Insecurity of Removable media
We have spoken at length on this site of "Endpoint Security". One of the items we mentioned that were important to endpoint security was "Device Control" for removable media. You see them everywhere: digital cameras, USB flash drives, mobile phones, MP3 players and iPods. All are easily connected to any PC, and all are capable of storing vast amounts of data, including anything accessible from any PC within your organisation.
The number of devices and the ease with which they interface with PCs has created serious risks to the confidentiality, integrity and availability of information. The threat of "information leakage" associated with these devices has become tangible and demonstrable. And it is not just the potential for misappropriation or theft of data that is cause for concern. Given that these devices allow for a two-way exchange of information, the ability to transfer viruses, Trojans and worms onto the corporate network could cause rapid and widespread disruption.
While removable media pose significant security threats, most security managers admit to not actively monitoring or preventing their use. The increased availability and prevalence of removable media represents an avenue for theft that is frequently left unsecured. A recent study of 100 IT managers in the UK noted that:
The number of devices and the ease with which they interface with PCs has created serious risks to the confidentiality, integrity and availability of information. The threat of "information leakage" associated with these devices has become tangible and demonstrable. And it is not just the potential for misappropriation or theft of data that is cause for concern. Given that these devices allow for a two-way exchange of information, the ability to transfer viruses, Trojans and worms onto the corporate network could cause rapid and widespread disruption.
While removable media pose significant security threats, most security managers admit to not actively monitoring or preventing their use. The increased availability and prevalence of removable media represents an avenue for theft that is frequently left unsecured. A recent study of 100 IT managers in the UK noted that:
- Removable media is not controlled: 84% of businesses do not have security policies to prevent employees using removable media on the network.
- Data security is critical: 94% of respondents confirmed that data security is key to the success of their businesses.
- Employees pose security risks: 49% believe employees are taking unnecessary risks with critical corporate data.
- Businesses unsure of data integrity: although businesses rely on data for competitive advantage, 42% have no idea whether removable media has been used for theft.
- Removable media are widely used: 85% of respondents use removable media devices throughout the company, with data being transported home by staff.
An effective overall security architecture will incorporate a combination of technical and procedural elements to provide effective countermeasures to emerging threats posed by removable media. The following should be considered:Policies, Awareness, Encryption and Device hardening
CATEGORIES : 1mobility, 1device control, 1removable media, 1endpoint security,1policies,1best practices,1threats
posted by Dwaine at 11/04/2005
0 Comments:
Post a Comment
<< Home