against unauthorized access to sensitive information, even if an attacker gains access to the device or volume.
Download presentation on using DPM TDE to complement Bitlocker protection on Laptops
Latest news and articles
This week the news broke that Mandiant (an incident response firm) attributed the recent cyberattack campaign targeting customers utilizing Barracuda’s Email Security Gateway to hackers