Removable Media Encryption (RME) automatically enforces policy-based encryption for files copied, moved or saved to any USB and Media Transport Protocol (MTP) supported devices (e.g. thumb drive, MP3 player, camera, smartphone, etc.). RME allows any portable device to be a secure data traveler, eliminating the need and cost to require the use of specialty encrypted devices. Its adaptive policies also ensures encryption controls are only enforced for sensitive information on a device, meaning non-sensitive data can be moved to a USB device without encrypt being activated.
With the inclusion of multiple USB, Fire Wire and Bluetooth channels on desktops, laptops and other types of end points the ease of moving large amounts of data for storage and business purposes has never been easier. These devices and other removable media allow users to extract huge amounts of data in an instant making sensitive data on any computer vulnerable. Once sensitive data has moved to a storage device it is untraceable and easily removed from the enterprise and compromised. The act of moving this data without an audit trail or encryption also constituents violations of regulatory laws such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLBA), International Traffic in Arms (ITAR), UK Data Privacy (DPA) and many more.
To offer some level of risk mitigation, many companies have deployed a removable media tool that encrypts the entire USB drive or any files being copied to a USB drive, restricted the use of USB drives and in some extreme cases, even glued shut the different computer ports for machines in hi-risk locations. These approaches offer some level of efficacy but in no way offer a preferred solution to mitigate data loss risk as they fail to:
The last two points hide an even larger information protection problem; the failed strategy of deploying multiple point tools across all the potential channels of data loss. Companies that have taken this strategy continue to see large data losses as well as failed audits. The lack of a unified information protection solution leaves large gaps in policy execution and actually increases risk due to un-needed complexity.
Digital Guardian RME provides transparent and automated data level or device level encryption and control of both managed and unmanaged device. With Digital Guardian, encryption and decryption can occur automatically and without the user's knowledge for files being moved to mobile devices by authorized users on machines where Digital Guardian Agents installed.
Digital Guardian's patented encryption capabilities are built upon the integrated key management system that authenticates Digital Guardian Agents to the Digital Guardian management console. Each Agent holds a certificate containing the public key for the Server and its own unique private key. The Server holds a current certificate, containing the public key of the Agent, for each Agent that the Server has communicated with. Digital signatures are also used to ensure non-repudiation of collected and reported activity data. This integrated server and agent encryption system eliminates the need for separate PKI/key management systems the overhead that comes with them.