HP EliteBook Revolve 810 G2 Tablet User Manual download pdf (Page 24)

HP Client Security Technical Whitepaper

August 2016

747889-002

HP Device Access Manager (HPDAM) 24

12 HP Device Access Manager (HPDAM)

HP Device Access Manager speaks to HP’s strong commitment to security and its ability to respond to customer needs with

innovative solutions. A common assumption with today’s PC usage model is that users who are authorized to log on to a

personal computer and access sensitive data are also able to copy that information. In reality, this is not always the case.

Companies may need to allow users to view sensitive data, but restrict their ability to copy that data. HP Device Access

Manager solves that problem. In doing so, it enables a new usage model for personal computing devices.

Through the combination of a Windows service, a custom Filter Driver and Windows ACLs, the device access control policy

defined is enforced to “Allow” or “Deny” users and groups’ access to devices on the PC.

HPDAM protects against data leaving the PC, either by accident or intentionally (malicious or otherwise), and mitigates

against the introduction of malware to the PC.

12.1.1 Accessing Devices

Device Access Manager’s true power lies in configuring device access profiles. PC administrators can create device and

peripheral usage profiles based on the individual user, user type, individual device, or device class. Configuring device

classes or devices will create policies to implement complex security requirements, as well as complex business processes.

12.1.2 Define a policy

Once the administrator authenticates, using the “Change” button, the “Groups on this PC,” “Device Classes,” “Access” and

“Duration” (see Just In Time Authentication (JITA) Configuration on page 25) can be modified to create a policy. This level of

configurability enables new client policies, as described in the scenarios below:

 Scenario 1 – In a call center environment, call takers have full access to sensitive product and pricing information. The

company wants to protect this data and ensure that it is not removed from the premises. This can be accomplished by

creating a Device Access Manager policy that prevents removable storage devices such as USB keys and writeable optical

drives from being used by unauthorized users.

 Scenario 2 – A company is making sensitive financial information available to an auditor and wants to protect this

information from being copied or removed from the notebook. Device Access Manager can allow a policy where this user

is denied access to any removable storage devices.

Separate policies can be defined for Administrators and Users. Only Administrators are allowed to change the device access

control policy on a machine. Users have a read-only view of the policy that applies to them.

For most device classes, the device access policy is a simple “Allow” or “Deny”. The following common device classes within

Device Access Manager are supported:

 Removable Storage (any attached storage device that Windows assigns a drive letter to access))

 Optical drives

 Bluetooth

 IEEE 1394 Bus Host Controllers

 Ports (COM & LPT)

 The following are examples of the additional devices supported:

○ Biometric devices

○ Network Adapters

○ Imaging Devices (e.g. Webcam)

1 2 ... 19 20 21 22 23 24 25 26 27 28 29 ... 36 37

No comments

HP EliteBook Revolve 810 G2 Tablet User Manual Page 24