IT managers see portable storage device security risk

The article at ComputerWorld.com says that user-owned plug-and-play USB port drives pose a security risk to sensitive company data.

Now that it is hard to copy much data to a floppy disk, and CD writers are not allowed in many organizations, here comes the USB flash drive with enormous capacity, zero installation, etc. Very handy, very risky—risky both as a way for data to leave, and a way for malware to arrive.

“With more than 42 million of Apple Computer Inc.’s iPods sold so far in the U.S. alone, the threat of data theft or loss from downloading information on a USB-port device is growing exponentially, according to analysts… “An iPod is just storage at the end of a wire,” said John Webster, a senior analyst and founder of Data Mobility Group in Nashua, N.H. “You already see people running around with iPods, using them as backup devices. USB storage devices are a potential source of data leakage”.

According to Eric Ouellet, vice president of research for security at Gartner Inc. in Stamford, Conn., “only about 10% of enterprises have any policies dealing with removable storage devices”.

However, some companies has found the way to protect their data by standardizing on USB memory sticks that have native encryption and password protection. Besides, in reaction to IT managers’ concerns about data loss threats, IT vendors are offering security for flash memory devices.

Baptist Memorial Health Care Corp., in Memphis, took a four-pronged approach to securing data that could be leaked through portable devices:

1. Conduct executive and administrative awareness programs and develop an administrative policy that was enforceable.

2. Audit the IT environment and find all attached devices (USB, serial, Fire Wire, wireless and infrared).

3. Implement port control technology and turn off specific devices that did not have a legitimate business justification and approval.

4. Provide a corporate standard device for approved data transport purposes.


This blog is run by the authors of FindProtected.
FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

Leave a Reply