Thumb Drives: The Bad and the Good

May 1, 2007 12:00 PM

According to a recent study from Centennial Software, Swindon, U.K., IT managers say portable storage devices, such as thumb drives and MP3 players, have surpassed malware to become the top security concern of 2007. The third-annual “Security Attitudes Survey” polled 370 mid- and senior-level IT managers over three days at InfoSecurity Europe in London April 24 through 26. According to results, 38.4 percent of IT managers say portable storage devices are now their top concern over viruses, malware and spyware. That number is up from 25.7 percent in 2006.

“It is very easy to download information to them quickly,” says Bill Piwonka, vice president of product management for Centennial Software. “If there is not a defined acceptable use policy or controls to prevent the download and transfer of sensitive data, managers do not know if and how such data is leaving the building. USB sticks are frequently lost. If sensitive data is not encrypted on these devices, it would obviously be very easy to obtain.”

Eighty percent of respondents admitted that their organizations do not currently have effective measures in place to combat the unauthorized use of portable devices, and 43.2 percent cited no control at all. Moreover, only 8.6 percent of companies have a total ban on portable devices.

Piwonka says the danger with portable storage devices lies in not knowing what files have been maliciously or unintentionally downloaded to them, and how that data is being used. And if the device has been lost, who has the information? An employee can easily download corporate information, such as sales figures, customer lists and marketing plans, onto these devices, slip it into his or her pockets and just walk out the door.

Yet, IT managers admit they like to use the devices for themselves. The survey showed that 65 percent of IT managers use a USB flash drive on a daily basis. “Portable devices do have a function in the workplace,” Piwonka says. “They are an easy way to share, transfer and store information. But managers need to create an acceptable use policy and share it with their employees to further control the handling of sensitive data.”

Ironically, a thumb drive exists that has the capability to carry internal security policies and two-factor authentication functions while remaining portable and easy-to-use. Sweet Spot, Mesa, Ariz., offers a thumb drive that uses S3, an encryption software client. When the user inserts the thumb drive into the USB slot of his client machine, the software on the thumb drive binds itself to a key on the corporate network. The thumb drive facilitates two-factor authentication for the user, who now only has to remember a single password.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue