Is an Apple iPod or MP3 player a threat to corporate data? Security experts increasingly believe such devices can be used to steal sensitive data from company PCs and networks. Last month, the Web was buzzing with the news that the UK Ministry of Defense was banning the use of iPods due to security concerns. Though the story -- released by Reuters -- was denied by the ministry, it has caused many to review their thinking on allowing portable devices in the workplace.
The problem is not new. Ever since PCs had floppy disks and, more recently, CD-R drives, it has been a simple matter for unscrupulous staff to steal any data they are able to access. New personal devices just add to the problem.
But according to recent research by Gartner, companies should consider banning portable storage devices from the workplace due to the risk of theft, and the fact that they can be the source of computer viruses and Trojans.
On the should-be-banned list are Smart Media and similar cards, keychain or USB drives, Sony Me-mory Sticks, CompactFlash and portable MP3 players. Gartner says that such devices can easily bypass firewalls and that a mislaid device can also be misappropriated by another member of staff.
But not everyone thinks a banning order is appropriate. Mark Blowers, a senior analyst at Butler Group, says companies have to get things in proportion.
"This is an issue, but it's more about overall security policy. It's not really feasible to ban such products outright as many people travel with them to work. It's probably more about banning them in particularly sensitive areas -- if that is pos-sible," he said.
But the problem is set to grow. Storage capacity is doubling roughly every six months, while remaining at almost the same price.
The first key development was Flash memory, which stimulated the production of personal digital assistants (PDAs). The second development was removable storage using Secure Digital, Compact-Flash or Memory Sticks, most noticeably used in digital cameras and sealed inside MP3 devices.
Finally, tiny hard drives have increased portable storage further. The 4.6cm4 Hitachi drives used in iPods, for example, can store up to 40GB, and some players have even larger capacities.
But Greg Carlow, managing director at systems integrator Rep-ton, says, the problem is also about how companies organize data.
"If someone is malevolent, they can probably do serious damage by stealing a few megabyte of data: most companies only really use about 0.1 percent of the data they own, they just never get round to managing it," Carlow said, adding that the problem lies in operating systems devised years before such storage technology was available.
"Maybe in future versions of Windows we will start to see code that isolates unknown storage devices until they have been approved by the IT [information technology] department for use on a particular machine," he said.
But there are signs that companies are tightening up security policies to take account of the risk.
"We have been giving away memory sticks to customers but quite a few have refused them because there is a company policy banning their use," says Paul Hammond, UK general manager at systems integrator CNT.
In a recent survey of 200 UK firms by software security firm Reflex Magnetics, 82 percent of respondents said they regarded mobile devices such as the iPod as a security threat. Reflex says those in the healthcare and finance sectors are most likely to toughen up their security policies soon.
Companies are also likely to look to intrusion protection software that seeks to plug gaps on desktops and servers. For example Cisco's Security Agent software sits on the PC and can bar access to the USB port.
"It's available, but only two of our customers are using it in that way," says Paul King, Cisco's senior security consultant.
"It's more a matter of firms classifying and segregating data that needs to be protected, as well as ensuring they provide encryption on laptops, which are a far greater security risk," King said.
Other firms offer encryption tools so that only encrypted access is possible to USB drives.
What is certain is that data theft will get easier as data storage devices increase in capacity while reducing in size and cost.
While the future holds the promise of vast amounts of data on holographic devices, the next few years are likely to be defined by squeezing more out of existing technology.
A Chinese freighter that allegedly snapped an undersea cable linking Taiwan proper to Penghu County is suspected of being owned by a Chinese state-run company and had docked at the ports of Kaohsiung and Keelung for three months using different names. On Tuesday last week, the Togo-flagged freighter Hong Tai 58 (宏泰58號) and its Chinese crew were detained after the Taipei-Penghu No. 3 submarine cable was severed. When the Coast Guard Administration (CGA) first attempted to detain the ship on grounds of possible sabotage, its crew said the ship’s name was Hong Tai 168, although the Automatic Identification System (AIS)
An Akizuki-class destroyer last month made the first-ever solo transit of a Japan Maritime Self-Defense Force ship through the Taiwan Strait, Japanese government officials with knowledge of the matter said yesterday. The JS Akizuki carried out a north-to-south transit through the Taiwan Strait on Feb. 5 as it sailed to the South China Sea to participate in a joint exercise with US, Australian and Philippine forces that day. The Japanese destroyer JS Sazanami in September last year made the Japan Maritime Self-Defense Force’s first-ever transit through the Taiwan Strait, but it was joined by vessels from New Zealand and Australia,
SECURITY: The purpose for giving Hong Kong and Macau residents more lenient paths to permanent residency no longer applies due to China’s policies, a source said The government is considering removing an optional path to citizenship for residents from Hong Kong and Macau, and lengthening the terms for permanent residence eligibility, a source said yesterday. In a bid to prevent the Chinese Communist Party (CCP) from infiltrating Taiwan through immigration from Hong Kong and Macau, the government could amend immigration laws for residents of the territories who currently receive preferential treatment, an official familiar with the matter speaking on condition of anonymity said. The move was part of “national security-related legislative reform,” they added. Under the amendments, arrivals from the Chinese territories would have to reside in Taiwan for
CRITICAL MOVE: TSMC’s plan to invest another US$100 billion in US chipmaking would boost Taiwan’s competitive edge in the global market, the premier said The government would ensure that the most advanced chipmaking technology stays in Taiwan while assisting Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) in investing overseas, the Presidential Office said yesterday. The statement follows a joint announcement by the world’s largest contract chipmaker and US President Donald Trump on Monday that TSMC would invest an additional US$100 billion over the next four years to expand its semiconductor manufacturing operations in the US, which would include construction of three new chip fabrication plants, two advanced packaging facilities, and a research and development center. The government knew about the deal in advance and would assist, Presidential
RSS