USB drives are proving to be immensely popular and valuable
as they can increase productivity and are easy to use. There are
many scenarios where they bring benefits, such as working from
home, working at client locations, using multiple computers,
backing-up from a laptop, and sharing data with customers at
conferences, to name but a few,writes David Jevans,
chief executive atIronKey.
But there is a downside: USB drives can be a serious security
problem for IT managers, especially now that an insecure
DVD-data-sized (4Gbyte) keyfob drive can be bought online for less
than £10. With mobile phones and MP3 players also starting to reach
this level of storage capacity and being supplied with standard or
mini-USB connectors, you begin to understand the scale of the
problem.
Fortunately, the problem is far from being unbeatable.
Companies should start from the premise of barring staff from
bringing vanilla (ie, unprotected) USB sticks onto company
premises, or using them on work-at-home PCs where company data is
involved.
This need not be a draconian mandate, but take the form of an
educational element on IT security - explaining the reasoning etc -
within staff induction courses.
And if you don't already have a staff induction course, you need
one, as all sorts of company legislation needs to be explained to
new employees, as well as temps from agencies.
It' is also necessary to use on-network/IT resource technology
that analyses new devices as they are hooked up to the company
system and lock out any unauthorised device. No exceptions - even
for the managing director.
And the final stage in what should be an essential part of a
company's IT security strategy is that of supplying staff with a
secure USB storage device where required. Using a pooling system
helps keep a lid on costs.
By secure I mean a USB stick with a degree of security
intelligence built into it.
This intelligence is quite benign and sensible, typically
including on-board anti-malware and virus software, which is
updated across the internet each time the device gains access.
The device should also be involved in a remote portable device
scheme, whereby portable devices are updated with IT security
policies and checked for general well-being as they connect to the
company IT resource, directly, or across the internet.
A good IT security system will include the remote management and
tracking of secure intelligent flash drives, and also include the
ability to recover content, reset a password and redeploy or delete
data on a device as and when required.
It is this remote control facility that can be a lifesaver for
staff and management, as USB sticks and portable storage devices
can throw a wobbly.
And you would be surprised how many people rely on these devices
yet fail to take a back-up.
In an ideal world, all staff would understand the need for
back-ups and IT security but, hey, life is too short, and some
junior staff, let's face it, have other priorities in life. They -
and we - are only human after all.
And this is where automated security management of portable
storage devices, as well as other on-network resources is so
critical. Good management software operates unobtrusively in the
background.
We can't all be super-tech-savvy Tom Cruise in Mission
Impossible, but we can use our IT resources sensibly and comply
with best practice. And without having to worry about it. That's
what makes a good IT system.