Encrypting Removable Media

Device Control uses encryption to control the use of removable storage media. After a user is assigned authorized access to the encrypted removable storage media, the client provides transparent data encryption and decryption.

Encryption provides:

• Tamper-proof media identification by associating the device identifier with the device encryption key.
• Prohibited access to data stored on media when the media is used on a computer that does not run Device Control.

Ivanti Device and Application Control uses the Advanced Encryption Technology (AES) encryption algorithm to cipher the media with 32 byte (256 bit) encryption keys. The encryption process employs the Microsoft Certification Authority^® for the Active Directory domain to deliver the encryption keys to users.

• Encrypt Removable Media
  An administrator must add removable storage media to the database before encryption takes place. During encryption a unique cryptographic identifier is written to the device, which is then encrypted.
• Add CD/DVD Media
  An administrator can add CD/DVD media to the database.
• Encrypt Removable Media without Certificate Authority
  You can encrypt removable storage media without a Microsoft Certification Authority^®.
• Import Externally Encrypted Removable Media
  You can import data from an externally encrypted device.

Related Information

• The Media Authorizer Window
• User by Medium Tab
• Media by User Tab