3ami allows employers to track use of USB storage devices

The latest product from Manchester-based 3ami Ltd. allows employers to control access to USB storage devices, while keeping a complete audit trail of user's keystrokes.

Ever since USB storage devices were identified as a potential channel for data loss security firms have been working on new ways to limit and control their use.

The latest in line is Manchester-based 3ami Ltd, which specialises in software for monitoring employee activity on computer systems.

It has incorporated new features into version 7 of its flagship Monitoring & Audit System (MAS) to allow an employer to control the access and use of encrypted USB drives, while keeping a complete audit trail of every keystroke a user makes.

The system can now even register a specific USB device to a specific user so that, for example, an employee will be allowed to copy data to his or her encrypted device, but not to an iPod or other memory stick.

For more on USB storage devices

Learn about which recent USB-like device could overtake the one-time password devices.

According to managing director Tim Ellsmore, MAS now gives companies the ability to define exactly who can use which virtual desktop USB sticks, what type of devices they can use, and what applications they can access. "If an unauthorised user tries to use a USB stick, or an authorised user tries to use an unauthorised USB stick, then the system will block it," he said.

Employers can set policy from the central MAS system at a very granular level so the use of USB storage devices can be closely controlled, Ellsmore said. As well as keeping track of all keystrokes, the systems can be set to record screen shots at regular intervals so a user's session can be replayed, for instance, if the employer suspects any unauthorised access to data.

MAS operates using a client-based agent that records all user activity whether or not that person is connected to the corporate network. Once the client device is connected to the network, the activity records are uploaded to the central MAS database, where they are held securely and encrypted, and can then be searched by various parameters, such as time, user and application usage.

"Even if an authorised user takes data on an authorised USB stick, we still have an audit trail of what they took," Ellsmore said. "And we can also go back and look at what searches the user made before that to get a complete picture of what they did."

He said the system can be used not only to provide evidence against staff members that misbehave, but also to prevent employees being dismissed unjustly.

3ami's main business is in the U.K. public sector where it sells directly. It also has resellers in the U.S. and Norway, Ellsmore said, which have customers in education, manufacturing and law firms.

Fran Howarth, principal analyst with the research company Quocirca Ltd., said the main strength of the product is that it enables companies to track exactly what users have been doing. "I've not seen anything like this before. It offers very granular control," she said. "It allows you to see what files were transferred -- which is something you cannot do with other solutions, such as hard disk encryption. I think this gives it a clear differentiator."

But Rosemary Jay, head of the technology law practice at Pinsent Masons, warned that employee monitoring had to be done with care. "You need to be very clear about what you are going to use it for, and use needs to be proportionate," she said. Employees should be advised of how the system will be used, and made aware that their actions could be tracked.

In the rest of Europe, the same privacy principles apply, although in some countries, such as Germany, employment law dictates that any significant changes in the way staff is monitored need to be introduced in consultation with local works councils.

Read more on Identity and access management products