Comprehensive Guide to Device Control

A comprehensive Device Control strategy tailored to your organization's unique risks is essential for effective security.

  1. Deny peripheral device access to all the endpoints

    The endpoints newly entering the network are more prone to unauthorized peripheral devices. You can shut off all the peripheral device access to all the endpoints by configuring a block policy, thus ensuring the organization's security is unaffected.

  2. Frame policies to allow peripheral device access for privileged users' endpoints

    Even with Managers and C-level executives being a part of the organization, you don't have to tiptoe around when structuring a policy for them. Create a policy specific to certain endpoints accessed by high privileged users and allow permissions to access all the peripheral devices without risking their productivity.

  3. Allow access to specific users using user group exclusion without creating additional policies

    An organization with a block policy is secure, but restricts the administrator's activities. Without creating an overhead with another policy for administrators, you can deploy the existing block policy to the existing custom group along with the User Group exclusion. Create a user group with administrators and map the 'block-all' policy with a custom group having entire users of an organization and finally opt for the user group having administrators for exclusion. Once this policy is deployed, only administrators have complete access to all the peripheral devices.

  4. Enlist your organization's peripheral devices in the trusted devices list

    You can add the peripheral devices authorized by the enterprise to the Trusted Devices list. Creating a CSV file with enterprise-approved devices and uploading it to the Trusted Devices list reduces the workload of manually adding devices. Thus, with a supporting policy all enterprise-approved devices are automatically allowed to be active in the network.

  5. Enable the user control for temporary peripheral device needs

    A special business-related scenario can arise, warranting the need to access a blocked device. In such cases, to ensure neither productivity nor security is compromised, demand the user to request access to a specific peripheral device, however temporarily. You can configure a policy to enable the Temporary Access, handing the control to the end user, who can then apply a request for temporary device access.

  6. Hold the door only for encrypted peripheral devices

    Encryption is the go-to solution for secure data transmission, and the one offered by BitLocker is a solution intact. Opt to allow only BitLocker-encrypted devices while configuring a policy and avoid exposing your endpoints to unencrypted removable storage devices, keeping at bay from potential keyloggers.

  7. Configure the alerts and notifications for unauthorized device-based actions

    You can send emails as alerts when a restricted device tries to enter the network and notify the technicians when a user requests temporary access. Configure your mail server settings beforehand, and by adding the intended recipients, alert emails and notification emails are sent to the concerned authorities.

  8. Be compliant by configuring file auditing and data mirroring reports

    Securing the data is one way of being compliant with the regulations. Customize the file actions per your organization's compliance policies and configure audit data settings by selecting the report types, Device audit report, File audit report, File shadowing report, and File archive report. Specify the timeframe to retain the daily logs generated for auditing.