IPods pose security risk for enterprises

The iPod may be popular, but also poses such a major security risk for businesses, that enterprises should consider banning the...

The iPod poses such a major security risk for businesses, that enterprises should seriously consider banning the iPod and other portable storage devices, according to research from Gartner.

The devices, using a Universal Serial Bus (USB) or FireWire (IEEE 1394), present risks to businesses on several fronts: from introducing malicious code into a corporate network, to being used to steal corporate data, the research company said in its report How to Tackle the Threat From Portable Storage Devices.

The report pointed to a variety of devices, including pocket-sized portable FireWire hard drives, or USB hard drives or keychain drives. Gartner also named disc-based MP3 players as a security risk as well as digital cameras with smart media cards, memory sticks and compact flash.

Gartner advised companies to forbid employees and external contractors with direct access to corporate networks from using these privately owned devices with corporate PCs. Companies should also consider a "desktop lockdown policy", disabling universal plug and play functions after installing desired drivers, to permit the use of only authorised devices.

The report conceded that the devices themselves can be quite useful within corporations, making it "unpractical and counterproductive" to introduce an outright ban.         

Companies should take a multipronged approach to portable storage devices, Gartner said, including using personal firewalls to limit what can be done on USB ports. The use of products for selectively controlling ports and encrypting data should also be considered, the company said.

Laura Rohde writes for IDG News Service

Read more on IT risk management