Is an Apple iPod or MP3 player a threat to corporate data? Security experts increasingly believe such devices can be used to steal sensitive data from company PCs and networks. Last month, the Web was buzzing with the news that the UK Ministry of Defense was banning the use of iPods due to security concerns. Though the story -- released by Reuters -- was denied by the ministry, it has caused many to review their thinking on allowing portable devices in the workplace.
The problem is not new. Ever since PCs had floppy disks and, more recently, CD-R drives, it has been a simple matter for unscrupulous staff to steal any data they are able to access. New personal devices just add to the problem.
But according to recent research by Gartner, companies should consider banning portable storage devices from the workplace due to the risk of theft, and the fact that they can be the source of computer viruses and Trojans.
On the should-be-banned list are Smart Media and similar cards, keychain or USB drives, Sony Me-mory Sticks, CompactFlash and portable MP3 players. Gartner says that such devices can easily bypass firewalls and that a mislaid device can also be misappropriated by another member of staff.
But not everyone thinks a banning order is appropriate. Mark Blowers, a senior analyst at Butler Group, says companies have to get things in proportion.
"This is an issue, but it's more about overall security policy. It's not really feasible to ban such products outright as many people travel with them to work. It's probably more about banning them in particularly sensitive areas -- if that is pos-sible," he said.
But the problem is set to grow. Storage capacity is doubling roughly every six months, while remaining at almost the same price.
The first key development was Flash memory, which stimulated the production of personal digital assistants (PDAs). The second development was removable storage using Secure Digital, Compact-Flash or Memory Sticks, most noticeably used in digital cameras and sealed inside MP3 devices.
Finally, tiny hard drives have increased portable storage further. The 4.6cm4 Hitachi drives used in iPods, for example, can store up to 40GB, and some players have even larger capacities.
But Greg Carlow, managing director at systems integrator Rep-ton, says, the problem is also about how companies organize data.
"If someone is malevolent, they can probably do serious damage by stealing a few megabyte of data: most companies only really use about 0.1 percent of the data they own, they just never get round to managing it," Carlow said, adding that the problem lies in operating systems devised years before such storage technology was available.
"Maybe in future versions of Windows we will start to see code that isolates unknown storage devices until they have been approved by the IT [information technology] department for use on a particular machine," he said.
But there are signs that companies are tightening up security policies to take account of the risk.
"We have been giving away memory sticks to customers but quite a few have refused them because there is a company policy banning their use," says Paul Hammond, UK general manager at systems integrator CNT.
In a recent survey of 200 UK firms by software security firm Reflex Magnetics, 82 percent of respondents said they regarded mobile devices such as the iPod as a security threat. Reflex says those in the healthcare and finance sectors are most likely to toughen up their security policies soon.
Companies are also likely to look to intrusion protection software that seeks to plug gaps on desktops and servers. For example Cisco's Security Agent software sits on the PC and can bar access to the USB port.
"It's available, but only two of our customers are using it in that way," says Paul King, Cisco's senior security consultant.
"It's more a matter of firms classifying and segregating data that needs to be protected, as well as ensuring they provide encryption on laptops, which are a far greater security risk," King said.
Other firms offer encryption tools so that only encrypted access is possible to USB drives.
What is certain is that data theft will get easier as data storage devices increase in capacity while reducing in size and cost.
While the future holds the promise of vast amounts of data on holographic devices, the next few years are likely to be defined by squeezing more out of existing technology.
Beijing’s continued provocations in the Taiwan Strait reveal its intention to unilaterally change the “status quo” in the area, the US Department of State said on Saturday, calling for a peaceful resolution to cross-strait issues. The Coast Guard Administration (CGA) reported that four China Coast Guard patrol vessels entered restricted and prohibited waters near Kinmen County on Friday and again on Saturday. A State Department spokesperson said that Washington was aware of the incidents, and urged all parties to exercise restraint and refrain from unilaterally changing the “status quo.” “Maintaining peace and stability across the Taiwan Strait is in line with our [the
EXTENDED RANGE: Hsiung Sheng missiles, 100 of which might be deployed by the end of the year, could reach Chinese command posts and airport runways, a source said A NT$16.9 billion (US$534.93 million) project to upgrade the military’s missile defense systems would be completed this year, allowing the deployment of at least 100 long-range Hsiung Sheng missiles and providing more deterrence against China, military sources said on Saturday. Hsiung Sheng missiles are an extended-range version of the Hsiung Feng IIE (HF-2E) surface-to-surface cruise missile, and are believed to have a range of up to 1,200km, which would allow them to hit targets well inside China. They went into mass production in 2022, the sources said. The project is part of a special budget for the Ministry of National Defense aimed at
READY TO WORK: Taiwan is eager to cooperate and is hopeful that like-minded states will continue to advocate for its inclusion in regional organizations, Lai said Maintaining the “status quo” in the Taiwan Strait, and peace and stability in the Indo-Pacific region must be a top priority, president-elect William Lai (賴清德) said yesterday after meeting with a delegation of US academics. Leaders of the G7, US President Joe Biden and other international heads of state have voiced concerns about the situation in the Strait, as stability in the region is necessary for a safe, peaceful and prosperous world, Lai said. The vice president, who is to be inaugurated in May, welcomed the delegation and thanked them for their support for Taiwan and issues concerning the Strait. The international community
COOPERATION: Two crewmembers from a Chinese fishing boat that sank off Kinmen were rescued, two were found dead and another two were still missing at press time The Coast Guard Administration (CGA) was yesterday working with Chinese rescuers to find two missing crewmembers from a Chinese fishing boat that sank southwest of Kinmen County yesterday, killing two crew. The joint operation managed to rescue two of the boat’s six crewmembers, but two were already dead when they were pulled from the water, the agency said in a statement. Rescuers are still searching for two others from the Min Long Yu 61222, a boat registered in China’s Fujian Province that capsized and sank 1.03 nautical miles (1.9km) southwest of Dongding Island (東碇), it added. CGA Director-General Chou Mei-wu (周美伍) told a