Problem Description: Our organization relies on Xcitium Endpoint Manager and its DLP capabilities to protect sensitive data on our endpoints. While the current DLP features allow us to control and monitor data transfers to USB storage devices, a significant risk remains if sensitive data is copied to a USB drive that is subsequently lost, stolen, or accessed by unauthorized individuals. Without enforced encryption at the point of transfer to the USB device, the data is exposed and vulnerable, potentially leading to a data breach and violating compliance requirements. The current lack of automatic encryption upon data transfer to USB places the burden on users to manually encrypt data (which is often overlooked or done incorrectly) or relies solely on preventing the transfer, which may hinder legitimate business needs for using removable media. Proposed Solution (Feature Description): We request the addition of a feature within the Xcitium Endpoint Manager DLP module that allows administrators to configure a policy for enforced automatic encryption of data copied to USB storage devices. This feature should ideally: Allow administrators to enable a policy that triggers automatic encryption for any files or data being copied from a managed endpoint to a connected USB storage device. Provide options for the type or method of encryption used (e.g., strong, industry-standard encryption algorithms). Ideally, allow for centralized key management or a secure method for authorized users to access the encrypted data on the USB device (e.g., via a secure reader application, password protection linked to the user's endpoint credentials, or certificate-based encryption). Integrate seamlessly with existing DLP monitoring rules, potentially allowing for policies like "Monitor transfers to USB, and if sensitive data is detected based on patterns/keywords, automatically encrypt it." Provide logging and reporting within the Endpoint Manager to confirm when data has been automatically encrypted upon transfer to a USB device. Justification / Business Need: Implementing enforced automatic encryption for data copied to USB drives is critical for several reasons: Enhanced Data Protection: It directly mitigates the risk of sensitive data exposure resulting from lost or stolen USB media, providing a crucial layer of security for data in transit outside the immediate endpoint environment. Improved Compliance: This feature would significantly help organizations meet stringent data protection regulations (such as GDPR, HIPAA, PCI DSS, CCPA, etc.) that mandate the protection of sensitive data, especially when it is moved or stored on portable devices. Stronger Security Posture: It closes a common vulnerability gap associated with the use of removable media, strengthening the overall endpoint security posture. Reduced Reliance on User Action: By automating the encryption process upon transfer, it removes the burden from end-users and ensures that the policy is consistently applied, reducing the risk of human error. Balancing Security and Productivity: It allows organizations to permit the legitimate use of USB drives for necessary data transfers while simultaneously enforcing a critical security control to protect the data being moved. Expected Benefits: The implementation of this feature would provide organizations using Xcitium Endpoint Manager with: Significantly reduced risk of data breaches via lost or stolen USB drives. Improved compliance with global data protection regulations. A stronger, more comprehensive endpoint security solution. Streamlined data handling procedures with built-in security for removable media. Priority: High We believe this feature is essential for providing robust data protection in today's mobile work environment and would greatly enhance the value and effectiveness of the Xcitium Endpoint Manager DLP module. Thank you for considering this feature request.
