Block file and data transfer out of a device



  • I was reading a documentation that suggests blocking the computer from transferring files to an external device, such as a HD, Camera or Pen Drive, allowing only reading.

    Is this type of protection still valid? Because today anyone can for example copy something inappropriate (files or data) and paste it on file sharing sites, or upload it to an email with the compressed data.

    Or is there any way to block uploading files from predefined directories? Ex.: C:/development doesn't allow the files inside it to be copied to another directory, or it to be uploaded to an external service?

    In my opinion, anyone can copy something sensitive or data, and paste it into PasteBin, for example.



  • If your concern is about data leakage, by using email or web, the company can still log and inspect the transfer using SSL inspection or blocking file storage sites or web mail.

    Not so for attached media. They might get file names, but not content.

    So, yes, to prevent file exfiltration, it is useful protection, even if it is not effective 100% of the time for all threats.

    Remember: controls are not "one and done" or a silver bullet. Controls work together to create a fabric to support secure operation.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2