Data In Motion triggers in each user policy include Encrypt options. These options enable you to protect sensitive files when an employee copies them onto removable devices such as USB drives. The Encrypt options are specifically designed for the employee who needs to take sensitive files home to work on them in the evening or over the weekend.
CA DLP encrypts these files when the employee copies them onto a removable device for the journey home. When the employee gets home, they run an encryption utility on the removable device to decrypt the files onto their home computer. In the morning, the process is reversed. When the employee copies the updated files from their home computer back onto the removable device, CA DLP re-encrypts the files. Finally, when the employee arrives back at the office, they run the same encryption utility again to decrypt the files and copy them from the USB device back onto their office computer.
In technical terms, the CA DLP Client File System Agent detects a file being copied onto removable devices and invokes Data In Motion triggers. If a trigger fires, an Encrypt control action gets applied to the file. A resulting advisory dialog then instructs the employee to protect the file by supplying a password that CA DLP uses to encrypt and decrypt the file.
To use this feature, you must edit the CA DLP machine policy to specify how CA DLP handles removable devics. Then you must configure Data In Motion triggers to apply Encrypt control actions to sensitive files. Finally, you must educate your users so that they know how to use the CA DLP encryption utility when copying files on and off removable devices.
Note: CA DLP cannot encrypt files being copied to network locations. Do not use Encrypt control actions to encrypt files being copied to shared locations on your network.
|
Copyright © 2012 CA.
All rights reserved.
|
|