HP Client Security Commercial Managed IT Software
20
HP Device Access Manager (HPDAM)
HP Device Access Manager speaks to HP’s strong commitment to security and its ability to respond to
customer needs with innovative solutions. A common assumption with today’s PC usage model is that users
who are authorized to log on to a personal computer and access sensitive data are also able to copy that
information. In reality, this is not always the case. Companies may need to allow users to view sensitive
data, but restrict their ability to copy that data. HP Device Access Manager solves that problem. In doing so,
it enables a new usage model for personal computing devices.
Through the combination of a Windows service, a custom Filter Driver and Windows ACLs, the device access control
policy defined is enforced to “Allow” or “Deny” users and groups’ access to devices on the PC.
HPDAM protects against data leaving the PC, either by accident or intentionally (malicious or otherwise), and
mitigates against the introduction of malware to the PC.
Accessing Devices
Device Access Manager’s true power lies in configuring device access profiles. PC administrators can create
device and peripheral usage profiles based on the individual user, user type, individual device, or device
class. Configuring device classes or devices will create policies to implement complex security requirements,
as well as complex business processes.
Define a policy
Once the administrator authenticates, using the “Change” button, the “Groups on this PC”, “Device Classes”,
“Access” and “Duration” (see “Just In Time Authentication (JITA) Configuration” section) can be modified to
create a policy. This level of configurability enables new client policies, as described in the scenarios below:
Scenario 1 – In a call center environment, call takers have full access to sensitive product and pricing information.
The company wants to protect this data and ensure that it is not removed from the premises. This can be
accomplished by creating a Device Access Manager policy that prevents removable storage devices such as USB
keys and writeable optical drives from being used by unauthorized users.
Scenario 2 – A company is making sensitive financial information available to an auditor and wants to protect this
information from being copied or removed from the notebook. Device Access Manager can allow a policy where
this user is denied access to any removable storage devices.
Separate policies can be defined for Administrators and Users. Only Administrators are allowed to change the device
access control policy on a machine. Users have a read-only view of the policy that applies to them.
For most device classes, the device access policy is a simple “Allow” or “Deny”. The following common
device classes within Device Access Manager are supported:
Removable Storage (any attached storage device that Windows assigns a drive letter to access))
Optical drives
Bluetooth
IEEE 1394 Bus Host Controllers
Ports (COM & LPT)
The following are examples of the additional devices supported:
o Biometric devices
o Network Adapters
o Imaging Devices (e.g. Webcam)