Is an Apple iPod or MP3 player a threat to corporate data? Security experts increasingly believe such devices can be used to steal sensitive data from company PCs and networks. Last month, the Web was buzzing with the news that the UK Ministry of Defense was banning the use of iPods due to security concerns. Though the story -- released by Reuters -- was denied by the ministry, it has caused many to review their thinking on allowing portable devices in the workplace.
The problem is not new. Ever since PCs had floppy disks and, more recently, CD-R drives, it has been a simple matter for unscrupulous staff to steal any data they are able to access. New personal devices just add to the problem.
But according to recent research by Gartner, companies should consider banning portable storage devices from the workplace due to the risk of theft, and the fact that they can be the source of computer viruses and Trojans.
On the should-be-banned list are Smart Media and similar cards, keychain or USB drives, Sony Me-mory Sticks, CompactFlash and portable MP3 players. Gartner says that such devices can easily bypass firewalls and that a mislaid device can also be misappropriated by another member of staff.
But not everyone thinks a banning order is appropriate. Mark Blowers, a senior analyst at Butler Group, says companies have to get things in proportion.
"This is an issue, but it's more about overall security policy. It's not really feasible to ban such products outright as many people travel with them to work. It's probably more about banning them in particularly sensitive areas -- if that is pos-sible," he said.
But the problem is set to grow. Storage capacity is doubling roughly every six months, while remaining at almost the same price.
The first key development was Flash memory, which stimulated the production of personal digital assistants (PDAs). The second development was removable storage using Secure Digital, Compact-Flash or Memory Sticks, most noticeably used in digital cameras and sealed inside MP3 devices.
Finally, tiny hard drives have increased portable storage further. The 4.6cm4 Hitachi drives used in iPods, for example, can store up to 40GB, and some players have even larger capacities.
But Greg Carlow, managing director at systems integrator Rep-ton, says, the problem is also about how companies organize data.
"If someone is malevolent, they can probably do serious damage by stealing a few megabyte of data: most companies only really use about 0.1 percent of the data they own, they just never get round to managing it," Carlow said, adding that the problem lies in operating systems devised years before such storage technology was available.
"Maybe in future versions of Windows we will start to see code that isolates unknown storage devices until they have been approved by the IT [information technology] department for use on a particular machine," he said.
But there are signs that companies are tightening up security policies to take account of the risk.
"We have been giving away memory sticks to customers but quite a few have refused them because there is a company policy banning their use," says Paul Hammond, UK general manager at systems integrator CNT.
In a recent survey of 200 UK firms by software security firm Reflex Magnetics, 82 percent of respondents said they regarded mobile devices such as the iPod as a security threat. Reflex says those in the healthcare and finance sectors are most likely to toughen up their security policies soon.
Companies are also likely to look to intrusion protection software that seeks to plug gaps on desktops and servers. For example Cisco's Security Agent software sits on the PC and can bar access to the USB port.
"It's available, but only two of our customers are using it in that way," says Paul King, Cisco's senior security consultant.
"It's more a matter of firms classifying and segregating data that needs to be protected, as well as ensuring they provide encryption on laptops, which are a far greater security risk," King said.
Other firms offer encryption tools so that only encrypted access is possible to USB drives.
What is certain is that data theft will get easier as data storage devices increase in capacity while reducing in size and cost.
While the future holds the promise of vast amounts of data on holographic devices, the next few years are likely to be defined by squeezing more out of existing technology.
SECURITY: As China is ‘reshaping’ Hong Kong’s population, Taiwan must raise the eligibility threshold for applications from Hong Kongers, Chiu Chui-cheng said When Hong Kong and Macau citizens apply for residency in Taiwan, it would be under a new category that includes a “national security observation period,” Mainland Affairs Council (MAC) Minister Chiu Chui-cheng (邱垂正) said yesterday. President William Lai (賴清德) on March 13 announced 17 strategies to counter China’s aggression toward Taiwan, including incorporating national security considerations into the review process for residency applications from Hong Kong and Macau citizens. The situation in Hong Kong is constantly changing, Chiu said to media yesterday on the sidelines of the Taipei Technology Run hosted by the Taipei Neihu Technology Park Development Association. With
CARROT AND STICK: While unrelenting in its military threats, China attracted nearly 40,000 Taiwanese to over 400 business events last year Nearly 40,000 Taiwanese last year joined industry events in China, such as conferences and trade fairs, supported by the Chinese government, a study showed yesterday, as Beijing ramps up a charm offensive toward Taipei alongside military pressure. China has long taken a carrot-and-stick approach to Taiwan, threatening it with the prospect of military action while reaching out to those it believes are amenable to Beijing’s point of view. Taiwanese security officials are wary of what they see as Beijing’s influence campaigns to sway public opinion after Taipei and Beijing gradually resumed travel links halted by the COVID-19 pandemic, but the scale of
A US Marine Corps regiment equipped with Naval Strike Missiles (NSM) is set to participate in the upcoming Balikatan 25 exercise in the Luzon Strait, marking the system’s first-ever deployment in the Philippines. US and Philippine officials have separately confirmed that the Navy Marine Expeditionary Ship Interdiction System (NMESIS) — the mobile launch platform for the Naval Strike Missile — would take part in the joint exercise. The missiles are being deployed to “a strategic first island chain chokepoint” in the waters between Taiwan proper and the Philippines, US-based Naval News reported. “The Luzon Strait and Bashi Channel represent a critical access
Pope Francis is be laid to rest on Saturday after lying in state for three days in St Peter’s Basilica, where the faithful are expected to flock to pay their respects to history’s first Latin American pontiff. The cardinals met yesterday in the Vatican’s synod hall to chart the next steps before a conclave begins to choose Francis’ successor, as condolences poured in from around the world. According to current norms, the conclave must begin between May 5 and 10. The cardinals set the funeral for Saturday at 10am in St Peter’s Square, to be celebrated by the dean of the College