A blog focused on messaging and collaboration of all types -- email, instant messaging, VoIP, Web conferencing and other technologies that help people communicate more efficiently and effectively.

Monday, April 9, 2007

iPods a threat to corporate data security?

There's an interesting article in MacWorld that discusses the threat posed by iPods and other storage devices with regard to their ability to allow employees to download large amounts of corporate information:

http://www.macworld.com/news/2007/04/09/nextsentry/index.php?lsrc=mwrss

The article, which focuses on the security firm NextSentry, goes on to say that iPods and other devices should not be permanently banned, but instead their use should be restricted until corporate policies are in place to address and enforce their proper use.

Given that email, among other technologies, contain a huge and growing quantity of business records and other sensitive information, NextSentry's warning certainly makes sense. We're in the midst of writing a white paper on outbound content security that will address this and other issues in the workplace.

posted by Michael D. Osterman at 4/09/2007 03:47:00 PM

1 Comments:

Anonymous David Kelleher said...

The uncontrolled use of portable storage devices by employees is a very real threat to the security and stability of any business. Unfortunately, many businesses are unaware of, or ignore the threat until something actually happens.
A number of security companies, such as GFI Software, have long been warning about the dangers of endpoint devices. Their usage, coupled with data theft techniques such as ‘pod slurping’, can lead to major security breaches. And while data theft from the loss or theft of laptops is a growing concern for IT managers, there are even more serious threats closer to home than many realize – “the enemy within”.
Portable storage devices are a major threat because companies have no record of what files are being transferred from the network to the device and vice-versa. An employee with a grudge against his employee can easily copy commercially sensitive information off the network or upload a virus that could cripple the system.
While a few counter-measures that corporations can adopt to prevent unauthorized portable device use exist, they are not the perfect solution. Banning portable storage devices on the corporate premises, the physical blocking of computer access ports, or using Windows Group Policies are common practices, yet they also restrict those who depend on these devices to work.
The only effective solution to counter portable device threats is to deploy a software solution that allows you to discriminate between legitimate and illegitimate use of devices, in compliance with the custom security policies set up by the corporation.
What administrators must also realize is that managing risk is always more cost effective than having to react to breaches or incidents. In an ever-growing networked environment where risk is becoming a major concern, administrators have to be ahead of threats and not passively reacting to incidents. Apart from immediate financial repercussions such as business loss, there is the enduring stain of embarrassment and loss of credibility. For a company that prides itself with protecting its customers’ data, a single breach could have irreversible repercussions.
More details on endpoint security and iPod slurping can be found at:
http://www.gfi.com/whitepapers/pod-slurping-an-easy-technique-for-stealing-data.pdf
and
http://www.gfi.com/whitepapers/threat-posed-by-portable-storage-devices.pdf

April 11, 2007 3:16 AM

 

Post a Comment

<< Home