Step 12 - Data Loss Prevention in Action
Endpoint Cloud has data loss prevention (DLP) features that mitigate your risk in the event of a protected device being lost or stolen. The features are enabled on the Policy (see Step 7 - Create a Policy), and they can protect your data by:
- Encryption of local data on your devices
- Automatically preventing access to protected data if a device does not connect within a specified number of days (auto revoke)
- Providing you with the last known location of the device (geolocation)
- Allowing you to remotely wipe the data on a device
Let's look at how you can view and use the DLP features.
View the DLP Status
You can see the DLP status on the Protection page. It shows the number of devices that have local encryption, auto revoke, and geolocation features enabled (on the policy).
The DLP status is also shown in the devices list at the bottom of the Protection section.
Revoke a Device
If a policy has local encryption enabled, each device is given an encryption certificate that is stored locally on each machine. Encrypted data can only be accessed by the logged in user if the certificate is in place.
By revoking a device, you remove the certificate so that encrypted data cannot be accessed.
- Click Protection.
- Click on the device you want to revoke.
- Click on the Revoke Device icon.
- Click Revoke to confirm.
If Auto Revoke is enabled on a Policy, Endpoint Cloud will automatically revoke the certificate of any protected device that does not connect to Endpoint Cloud within a specified number of days. (You can change the auto revoke time period in the Policy settings).
Wipe a Device
You can remotely wipe the protected files on your devices. With a wipe, the protected files are deleted and Endpoint Cloud also performs a "forensic wipe" to remove any trace of the files on the device.
- Click Protection.
- Click on the device you want to wipe.
- Click on the Wipe icon.
- Click Wipe to confirm.
Locate a Device
If a policy has geolocation enabled, you can view the last known location of a protected device (the device must have wi-fi enabled).
To use geolocation to find a device:
- Click Protection.
- Click on the device you want to locate.
- Click on the Geolocate icon.
The last known location is shown in a Google map. You can zoom in, zoom out, and display the satellite view.
Next: Step 13 - Migration in Action
Knowledgebase articles:
You can find out about DLP in these articles:
Data Loss Prevention - Overview