This article shows which strategies and technologies organizations should adopt to manage them securely.
High data capacity and transfer rates, and broad platform support mean that a Universal Serial Bus (USB) or FireWire (IEEE 1394) device has the capacity to quickly download much valuable corporate information, which can be easily leaked to the outside world. This underlying vulnerability has existed since the release of Microsoft Windows 2000, the first widely deployed operating system able to mount a USB storage device automatically.
Intentionally or unintentionally, users can bypass perimeter defenses like firewalls and antivirus at mailserver, and introduce malware such as Trojan Horses or viruses that, if not discovered, can cause serious damage.
This means there is more risk of legal action if personal information – belonging to corporate clients or employees – ends up in the hands of an unauthorized third party. Companies are at risk of losing intellectual property and other critical corporate data. Portable storage devices are also ideal for anyone intending to steal sensitive and valuable data.
What are company requirements and strategies for deploying these devices in the workplace?
Companies should forbid the use of uncontrolled, privately owned devices with corporate PCs. The prohibition should extend to employees, and external contractors with direct access to corporate networks.
What are the best practices in managing these devices?
– Adopt a suitable security policy on using portable storage devices
– Use tools to help manage port access of USBs and FireWire
– Consider using digital rights management technology as part of a wider protection strategy for proprietary information
http://www.csoonline.com/analyst/report2714.html