Product review: Six removable device control security products


This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."

Download it now to read this article plus other related content.

We attempted to circumvent our installed clients through a variety of methods. Often, installed components can be sidestepped by local users who have administrative rights to their machine. Even with local admin rights, we were unable to modify or remove any of the installed clients.

Tens of millions of USB flash drives are sold every year, and you can bet some are going to be lost or stolen, sometimes with sensitive data. DeviceWall was our pick for the lost flash drive scenario. When we inserted a USB flash drive into a bare-bones laptop running no device control client, we received the message that our drive was not formatted and asked if we would like to format it. Had the drive contained confidential information, the cost associated with losing the data to the wrong entities could be devastating, but thanks to DeviceWall, less than a minute after plugging in the uncontrolled drive, it was wiped clean.

We also addressed the issue of theft, loss and tampering of removable storage devices and media through the products' use of encryption. DeviceLock, which was generally outstanding in other areas, was the only product in our testing that did not support any type of encryption, which brought down its overall grade.

SecureWave set the bar with two different types of encryption--centralized, which allows administrators to set the requirements, and decentralized, meaning an authorized user can decide when to

    Requires Free Membership to View

encrypt. Additionally, you can export keys to a file or to the portable device for access to encrypted media offline, although we felt that this compromised the security of the portable storage device. SecureWave offers the strongest encryption, with AES 256.

DeviceWall offers two different ciphers--AES and Blowfish--in both global and individual user key models. For instance, a company might require its HR employees to automatically encrypt all data transmitted via WiFi or saved to portable media. However, encryption is only available for use with USB flash drives. On the plus side, DeviceWall allows you to easily back up the Global Key, so data can be retrieved if the key is lost.

ControlGuard also provides encryption for secured USB drives. We liked its "self-destruct" feature, which limits the lifecycle of the data accessible on the drive.

Workshare Protect Mobile provides the most flexible client-side encryption through PGP based upon content. Once files have been identified as requiring additional security, they are automatically encrypted.

Safend's encryption is the most transparent to users. We were able to use the same encrypted USB drive on all the machines on our network with the Safend client installed without ever realizing the device had been encrypted. Of course, when we attempted to use the drive in a non-Safend computer, we were unable to access the drive.

One big worry with encrypted files on portable media is the decryption software won't be available when needed. Safend had the forethought for just such a scenario and includes a Home Decryption Utility that allows authorized users to access information on encrypted devices when the Protector Client is not present.

This was first published in March 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: