By John Brandon, CIO Jan 29, 2012 9:04 am
For such a small device, the plastic, handheld USB flash drive can cause big security headaches. Even if you have robust end-point security and establish rigid policies about employee use of these drives, employees still find a way to copy
financial reports and business plans for use at home. While other security breaches are more traceable, a flash drive is more difficult to monitor,
especially after the employee leaves work.
Some security professionals suggest a radical approach to locking down USB flash drives. Sean Greene, a security consultant at Evidence Solutions, advises his clients to use a clear silicone caulk and fill every USB port on every PC to prevent USB attachments. He says the only way employees can transmit sensitive business documents is by email, a method that his clients can easily monitor.
Chris Harget, a spokesperson for security vendor ActivIdentity, adds that many military organizations don’t allow the drives at all, and they have
resorted to gluing USB ports closed to prevent breaches.Yet, in the modern IT climate, CIOs know they have to provide the services employees need to do their jobs, and that can include using a USB drive. For example, in a sales organization, employees often need to load PowerPoint
slides, which may contain company financials, onto a USB flash drive.
Some organizations have found ways to deter data breaches while still allowing employees to use the devices. A common theme is to have the data encrypted. “For low-cost drives that do not contain their own encryption engines, a strong software-based encryption
solution is fine and can meet even the lower-end government certifications,” says John Girard, a Gartner analyst. “The best practice is to never write data
to external media that was not encrypted in the first place.”