What are USB flash drive security best practices?

Ken Munro reviews how to secure USB flash drives in the enterprise.

In your opinion, for enterprise use, what are USB flash drive security best practices?

Easy. Don't allow the use of USB flash drive security devices :-)

More seriously; as mice and keyboards now invariably use USB interfaces, totally disabling USB ports is now impractical. And of course, USB sticks can be a very useful form of portable storage.

Instead, you need to implement proper USB flash drive security and device management so that you can control how the storage devices are used. Fortunately, many commercially available USB access control products allow you to define what types of USB device are permitted by which user.

These flash drive security solutions let you apply granular access controls that restrict the use of USB ports. For example, you could allow regular staff to use USB keyboards and mice, but also prevent any use of USB hard drives, iPods, USB memory keys etc. -- in other words, the kind of device that could be used to pinch or copy data.

If USB use is required for a genuine business purpose, then consider having a process by which senior IT staff can write data to USB keys on controlled machines. Further ensure that only strongly encrypted USB keys are permissible for use, so the occasional, inevitable loss presents no significant issue.

Finally, keep an audit log of what's on which USB key. Ensure, too, they are returned to IT and wiped. Bold staff members who want to export the contents of your CRM can still do so if they follow the required process -- but at least you'll have a log of it.

Read more on Application security and coding requirements