USB drives are proving to be immensely popular and valuable as they can increase productivity and are easy to use. There are many scenarios where they bring benefits, such as working from home, working at client locations, using multiple computers, backing-up from a laptop, and sharing data with customers at conferences, to name but a few, writes David Jevans, chief executive at IronKey.
But there is a downside: USB drives can be a serious security problem for IT managers, especially now that an insecure DVD-data-sized (4Gbyte) keyfob drive can be bought online for less than £10. With mobile phones and MP3 players also starting to reach this level of storage capacity and being supplied with standard or mini-USB connectors, you begin to understand the scale of the problem.
Fortunately, the problem is far from being unbeatable.
Companies should start from the premise of barring staff from bringing vanilla (ie, unprotected) USB sticks onto company premises, or using them on work-at-home PCs where company data is involved.
This need not be a draconian mandate, but take the form of an educational element on IT security - explaining the reasoning etc - within staff induction courses.
And if you don't already have a staff induction course, you need one, as all sorts of company legislation needs to be explained to new employees, as well as temps from agencies.
It' is also necessary to use on-network/IT resource technology that analyses new devices as they are hooked up to the company system and lock out any unauthorised device. No exceptions - even for the managing director.
And the final stage in what should be an essential part of a company's IT security strategy is that of supplying staff with a secure USB storage device where required. Using a pooling system helps keep a lid on costs.
By secure I mean a USB stick with a degree of security intelligence built into it.
This intelligence is quite benign and sensible, typically including on-board anti-malware and virus software, which is updated across the internet each time the device gains access.
The device should also be involved in a remote portable device scheme, whereby portable devices are updated with IT security policies and checked for general well-being as they connect to the company IT resource, directly, or across the internet.
A good IT security system will include the remote management and tracking of secure intelligent flash drives, and also include the ability to recover content, reset a password and redeploy or delete data on a device as and when required.
It is this remote control facility that can be a lifesaver for staff and management, as USB sticks and portable storage devices can throw a wobbly.
And you would be surprised how many people rely on these devices yet fail to take a back-up.
In an ideal world, all staff would understand the need for back-ups and IT security but, hey, life is too short, and some junior staff, let's face it, have other priorities in life. They - and we - are only human after all.
And this is where automated security management of portable storage devices, as well as other on-network resources is so critical. Good management software operates unobtrusively in the background.
We can't all be super-tech-savvy Tom Cruise in Mission Impossible, but we can use our IT resources sensibly and comply with best practice. And without having to worry about it. That's what makes a good IT system.
This was first published in August 2009