Tackling the threat from portable storage devices
Published: 05 Jul 2004 17:10 BST
Analysis
Businesses are increasingly putting themselves at risk by allowing the unauthorised and uncontrolled use of portable storage devices. We show which strategies and technologies organisations should adopt to manage them securely.
What are the security concerns?
The use of unauthorised portable storage devices poses many dangers, not least for the malicious code that they can introduce. High data capacity and transfer rates, and broad platform support mean that a Universal Serial Bus (USB) or FireWire (IEEE 1394) device has the capacity to quickly download much valuable corporate information, which can be easily leaked to the outside world.
This underlying vulnerability has existed since the release of Microsoft Windows 2000, the first widely deployed operating system able to mount a USB storage device automatically.
Portable devices include any kind of pocket-sized portable FireWire hard drive, like those from LaCie or Toshiba, or USB hard drive or keychain drive, such as M-Systems' DiskOnKey. They also include disk-based MP3 players, such as Apple's iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media.
The devices pose two kinds of threat.
- Intentionally or unintentionally, users can bypass perimeter defences like firewalls and antivirus at mailserver, and introduce malware such as Trojan horses or viruses that, if not discovered, can cause serious damage.
- Companies are at risk of losing intellectual property and other critical corporate data. Portable storage devices are ideal for anyone intending to steal sensitive and valuable data. Employees may also be responsible for losing data if they inadvertently mislay these devices.
Previous
Did you find this article useful?
299 out of 562 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
