Data mirroring (file shadowing) with Device Control Plus

Device Control Plus offers file shadowing, a proactive approach to protecting your valuable data. Also known as data mirroring, this feature prevents the loss of sensitive files by storing a copy of the original file in a secured location whenever they are copied or modified with USB devices. Following are the five simple steps to configure file shadowing in Device Control Plus:

Selecting devices on which to enable data mirroring.

With Device Control Plus, file shadowing or data backup can be easily implemented for all types of USB devices. On top of this, to optimize bandwidth, the policy can be applied to a handpicked selection of devices, so that only the file activities of those devices gets shadowed.

Choosing file size limits and excluding file extensions.

Since data mirroring is a data-intensive operation, in addition to being able to select the specific devices, Device Control Plus also offers provisions to determine the type of data that gets shadowed. A file size limit can be set so that files exceeding a certain size will not be copied. Furthermore, files can also be filtered based on their extensions so that certain file types like video or audio files can be excluded from file shadowing. 

Note: Device Control Plus' file tracing feature can still track files that exceed the size limit or were excluded based on extension. 

Configuring Remote Share Path.

The share folder containing the shadowed copies can occupy a significant portion of disk space, which is why it's important to have a dedicated location for storing these copies. For the most effective file shadowing, this location should be remote.

With Device Control Plus, once a location has been determined, the path can be selected so that as soon as file operations are conducted by the shadowed devices, the copied data is promptly moved to the remote destination indicated by that path. The domain credentials used to access the remote share where the mirrored data is stored can also be configured for added security.

Mapping policy to custom groups.

Once a data mirroring or file shadow policy is created, it can then be mapped to custom groups comprised of specific endpoints. Being able to select the particular devices, file types, and endpoints that are involved with handling and transferring classified information ensures that while critical data is consistently copied and maintained in the file shadow database, disk space is also optimized accordingly.

Data mirroring reports.

As soon as the data mirroring policies are applied, extensive audits will be generated in real-time. The logs will include details such as the devices, endpoints, and users involved in the operation as well as the file name and the time it was shadowed. The logs are readily available always and are excellent for analysis of file shadow actions performed across the enterprise.

What is data mirroring? - ManageEngine Device Control Plus

What is data mirroring?

Data mirroring is the process of replicating the contents of files that have been transferred into or modified within USB devices. Once mirror copies are made, they can be maintained in a password-protected network share. This share folder is best kept in a remote location to save space on local machines. This way, it can be securely accessed and analyzed by only the administrator or trusted users.

You can configure policies to ensure that file shadowing happens whenever any file action is carried out on a USB, or just when specific file actions are performed. Details regarding the file operation such as file name, users, devices, endpoints involved as well as the time of action will also be recorded.

Although data mirroring requires considerable bandwidth and disk space, when configured carefully, it is an effective way of safeguarding corporate data that has been transferred out of the network using removable devices.

What are the advantages of implementing data mirroring ?

Identify compromised data in order to enact remediation protocols.

If and when circumstances do arise where information is lost due to data theft or some other human or hardware-related error after being transferred, the file shadowing software ensures that the share folder can still be utilized. It can be cross-referenced to identify the exact contents of the files that have been compromised. If the information includes crucial details such as passwords, financial records, or even protected personal information (PPI), remediation efforts can be carried out immediately.

Restore critical information and minimize downtime.

It is crucial that data required for critical tasks or data accessed by many employees remains in tact. It is equally important to have the information always available to authorized employees so that they can access it whenever necessary.

However, if data loss occurs due to neglect or theft during file actions involving USB devices, having a file shadowing protocol in place provides the organization with a cost-effective way to recover. After extracting information from a system, whatever files become corrupted or go missing while being transported in the USB device can be swiftly retrieved from the file shadow network share and restored to a location where relevant employees can regain access to them.

Frequently accessed files in highly classified vaults can be directly obtained from share

If a specific file is frequently needed but happens to be indexed in a top security repository containing numerous other classified information, the administrator would have to grant users high-level access each time they would need that particular file. Not only does it mandate tremendous effort on behalf of the administrator to assign permissions and revoke them accordingly once the file has been accessed, it also poses a risk for the organization as it renders the vault and its other files momentarily vulnerable. A simple resolution for this obstacle is to assign the users who require the file on a consistent basis, access to the file shadow remote share instead. 

To prevent file based attacks due to excessive access privileges, download a 30 day, free trial of Device Control Plus to get acclimated with this data mirroring software