Thumb Drives: How They Hurt Security

May 8, 2007 1:52 PM


         Subscribe in NewsGator Online   Subscribe in Bloglines

According to a recent study from Centennial Software, United Kingdom, IT managers said portable storage devices, such as thumb drives and MP3 players, have surpassed even malware to become a top security concern.

The study, which polled 370 IT professionals, showed that 38.4 percent of IT managers say portable storage devices are their top security concern. That's up from 25.7 percent in 2006.

"It is very easy to download information to them quickly," says Bill Piwonka, vice president of product management for Centennial Software. "If there isn't a defined acceptable use policy or controls to prevent the download and transfer of sensitive data, managers do not know if and how such data is leaving the building. Also, USB sticks are frequently lost. If sensitive data isn't encrypted on these devices, it would obviously be very easy to obtain."

To make matters worse, 80 percent of respondents admitted that their organizations don't currently have effective measures in place to combat the unauthorized use of portable devices. And 43.2 percent cited no control at all. Only 8.6 percent have a total ban on portable devices.
Piwonka said in an interview that that danger with portable storage devices lies in not knowing what files have been maliciously or even unintentionally downloaded to them, and how that data is being used. And if it has been lost, who has the information?

A worker easily could download corporate information -- sales figures, customer lists, marketing plans -- onto a small storage device, slip it into his or her bag or even a pocket, and just walk out the door with it. It makes stealing information much easier since it is not a matter of printing anything out or even walking out of the office with a laptop slung over a shoulder.

While IT managers fear what users might do with a portable storage device, they also really like them for themselves. The study showed that 65 percent of IT managers use a USB flash drive on a daily basis. "Portable devices do have a function in the workplace," says Piwonka. "They are an easy way to share, transfer, and store information. Managers need to create an acceptable use policy and share it with their employees to further control the handling of sensitive data."

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Latest Jobs

Popular Stories

Resources

Webinar

A Cost-Effective Framework For Total Security Integration

Join AC&SS and MAXxess as they review two different IP-framework applications
Wednesday, July 30, 2008 at 2:00pm ET/11:00am PT

Register Now!

Back to Top