Lockdown
By Simon Bisson & Mary Branscombe in Editorial
Posted in USB, Laptop, Security, Mobile on
If you work for a security company you wouldn’t normally leave your laptop and your BlackBerry with a journalist you’ve only just met when you go to fetch coffee. Feeling comfortable doing that says you’re confident in your security. Susan Callahan of Safend isn’t worried about leaving her laptop on a table, in a security tray, or anywhere. If she loses it, it’s just an inconvenience - not a security breach.
You probably know of Safend as a tool for protecting USB ports. That’s a big part of the security story today. Flash memory sticks are everywhere - they’re the new floppy disk that can carry all your information. Walking around the various memory companies at CES we found all shapes and sizes of memory stick, all united by being something that easily fits in a pocket. 1GB devices cost almost nothing, and the latest generation give you up to 64GB of storage. You’ll even find them built into Swiss Army knives.
64GB? That’s more than many laptop hard disks. It’s also more than 13 DVDs-worth of data.
With that amount of low cost storage available to all and sundry, it’s not surprising that businesses are seeing flash drives as a security risk. Two CD-ROMs worth of tax data caused one of the biggest data losses in the UK, so it’s easy to imagine just how much damage a tiny memory stick can do.
So how do you protect your data, when it can easily move onto a keyring?
We spent some time on a hot January afternoon at a Silicon Valley Starbucks with Susan, talking about how businesses can use endpoint security tools to protect their data. Securing USB sticks is just part of their story, as the Safend software lets you control exactly how you can use USB ports. You can set up policies for approved devices, and provide different levels of access for different classes of users. There are also rules for controlling just how DVD and CD writers can work, as well as tools for handling hard disk encryption.
That means that the CEO may get full access, while sales teams will only be able to read data sent to them by clients. Other teams might only be able to share data using encrypted memory sticks that are automatically encrypted as soon as they’re connected to a PC. Managing the rules is easy enough, with a central console and a single policy server that can handle up to 10,000 client devices. You can even set up geographic rules, to handle the differences between EU and US privacy requirements, or provide rules that work on specific file content or sizes. There’s even the option to set up rules based on content – so you could have rules that would allow staff to copy any document that doesn’t contain credit card numbers or any other identity information.
Data loss isn’t just about the network, and the Safend tools also help handle disk encryption (which is why the ThinkPad was safe on the cafe table). Lose a protected laptop and anyone who “acquires” it won’t be able to read the files – let alone copy them onto a CD or a flash disk.
There’s enough regulation out there to make device protection as important as your firewalls – so have you locked down your laptops yet?
–Simon (in Silicon Valley)
Not yet rated
Loading ...Comment by - January 23, 2009 on 9:22 am
Working in IT security, I’d be happy leaving my laptop or USB key (a ironkey) anywhere - safe in knowledge both the disk and USB key are encrypted - and that it self-destructs after only 5 bad password attempts. I am quite surprised some organisations havn’t caught onto the fact such defense is now quite easy (and not too expensive in bulk). I think DLP as described here is good - and better than nothing, but not the holy grail.
A proper DLP solution in my optinion needs to know what is being written to the USB media and thus be able to make sensible decisions in my opinion (ie allow everyone to write a personal photo, but not allow a corporate confidential document to be written to a unauthorised or unencrypted device. The dangers of a solution as described are that once someone needs “to write” a USB stick that policy will never be reversed, and thus you still have the accidental loss.
Security is this case in my opinion is not to stop bad people doing bad things - but to stop normal users doing stupid things unwittingly.
Trackback by - February 9, 2012 on 3:37 am
greenpeace australia campaigns…
[…]various points where Judge Rodgers may have failed to exercise […]…
Trackback by - February 9, 2012 on 8:33 am
will smith and jada pinkett…
[…]the next news from the courts is now expected in the […]…
Make a comment
Tag cloud
Archives
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
Most commented posts
- Java's SSVAGENT.EXE: training the monkey
128 comments
- When Windows 7 upgrades won’t hibernate (the solution)
- Do you need IPv6 for DirectAccess? Yes and No
- Chrome OS: what happens when "always connected", isn't?
- The ColdFusion Renaissance
- Make Adobe Acrobat Pro deactivate
- Is there a showstopper bug in Windows 7 CHKDSK?
- There’s a reason smartphones are locked down
- At sixes and Windows 7s
- The LHC isn
Highest Rated Blog Posts
- Songs of distant satellites (100%)
- Nobody knows what Web 2.0 really is (100%)
- Log in and lock in (100%)
- Top tips for speeding up Vista (100%)
- Mommy, why is there a home server in the office? (100%)
- Employees are our most valuable asset (snigger) (100%)
- Locking down IT or blocking creativity (100%)
- Consumer BlackBerrys are good for business (100%)
- HD Trek (100%)
- Join the (beta) community (100%)
