Endpoint security vendor DeviceLock continues to seek partners in order to counter the growing use of removable storage devices - such as memory sticks - in the removal of sensitive information from corporate networks.
DeviceLock announced last week that it was partnering with Ironkey, which claims to provide the world's most secure flash drives offering military grade AES encryption. The two companies said their announcement was aimed to combat the increasing threat of "data leakage from the desktop to the pocket," i.e. sensitive data leaving the company via USB or storage device.
DeviceLock made its name from its ability to enforce security policies related to personal storage devices. "The key functionality of our software is to control any type of internal or local ports or interfaces of the endpoint computer," said Alexei Lesnykh, DeviceLock's business development manager.
This includes controlling which users or groups can access USB, FireWire, Infrared, COM and LPT ports; Wi-Fi and Bluetooth adapters; any type of local, network, or virtual printer; any Windows Mobile and Palm OS-based PDAs and smart phones; as well as DVD/CD-ROMs, floppy drives, and other removable and plug-and-play devices.
According to Lesnykh, a lightweight endpoint software client is installed onto "every computer being protected, but it is completely centrally administered and deployed." Access policies can be defined for the whole of the distributed network, but in addition, every individual end-user agent can have specific end-user access control policies, allowing a fine layer of granularity.
"Our approach is based on loosely-coupled integration," explained Lesnykh. "We partner with people. For example, for encryption we partner with PGP on the software side, and on the hardware side, we partner with people like Lexar Media."
"We opt for integration [with partners] and the code is not merged into our products, so we will not run afoul of U.S. legislation," said Lesnykh. "Because of this, we don't have any problem with U.S. government controls." (After World War 2, it was illegal for the U.S. to sell or distribute encryption technology overseas as it was classified as a munition. Some restrictions still apply nowadays to the export of cryptography.)
Lesnykh points out that DeviceLock is still actively seeking new technical partners, especially in the data leak prevention and encryption fields.
And Lesnykh is clear about the threats organizations are facing from unsecured machines in the corporate network.
"In my experience the biggest threat comes from USB devices," said Lesnykh. "However memory enabled devices, such as smart phones, are also a growing concern. This is because the capacity of personal mobile devices is often the same as USB sticks."
Lesnykh's view is backed up by a Ponemon survey last December, when more than half of the respondents said they had personally copied confidential company information into USB memory sticks, even though more than 87 percent admitted that company policy forbade them from doing so.
Lesnykh meanwhile rates the second most common way for data leaks to occur is via local synchronization, i.e. copying sensitive data from one device to another device locally. The third most commonly leak is via document printing, where is it "very difficult to catch the thief."
"The sales stats are telling us that demand (for USB protection) is growing," said Lesnykh. "Not just in vertical industries such as financial or military. We are seeing large demand from legal, healthcare and even municipalities, and police departments in the UK. The market is growing fast, from large enterprises down to SMB and other industries."
DeviceLock is also apparently fielding a lot of requests from customers regarding controlling the printing of documents. At the moment, DeviceLock offerings context based endpoint security (i.e. specifying which printer can print documents), rather than content based end point security (but it is looking to add this at a later stage).
Lesnykh insisted there are no other hidden costs for central management and administration components - "although these are very advanced and natively integrated with Microsoft Active Directory."