HP EliteDesk 800 G1 Ultra-slim PC Client Security Commercial Managed IT Softwa - Page 20

HP Device Access Manager (HPDAM) HP Device Access Manager speaks to HP's strong commitment to security and its ability to respond to customer needs with innovative solutions. A common assumption with today's PC usage model is that users who are authorized to log on to a personal computer and access sensitive data are also able to copy that information. In reality, this is not always the case. Companies may need to allow users to view sensitive data, but restrict their ability to copy that data. HP Device Access Manager solves that problem. In doing so, it enables a new usage model for personal computing devices. Through the combination of a Windows service, a custom Filter Driver and Windows ACLs, the device access control policy defined is enforced to "Allow" or "Deny" users and groups' access to devices on the PC. HPDAM protects against data leaving the PC, either by accident or intentionally (malicious or otherwise), and mitigates against the introduction of malware to the PC. Accessing Devices Device Access Manager's true power lies in configuring device access profiles. PC administrators can create device and peripheral usage profiles based on the individual user, user type, individual device, or device class. Configuring device classes or devices will create policies to implement complex security requirements, as well as complex business processes. Define a policy Once the administrator authenticates, using the "Change" button, the "Groups on this PC", "Device Classes", "Access" and "Duration" (see "Just In Time Authentication (JITA) Configuration" section) can be modified to create a policy. This level of configurability enables new client policies, as described in the scenarios below:  Scenario 1 - In a call center environment, call takers have full access to sensitive product and pricing information. The company wants to protect this data and ensure that it is not removed from the premises. This can be accomplished by creating a Device Access Manager policy that prevents removable storage devices such as USB keys and writeable optical drives from being used by unauthorized users.  Scenario 2 - A company is making sensitive financial information available to an auditor and wants to protect this information from being copied or removed from the notebook. Device Access Manager can allow a policy where this user is denied access to any removable storage devices. Separate policies can be defined for Administrators and Users. Only Administrators are allowed to change the device access control policy on a machine. Users have a read-only view of the policy that applies to them. For most device classes, the device access policy is a simple "Allow" or "Deny". The following common device classes within Device Access Manager are supported:  Removable Storage (any attached storage device that Windows assigns a drive letter to access))  Optical drives  Bluetooth  IEEE 1394 Bus Host Controllers  Ports (COM & LPT)  The following are examples of the additional devices supported: o Biometric devices o Network Adapters o Imaging Devices (e.g. Webcam) 20