USB drives: Useful tool or security nightmare?
Mike Mullins
Published: 18 May 2005 17:30 BST
Inexpensive and very useful, USB flash drives have become as common as CD burners in most organisations. However, these drives can also be a tremendous source of data leakage from an organisation's network.
Most organisations are diligent when it comes to maintaining proper file security that allows access to information only as needed. However, the problem is that some users need access to a lot of sensitive information, and they like to have that information available no matter where or how they've logged in.
This can apply to anyone from a department head to an enterprise administrator. Users often store the information they need, such as passwords or other corporate secrets, on these USB flash devices.
By default, Windows 2000, Windows XP, and Windows Server 2003 include the necessary device drivers to operate USB flash drives. Any user can stick a flash drive in his or her workstation as long as it has an open, enabled USB port. Pocket versions of these drives can transfer data at rates up to 24 MB per second, and they can store about 4 GB.
With these devices, corporations' biggest worry about data leakage is not that some disgruntled employee will copy data to the drive and sell it to a competitor — discontented workers can already do that with 3.5-inch floppy disks, writeable CDs, or any other removable media allowed on the network. The bigger risk involves the size of the device.
Because these devices are so small, they're an easy target for thieves, and they're also easier for users to lose or misplace. And that means that vital secrets can disappear before you know it.
While it may be tempting to ban the use of these devices altogether, that really isn't necessary. These common devices are extremely useful, and it's perfectly fine to allow them on your network.
But that doesn't mean you can neglect the inherent security concerns either. To better protect corporate data, take steps to add a layer of security to go with the information these handy devices can store.
If you operate a Windows domain with Windows 2000 and XP clients, you can typically configure Windows Encrypting File System (EFS) to encrypt user data on the fly. This works extremely well with laptops that travel outside of your company walls.
Previous
Did you find this article useful?
138 out of 235 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
