Step 12 - Data Loss Prevention in Action

Endpoint Cloud has data loss prevention (DLP) features that mitigate your risk in the event of a protected device being lost or stolen. The features are enabled on the Policy (see Step 7 - Create a Policy), and they can protect your data by:

  • Encryption of local data on your devices
  • Automatically preventing access to protected data if a device does not connect within a specified number of days (auto revoke)
  • Providing you with the last known location of the device (geolocation)
  • Allowing you to remotely wipe the data on a device

Let's look at how you can view and use the DLP features.

View the DLP Status

You can see the DLP status on the Protection page. It shows the number of devices that have local encryption, auto revoke, and geolocation features enabled (on the policy).

protection-dlp-status.png

The DLP status is also shown in the devices list at the bottom of the Protection section.

Revoke a Device

If a policy has local encryption enabled, each device is given an encryption certificate that is stored locally on each machine. Encrypted data can only be accessed by the logged in user if the certificate is in place.

By revoking a device, you remove the certificate so that encrypted data cannot be accessed.

  1. Click Protection.
  2. Click on the device you want to revoke.
  3. Click on the Revoke Device icon.

    revoke-icon.png

  4. Click Revoke to confirm.

revoke-a-device-best.gif

Note

If Auto Revoke is enabled on a Policy, Endpoint Cloud will automatically revoke the certificate of any protected device that does not connect to Endpoint Cloud within a specified number of days. (You can change the auto revoke time period in the Policy settings).

Wipe a Device

You can remotely wipe the protected files on your devices. With a wipe, the protected files are deleted and Endpoint Cloud also performs a "forensic wipe" to remove any trace of the files on the device.

  1. Click Protection.
  2. Click on the device you want to wipe.
  3. Click on the Wipe icon.

    wipe-icon.png

  4. Click Wipe to confirm.

wipe-a-device.gif

Locate a Device

If a policy has geolocation enabled, you can view the last known location of a protected device (the device must have wi-fi enabled).

To use geolocation to find a device:

  1. Click Protection.
  2. Click on the device you want to locate.
  3. Click on the Geolocate icon.

    geolocation-icon.png

    The last known location is shown in a Google map. You can zoom in, zoom out, and display the satellite view.

geolocate-small.gif

 Next: Step 13 - Migration in Action

 

Knowledgebase articles:

You can find out about DLP in these articles:

Data Loss Prevention - Overview

Data Loss Prevention Status

Revoke Access to a Device

Remotely Wipe a Device

Find Devices with Geolocation