I'm assuming here that the issue that you are trying to address is the use of unapproved USB devices and the threats they introduce to your environment. In summary the threats are:
- Importing a Trojan or unauthorised software via USB stick, leading to a loss of service.
- Importing copyrighted material (typically music or videos), breaching copyright and using up resources.
- Theft of company information by downloading onto a USB device.
- Downloading information onto a USB device and subsequently losing that device, leading to a disclosure of sensitive information and potential reputational damage.
There are a number of well-established products in the market geared toward ensuring USB drive security. In choosing a product, consider the following questions:
- Do you want to control and audit devices, or do you also want to be able to encrypt them using the same product? Some products will allow you to do both.
How easy is it to centrally manage USB device permissions?
- Do you want to prevent unauthorised devices, or just receive an alert when an unauthorised device is introduced?
The answers to these questions will depend on the risk to your organisation and the procedures that will work for you. In my experience, it can be difficult to persuade businesses to adopt a complete lockdown of USB devices, particularly senior managers using iPhones (yes, these too are USB devices). So select a tool that offers the flexibility to manage exceptions if you cannot implement a strict policy, as is often the case.
Related Q&A from Neil O'Connor
As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are ...continue reading
In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.continue reading
Expert Neil O'Connor shares a recent project that demonstrates how IP-enabled physical security may be changing the market.continue reading