DeviceLock 7 review
Accidental or deliberate data leakage is now a major security headache for businesses. Dave Mitchell takes a look at DeviceLock 7 to see if it plugs those holes that others leave behind.
Network perimeter security is no longer enough to prevent data leakage as the enemy is probably already inside the gates. The number of communications methods and removable storage devices available to your users makes it all too easy to accidentally take sensitive data off premises or steal it.
We've always been impressed with DeviceLock's solution to this problem and this latest version adds stronger access security at the network protocol level. It also has greater content awareness allowing it to apply access policies based on file content as well as file type. This ContentLock feature works by recognising keywords and patterns within file contents.
At its foundation, DeviceLock provides controls for managing access to every conceivable workstation port and removable storage device. The latest iPads and iPhones are recognised so it can control data transfers between these types of devices and manage access to functions such as calendars, contacts and email.
These are some of the messages users will see if they try to access devices or services they do not have permission for.
DeviceLock 7 introduces the optional NetworkLock component which takes access control up to the network protocol level. For SMTP you can control connections to a mail server, the sending of emails and whether attachments are permitted.
HTTP policies determine whether you can post content to web forms, upload files to a web server or whether you are allowed any web browser access at all. For social networking sites you can control basic access, permit users to post comments and messages and allow or deny uploading content.
Installation on a Windows Server 2008 R2 64-bit system was easy enough, although DeviceLock really needs to integrate everything into a single console. At present, you have to juggle three different consoles. One works with the standard MMC console integrating with Active Directory so access policies can be enforced at the user and group level.