Video Screencast Help

How can DLP block data transfer to iphone, android device?

Created: 28 Aug 2013 • Updated: 30 Aug 2013 | 3 comments
This issue has been solved. See solution.

I have activated the DLP policy to block data going to removable device (USB Block).  It appears this policy blocks only USB devices and not iphone/android devices.  Is there a solution?  I am on DLP version 11.5

Thanks in advance,

Operating Systems:

Comments 3 CommentsJump to latest comment

Denis Kattithara 1's picture

Data transfer to iPhone happens in two ways:

a) As a USB device, without iTunes installed on the PC - This shall be monitored and blocked by DLP Endpoint agent

b) via iTunes - In this case the device does not connect as a USB, but rather leverages the application API for data transfer. The same may be monitored/blocked by adding iTunes as a monitored application for Endpoints.

 

Similarly most Android devices either connect as USB or use the OEM software for data transfer. The approprate softwares may be added as monitored applications.

 

While it is possible to monitor multiple applications, I would not recommend so because:

a) There will be a performance impact on the endpoint for each additional monitored application

b) It is best to implement a security/compliance solution in a manner that it does not impact end user experience/productivity.

SOLUTION
Jsneed's picture

There are mobile device management solutions that you can implement that will tunnel all traffic from your mobile devices through a network monitor or network prevent server.  This is currently the only solution I have seen that allows you to properly monitor/manage data going to mobile devices.  Todays devices never need to be connected via USB to access corporate resources.