Encryption specialist PGP Corporation has come up with an intriguing twist on the old theme of endpoint security – don’t just control mobile devices but force them, where appropriate, to use encryption on the data they carry.

The new software, called PGP Endpoint, can be used in a conventional manner to create security policies for the usual range of portable media and devices, including USB sticks, CDs, DVDs, and also Wi-Fi, Bluetooth, and FireWire interfaces, on any PC type. There are a number of competing systems that can already do much the same thing.

Beyond the mere fact of device control, however, admins can also enforce data security on these devices, transparently encrypting data on devices if that is deemed necessary by policy. The way encrypted data is transferred or shared can also be controlled and logged.

This is not a standalone product - the use of PGP’s core know-how means that PGP Endpoint has to be used as an extension to the company’s Encryption Platform. On the other hand, assuming the enterprise is already using that platform, from the user perspective, nothing would change. The enforced encryption would integrate with the encryption already mandated within the organisation.

“Until now, organisations have relied on end user education and compliance to corporate security policies to protect sensitive data,” PGP’s CEO Phil Dunkelberger said in a statement.

“PGP Endpoint provides built-in security that detects, authorises and secures removable storage devices and media as well as enforces a centrally defined device usage policy and stops data loss from network and peripheral connections,” he said.

A system such as this might have been able to stop incidents such as last year’s now notorious loss by the UK’s HMRC of 25 million child benefit records. That involved large amounts of sensitive data being copied on to CDs in an unencrypted form, both actions that a device control and encryption system would have intervened to block or modify. It would also have logged such actions.

Similar if not identical systems are already available, including one from Applied Security, FideAS , a system that can enforce encryption on devices such as USB sticks, as well as individual files and directories on PC hard disks.

In that system, key management is carried out using smartcards or USB tokens. PGP, meanwhile, has its own key management platform to handle the same function.

Pricing for PGP Endpoint will start at $49 (£25) per seat, per annum.