DeviceLock 7 review

Businesses with stiff perimeter security may think their data is safe, but the number of communication methods and removable storage devices available to users makes data leakage a danger.

We've always been impressed by DeviceLock's solution, and this latest version adds stronger access security at the network protocol level. It also has a greater content awareness, allowing it to apply access policies based on file content as well as file type.

At its foundation, DeviceLock provides controls for managing access to every workstation port and removable storage device. It can control data transfers between the latest iPads and iPhones, and manage access to calendars, contacts and email.

DeviceLock 7 introduces the optional NetworkLock component, which takes access control to the network protocol level. For SMTP, you can control connections to a mail server, sending of emails and permitting attachments.

HTTP policies determine whether you can post content to web forms, upload files to a web server, or whether you're allowed web browser access. For social networking sites you can control basic access, permit comments and messages and allow or deny uploading content.

In our review of DeviceLock 6.4, we looked at the offline security policies and the content-aware feature that allows you to control access for specific file types. ContentLock is an optional extra, enhancing the existing content-aware features with the ability to control access based on keywords and patterns within file contents.

Installation on a Windows Server 2008 R2 64-bit system was easy, although it's time DeviceLock used a single console. Here you have three: the standard MMC console integrates with AD, so access policies can be enforced at the user and group level; a second works with the Windows Group Policy Editor; and the Enterprise Manager console is used to deploy the agent, view the status of devices on workstations, and push policies to specific systems.

Agent deployment to our Windows 7 clients took minutes, and the Enterprise Manager scanned our network and provided a list of systems for selection. A global policy is provided so you can lock down access to specific devices and ports once the agent is installed.