The Threats Posed By Portable Storage Devices

White Paper Published By: GFI

This white paper examines the nature of the threat that devices such as iPods, USB sticks, flash drives and PDAs present and the counter-measures that organizations can adopt to eliminate them.

Tags :

endpointsecurity, end-point, endpoint security, insider, usb, mole, i-pod, ipod

Published:	Jun 14, 2007
Type:	White Paper
Length:	9 pages

The threats posed by portable storage
devices
Uncontrolled use of iPods, USB sticks, PDAs and other
devices on your network can lead to data theft, introduction of viruses, legal liability issues and more
In a society where the use of portable storage devices is commonplace, the threat that these devices pose to corporations and organizations is often ignored. This white paper examines the nature of the threat that devices such as iPods, USB sticks, flash drives and PDAs present and the counter-measures that organizations can adopt to eliminate them.
WWW.GFI.COM Introduction In an on-demand society where individuals can easily access portable music players, PDAs, mobile phones and digital cameras, technological innovation has responded to personal needs with the development of electronic devices that include data storage capabilities. There is, however, a downside to this modern-day scenario - the misuse of these devices in a corporate environment can spell disaster to a corporation! The statistics are not encouraging; for instance, the 2005 CSI/FBI survey reports that "theft of proprietary information is up from [US] $168,529 in 2004 to [US] $355,552 in 2005" (Gordon et al., 2005).
2005 CSI/FBI computer crime and security survey "Theft of proprietary information up from $168,529 in 2004 to $355,552 in 2005."
Today, corporations who recognize the extent of the data theft problem are enacting security policies that regulate the use of portable storage devices in the corporate environment. But is a security policy alone the best solution to mitigate the risks posed by portable storage devices? And what are the real risks associated with the uncontrolled use of portable storage devices?
Introduction....................................................................................................................................2 The rise of portable storage devices .............................................................................................2 Why do corporations require protection? ......................................................................................3 Commonly used countermeasures................................................................................................6 Conclusion.....................................................................................................................................6 About GFI ......................................................................................................................................7 References ....................................................................................................................................7
The rise of portable storage devices In the last ten years data storage technology has broken all the barriers that used to bind it to large devices that stored limited amounts of data. These technological breakthroughs have:
. Increased data storage and data transfer speeds exponentially . Increased device portability through a substantial reduction in physical device size . Increased device availability by the development of mass-appeal low-cost products . Simplified the connectivity method to computer systems. A typical example is the Apple iPod released in October 2005. This device can store up to 60 GB of data - as much as the typical corporate workstation's hard drive. In practice, this translates to millions of proprietary, financial, consumer and otherwise sensitive corporate records!
WWW.GFI.COM The threats posed by portable storage devices . 3
Transferring data from one computer system to another is nowadays a non-technical, highly efficient, inconspicuous task. This effectively puts corporations in harm's way, since the misuse of portable storage devices can expose corporate networks to a number of dangerous issues which might have an impact on corporations in a variety of ways.

The evolution of portable storage media
Why do corporations require protection? Statistics demonstrate that 98% of all crimes committed against companies in the U.K. had an insider connection (Computer Crime Research Center, 2005). Data theft, legal liabilities, productivity losses and corporate n... [download for more]

Browse Technology Topics

Data Center Virtualization, Cloud Computing, Infrastructure, Design and Facilities... more, Power and Cooling, Green Computing less		Data Management Application Integration, Analytical Applications, Business Intelligence... more, Configuration Management, Database Development, Data Integration, Data Mining, Data Protection, Data Quality, Data Replication, Database Security, EDI, SOAP, Service Oriented Architecture, Web Service Management, Data Warehousing less
Electronics Analog Communications, Digital Signal Processing, Electronic Design Automation... more, System On A Chip, Electronic Test and Measurement, Embedded Design, Boards & Modules, Embedded Systems and Networking, Electromechanical & Mechanical, Optoelectonics & Displays, Packaging and Interconnects, Passive & Discrete Components, Power Sources & Conditioning Devices, Integrated Circuits and Semiconductors, Sensors & Actuators less		Enterprise Applications Application Integration, Application Performance Management... more, Best Practices, Business Activity Monitoring, Business Analytics, Business Integration, Business Intelligence, Business Management, Business Metrics, Business Process Automation, Business Process Management, Call Center Management, Call Center Software, Change Management, Corporate Governance, Customer Interaction Service, Customer Relationship Management, Customer Satisfaction, Customer Service, EBusiness, Enterprise Resource Planning, Enterprise Software, EProcurement, Extranets, Groupware Workflow, HIPAA Compliance, IP Faxing, IT Spending, Marketing Automation, Performance Testing, Product Lifecycle Management, Project Management, Return On Investment, Risk Management, Sales & Marketing Software, Sales Automation, Server Virtualization, Simulation Software, Supply Chain Management, System Management Software, Total Cost of Ownership, Video Conferencing, Voice Recognition, Voice Over IP, Workforce Management, Incentive Compensation, Spend Management, Manufacturing Execution Systems, International Computing less
Human Resource Technology Human Resources Services, Payroll Software, Time and Attendance Software... more, Workforce Management Software, Financial Management, Employee Monitoring Software, Employee Training Software, Recruiting Software/Services, Employee Performance Management, ELearning, Benefits Management, Expense Management less		IT Career Advancement Cisco Certification, Microsoft Certification, Linux Certification... more, Network Security Certification, Software Development Certification less
IT Management Employee Performance, ITIL, Productivity, Project Management... more, Software Compliance, Sarbanes Oxley Compliance, Service Management, Desktop Management less		Knowledge Management Collaboration, Collaborative Commerce, Contact Management... more, Content Delivery, Content Integration, Content Management System, Corporate Portals, Customer Experience Management, Document Management, Information Management, Intranets, Messaging, Records Management, Search And Retrieval, Search Engines, Secure Content Management, SLA less
Networking Active Directory, Bandwidth Management, Convergence, Distributed Computing... more, Ethernet Networking, Fibre Channel, Gigabit Networking, Governance, Grid Computing, Infrastructure, Internetworking Hardware, Interoperability, IP Networks, IP Telephony, Local Area Networking, Load Balancing, Migration, Monitoring, Network Architecture, Network Management, Network Performance, Network Performance Management, Network Provisioning, Network Security, OLAP, Optical Networking, Quality Of Service, Remote Access, Remote Network Management, Server Hardware, Servers, Small Business Networks, TCP/IP Protocol, Test And Measurement, Traffic Management, Tunneling, Utility Computing, VPN, Wide Area Networks, Green Computing, Cloud Computing, Power and Cooling, Data Center Design and Management, Colocation and Web Hosting less		Platforms AS/400, Domino, Linux, Microsoft Exchange, Oracle, PeopleSoft... more, SAP, Siebel, Solaris, Tivoli, Unix, Web Sphere, Windows, Windows Server less
Security Access Control, Anti Spam, Anti Spyware, Anti Virus, Application Security... more, Auditing, Authentication, Biometrics, Business Continuity, Compliance, DDoS, Disaster Recovery, Email Security, Encryption, Firewalls, Hacker Detection, High Availability, Identity Management, Internet Security, Intrusion Detection, Intrusion Prevention, IPSec, Network Security Appliance, Password Management, Patch Management, Phishing, PKI, Policy Based Management, Security Management, Security Policies, Single Sign On, SSL, Secure Instant Messaging, Web Service Security, PCI Compliance, Vulnerability Management less		Software Development .NET, C++, Database Development, Java, Middleware, Open Source... more, Software Outsourcing, Quality Assurance, Scripting, SOAP, Software Testing, Visual Basic, Web Development, Web Services, Web Service Security, XML less
Storage Backup And Recovery, Blade Servers, Clustering, IP Storage... more, ISCSI, Network Attached Storage, RAID, Storage Area Networks, Storage Management, Storage Virtualization, Email Archiving, Data Deduplication less		Wireless 802.11, Bluetooth, CDMA, GPS, Mobile Computing, Mobile Data Systems... more, Mobile Workers, PDA, RFID, Smart Phones, WiFi, Wireless Application Software, Wireless Communications, Wireless Hardware, Wireless Infrastructure, Wireless Messaging, Wireless Phones, Wireless Security, Wireless Service Providers, WLAN less