- Adopt personal firewalls to limit what can be done on USB ports. Leading products to consider are from vendors like Sygate Technologies, Zone Labs and Symantec. For a more detailed marketplace and product evaluation, see "Magic Quadrant for Personal Firewalls, 1H03".
- Look at other products that can control ports selectively. SecureWave offers a host-based security solution, where administrators can create rules on the use of PCs to control applications and devices. This allows only authorised devices to be used and bars access to unauthorised ones.
- Use more traditional, host-based intrusion prevention products to assure compliance. This is a less straightforward process, but the system can be set to generate alerts when portable devices connect to a system. In this way, user activity is monitored so that individual access rights can be adhered to.
- Consider employing mobile data protection products to encrypt corporate or sensitive data. The Encrypting File System is a widely available product within Microsoft Windows operating system. Vendors like Pointsec Mobile Technologies, Information Security Corporation and PC Guardian Technologies offer alternative specialist solutions. For a more detailed insight into the mobile data encryption marketplace, see "Magic Quadrant for Mobile Data Protection, 1H04" and "Mobile Data Protection Magic Quadrant Criteria, 1H04".
- Consider using digital rights management technology as part of a wider protection strategy for proprietary information
On a broader level, and especially for those industries where intellectual property is of critical importance, the use of digital rights management software ensures the persistent protection of digital assets by maintaining constant control over their use and distribution. Vendors like Microsoft, Authentica, Liquid Machines and SealedMedia offer products that protect documents and files sent via email, or are generally shared across the wide company network.
As a general security best practice, managers should implement a desktop lockdown policy. They should also consider disabling universal plug and play, after pre-installing any desired drivers to permit the use of only authorised devices.
Businesses must ensure that the right procedures and technologies are adopted to securely manage the use of portable storage devices like USB "keychain" drives. This will help to limit damage from malicious code, loss of proprietary information or intellectual property, and consequent lawsuits and loss of reputation.
Key issues
How can enterprises comply with international and local regulations for security and personal data privacy, and how can IT security policies be tailored for specific regulatory entities?
Talkback
This article describes a problem which companies have ignored for a long time, and are still ignoring. The fact that the uncontrolled use of portable storage devices within a company network poses a serious threat to company security and integrity is still often under-estimated. A white paper which specifically talks about this issue, which may help shed some more light to companies who are recognizing this 'problem' is available at http://www.gfi.com/whitepapers/threat-posed-by-portable-storage-devices.pdf.