To combat data theft and/or sabotage, a network-level security client may monitor and selectively apply security protocols to manage risk in data transfers within, incoming to, and outgoing from an organization's data network. This top-down approach may become increasingly difficult to maintain within a data network with numerous connected terminals, storage devices, and other devices, many of which may be attempting data transfers simultaneously. In the presently disclosed technology, connected data storage devices each include an endpoint security client embedded in data storage device firmware. The endpoint security clients each establish a security client connection with a network security client upon connection to a data storage network, monitor data transfers within the data storage network, and selectively apply security protocols to manage risk in data transfers, thereby decentralizing some aspects of data security within the organization's data network.