A trusted device is one that is frequently used for important purposes and a trusted devices list is a consolidation of such devices. This list should be kept short and be made exclusive, i.e., only the devices that are habitually utilized by highly authorized employees should be delegated spots. All other devices can be blocked or only allowed permission to access limited information on a conditional basis.
Many organizations, in the spirit of preserving the functional freedom of employees, don't often impose stipulations regarding the usage of peripheral devices. This is because these devices are useful in many aspects, such as providing a way to conveniently transfer multimedia and other files to various other machines. However, while focusing on this advantage, companies may end up overlooking the potentially fatal cybersecurity risks that can be posed by using auxiliary devices such as malware injections by intruders or data leakage.
So how do IT admins still enable employees to retain the benefit of peripheral devices while simultaneously making sure that all associated cyber threats are eliminated completely? A simple but effective solution is to curate a list of trusted devices.
Device Control Plus' Trusted Devices List contains all devices whitelisted by the administrator. Each device can be added in one of the following ways:
On the Trusted Devices page, each individual device can be identified and added to the list based on its device instance path, which includes the characteristic parameters of the device such as the type of device, the vendor name, the model, and the unique device ID. Refer to this document to find the device instance path.
While adding new devices that haven't been discovered, the device instance path has to be manually found and copied. However, for devices that have been previously detected within the network, the device instance paths will be displayed within the console automatically. The device instance paths can also be uploaded for trusted devices by importing a CSV file. Once the paths are input, each device can easily be added to the list.
Businesses usually provision employees with company-bought devices to be utilized for work purposes. These devices are often purchased in bulk, and are of the same build and type and/or acquired from the same vendor. Since all of these devices were bought on executive order, they can be directly classified as trusted devices. However, it can be tedious to add these devices one by one; instead, the wildcard feature enables admins to add all of these devices simultaneously by replacing one or more of the identifying elements in the device instance paths with a wildcard character such as (*) or (?). Refer to this document for more detailed steps on wildcard patterns.
Device Control Plus enables IT admins to vigilantly detect and classify devices into three main categories: Trusted devices, which are whitelisted devices that belong to key personnel; allowed devices, which are devices that are given restrictive permissions with minimal mobility; and blocked devices, which are all other devices that are blacklisted by default and whose owners need to send a request to the administrators directly, as well as provide sufficient reasoning as to what activities they wish to conduct and why, in order to obtain any sort of access. This security model closes any potential security loopholes for trespassers, and instead positions the IT administrator as the ultimate authority when deciding which devices are allowed to traverse the network.
By maintaining a Trusted Devices List with Device Control Plus, it's easier to spot any suspicious devices existing within the network. If these questionable devices are not part of the official inventory, then exact security loopholes that may have exploited in order to gain entry can also be pinpointed. Often times, admins have to grant specific device access on a system by system basis, i.e., if each computer needs to be frequently accessed by a particular set of devices for authorized purposes, only those devices should be granted access. Managing exactly which devices interact with which systems can also be made easier by composing a Trusted Devices List, as one can be created for each computer.
Having a Trusted Devices List is an easy way to organize to whom higher privileges can be given without the risk of privilege escalation or potential information disclosure scenarios on account of malicious actors. Since it's recommended that only the devices belonging to chief staff members be added to the list, file access and transfer permissions can also be granted to trusted devices in addition to basic capabilities such as viewing information. This is so authorized users can retrieve data needed to perform their specialized tasks without facing excessively bureaucratic obstacles. Also, because these devices are carefully chosen and verified as belonging to trusted employees, IT admins can rest assured that the likelihood of a data breach incident via an insider attack is virtually non-existent.
Maintain lists of Trusted Devices and secure your network from illicit device activities, download a free, 30-day trial of Device Control Plus and try this feature today!