HP ProtectTools Security Software 2010 - Technical White Paper
11
C onfiguration, Device Access Manager presents a device tree view derived from the W indows Device
Manager. Individual devices or an entire class of devices from the device tree can be selected.
Access to the selected device can then be restricted by applying the policy to selected users or class
of users.
This level of configurability enables new client usage models, such as described in the scena rios
below:
• Scenario 1: In a call center environment, call takers have full access to sensitive product and
pricing information. The company however wants to protect this data and ensure that it is not
removed from the premises. This can be accomplished by creating a Device Access Manager policy
that prevents removable storage devices such as USB keys and writeable optical drives from being
used by una uthoriz ed users.
• Scenario 2: A company is making sensitive financial information available to a n a ud i tor a nd wa nts
to protect this information from being copied or removed from the notebook. Device Access
Manager can allow a policy where this user is denied access to any removable storage devices.
Device Access Manager for HP ProtectTools is a single user client version. However, an enterprise
version of Device Access Manager (HP ProtectTools Device Manager) is also available and a llows
the same policies to be configured and deployed remotely. For information on HP ProtectTools
Device Manager, please refer to
Drive Encryption for HP ProtectTools
www.hp.com/ hps/ security/ products/
Drive Encryption is a full volume encryption (FVE) solution tha t encodes a ll information on the ha rd
drive volume so it becomes unreadable to an unauthorized person. FVE is currently the preferred
wa y to prote c t da ta on a ha rd dri ve. W i th Drive Encryption, you ca n encrypt or decrypt individual
drives, create backup keys, a nd perform a recovery (Figure 7).