Hardware & Infrastructure
03:00 PM
Connect Directly
Repost This

Reducing The Data-Theft Threat From USB Memory Sticks

Medical staffing firm uses Sanctuary Device Control to monitor every USB port on the network and set policies on the use of USB memory sticks.

Businesses constantly struggle between giving workers easy access to applications and information, and clamping down on access to ensure tight security. As new technologies make it easier to download and walk off with a company's crucial data, that challenge becomes more difficult. For many companies, the latest threat is USB memory sticks, small storage devices that can hold lots of data and easily be hidden in pockets, purses, or briefcases.

For the past two years, Martin, Fletcher & Associates, a medical staffing firm, has dealt with the USB memory-stick threat by banning their use. For VP of IS Fabi Gower, the information on job openings and job candidates collected by the company is crucial, and she does everything she can to reduce the opportunities for someone to steal that data. Hence the USB memory-stick ban.

"We had policies in place to lock down floppy drives and CD burners," she says, "but I could not find a feasible way to lock down our USB ports. The issue is that we don't care to have data walking out the door in somebody's pocket."

After two years of looking for something that could monitor and manage the use of USB memory sticks, Gower recently found an endpoint security program that has caused the company to reconsider its prohibition on the use of the devices. She has been testing Sanctuary Device Control 3.0 from SecureWave, which monitors every USB port on a network or on computers attached to the network and lets IT managers set policies to manage the use of USB portable storage devices.

"We want to stay ahead of employees lifting proprietary data on USB memory sticks," Gower says. "Device Control picks up on the actual device. From any USB port on the network, the software will identify the memory stick."

The latest version of the security software adds an integrated rules engine that can be used to set policies for applications and devices, giving an IT manager greater control and more-flexible management capabilities. It also includes location-based policy enforcement so administrators can set policies based on whether the memory stick is being used inside or outside the corporate network. It also includes enhanced policy-management features that will let Gower better monitor network-usage patterns and monitor how her administrators are enforcing policies. The new software will be available Aug. 1 at a price of $45 per user.

Gower wants to establish some new policies before she lifts the ban on USB memory sticks. First, she intends to allow the use of only one type of memory stick. She hasn't yet decided which one. Employees must seek permission to use a memory stick to store data. Such a request will have to be approved by the company's top management, and usage will be allowed for only a limited period of time. In addition, Gower plans to encrypt the data on the stick so it will be useless to anyone who steals one.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.