Knowledge is power, the popular saying states, and in the information age knowledge-or its loss-can cause irreparable damage if the right information gets into the wrong hands.  While modern technology has provided myriad ways to collect, record, and transport data efficiently, securing valuable information while maintaining productivity has presented a significant challenge for companies and organizations. With the proliferation of portable data storage devices such as disk on key, digital media players, and smart phones, the benefits gained through ease of transport can be quickly lost through the lack of data visibility and control.

The Organization
Roke Manor Research (http://www.roke.co.uk/) is one of the leading technology research and development centers in the United Kingdom and has been for 50 years, specializing in electronic sensors, wireless communications, Internet and networking technologies. Located near Romsey, England and owned by Siemens, Roke develops solutions for a diverse customer base including commercial, defense and government organizations.  

The Challenge
Every day Roke employees handle highly sensitive information on behalf of their clients, particularly their customers in the areas of military defense.  Rob Matthews, Roke’s IT Security Officer, noted, “The nature of much of our business demands that we are a secure environment. Our customers trust us to safeguard their proprietary information. A data breach could result in damage to the reputation of the company and subsequent loss of further orders.”

There are approximately 430 people working onsite at Roke and about 1200 PCs. The facility currently maintains two separate networks, one which supports normal commercial information and another which handles more sensitive project data.  Though there have been no instances of security breaches prior to the installation of Safend it would only have been a matter of time before one occurred.  Matthews commented, “The risks to data security with the increasing prevalence of USB data storage devices have been recognized for some time and we decided to look at the options for monitoring and controlling their use.”

Researching the Options
After discussing the security threat of unmonitored portable storage devices with other department heads, Matthews and his IT manager began to research existing and emerging solutions available in the endpoint security marketplace in December, 2005.  Matthews was given the responsibility of reviewing various products and advising as to which would best meet the organization’s needs. As part of the research process, Matthews conferred with Vigil Software, Safend’s sole distributor in the UK, to establish Roke’s business and IT requirements. This criteria was instrumental in Vigil’s recommendation of Safend Protector as the appropriate solution.

Matthews went on to evaluate about six solutions, and narrowed the field to three with Safend emerging as the preferred product.  Matthews explained, “The products were installed in a test environment and compared, with Safend proving to be the product that best suited our needs – particularly given the ease of deployment and granular control the solution offered.”
 
Safend Protector secures all local, physical communications ports including USB, Firewire, PCMCIA; wireless endpoints including WiFi, Bluetooth and IrDA; and removable storage devices such CD/DVD-RWs, iPod’s, and flash drives. Safend Protector offers reliable, easy-to-use, tamper-proof endpoint monitoring as well as device identification and blocking based on administrator-defined policies. Immunization against hardware keylogger devices is an additional feature.

The Solution
Matthews began deploying Safend Protector in March, 2006 on 750 of Roke’s machines. The server installation was straightforward and client installation was predominantly smooth. Safend Protector features a centralized management console which can be installed and run from any computer on the enterprise network, providing unified management of policies, logs and Protector clients. Enhanced logging and reporting capabilities provide visibility into user activity, which is required by regulatory mandates. Real-time updates allow Roke’s security administrators to know what devices are connected where, and which files have been accessed or copied to or from each device. Flexible policy control can be adjusted for any domain, group, computer, or user.    

Analyzing the Results
Though the deployment of Safend Protector is not yet complete at Roke, Matthews has already seen positive results from the implementation, “We’re still in the early days of our installation and are still fine tuning policies – but the monitoring and alerting have already proven useful and assist in identifying where we may have problems.”

Matthews is continuing to analyze the logs generated by Safend Protector, customizing configurations to develop policies which will meet Roke’s unique security needs.  He eventually plans to establish policies which will restrict the use of USB devices to those which are approved by the company.  While the deployment continues to be an ongoing project, Matthews remains pleased with his choice of Safend Protector to ensure the integrity of Roke’s intellectual information.

“In many ways, Safend Protector has more than met our expectations,” he asserted.  “I remain happy with my choice of product and this has been reinforced by the dealings that I have had with their support department, who are as good as any I’ve encountered in the 18 years I’ve been working in IT.”