Atlanta Security User Group

 View Only

  • 1.  How can DLP block data transfer to iphone, android device?

    Posted Aug 28, 2013 04:14 PM

    I have activated the DLP policy to block data going to removable device (USB Block).  It appears this policy blocks only USB devices and not iphone/android devices.  Is there a solution?  I am on DLP version 11.5

    Thanks in advance,



  • 2.  RE: How can DLP block data transfer to iphone, android device?
    Best Answer

    Posted Aug 29, 2013 08:15 AM

    Data transfer to iPhone happens in two ways:

    a) As a USB device, without iTunes installed on the PC - This shall be monitored and blocked by DLP Endpoint agent

    b) via iTunes - In this case the device does not connect as a USB, but rather leverages the application API for data transfer. The same may be monitored/blocked by adding iTunes as a monitored application for Endpoints.

     

    Similarly most Android devices either connect as USB or use the OEM software for data transfer. The approprate softwares may be added as monitored applications.

     

    While it is possible to monitor multiple applications, I would not recommend so because:

    a) There will be a performance impact on the endpoint for each additional monitored application

    b) It is best to implement a security/compliance solution in a manner that it does not impact end user experience/productivity.



  • 3.  RE: How can DLP block data transfer to iphone, android device?

    Posted Aug 29, 2013 10:39 AM

    There are mobile device management solutions that you can implement that will tunnel all traffic from your mobile devices through a network monitor or network prevent server.  This is currently the only solution I have seen that allows you to properly monitor/manage data going to mobile devices.  Todays devices never need to be connected via USB to access corporate resources.



  • 4.  RE: How can DLP block data transfer to iphone, android device?