Protect information from unauthorized disclosure on managed endpoint devices with storage encryption.
To minimize data leak risks and protect data stored on the endpoint device, use encryption. Encryption capabilities could be part of common endpoint solutions such as DLP, endpoint firewalls, and PAM. Additionally, they could be standalone (e.g., device container technology, file encryption, and full-disk encryption). The encryption strength should be based on the sensitivity of the data being protected. Endpoint device policies should use encryption for the entire device or data identified as sensitive on all mobile devices (potentially using container technology). This policy should be enforced through technology controls.
- Examine the organization's asset disposal policy for end-of-life security requirements.
- Examine the organization's policy on encryption or otherwise protection of data at rest on endpoints.
- Determine if such controls are in place and evaluated as effective.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.