- Secure USB drive
USB Flash Drive products have been on the market since 2000, and are increasing in use exponentiallyFact|date=October 2008. As both consumers and businesses have an increased demand for these drives, so manufactures are producing faster devices with greater storage levels.An increased number of portable devices are used in business, such as
laptops ,notebooks , universal serial bus (USB ) flash drives,personal digital assistants (PDAs), advanced mobile phones and other mobile devices. Companies in particular are at risk when sensitive data stored is stored on unsecuredUSB flash drive s by employees using them to traveling with data and take work home. The consequences of losing drives loaded with such information can be significant, and include the loss of customer data, financial information, business plans, reputation and confidential information.Major dangers for USB drives
The uncontrolled use of USB drives is a major danger since it represents a significant threat to information confidentiality.
Therefore the following should be taken into consideration for securing USB drives assets:
* Storage: USB flash drives are usually put in bags, backpacks, laptop cases, jackets, trouser pockets or are left on unattended workstations.
* Usage: corporate data are stored on personal non-secure drives and move constantly. As USB drives gain wider acceptance among IT departments in organizations, the likelihood of security breaches and data loss increases. Many enterprises have strict management policies toward USB drives, and some companies ban them outright to minimize risk.The average cost per breach ranges from less than USD 100 000 to about USD 2.5 millionFact|date=September 2008.
According to a surveyFact|date=October 2008, corporate end users most frequently copy:
# customer data (25 %),
# financial information (17 %),
# business plans (15 %),
# employee data (13 %),
# marketing plans (13 %),
# intellectual property (6 %) and
# source code (6 %)to USB drives. Examples of security breaches as a result of using USB drives include:
* In the UK:
** a laptop with data of some 2000 people with individual savings accounts (ISA ) was stolen from a HM Revenue & Customs employee
** HM Revenue & Customs lost personal details of 6500 private pension holders
** nineNHS trusts lost patient records kept on disk; details of 1 500 students were lost in the post
* details of three million British learner drivers were lost in the United States a USB drive was stolen with names, grades and social security numbers of 6 500 former students
* USB flash drives with US Army classified military information were up for sale at a bazaar outside Bagram, Afghanistan. [ [http://www.veteransforcommonsense.org/ArticleID/7120 ‘Afghan market sells US military flash drives’] , Paul Watson, Los Angeles Times, 18 April 2006]olutions
oftware
Software solutions such as
FreeOTFE andTrueCrypt allow the contents of a USB drive to be encrypted automatically. This software can be carried on the same USB drive, and run without having to install it on a host computer.Such software solutions may be used with "any" USB drive - turning cheap, commonly available USB drives into secure storage systems.
Other software solutions may help minimize risk by allowing corporations to record the interactions between the drive and the PC or server and record them in a centralized database.
Hardware
Some USB drives offer embedded hardware encryption, although these do cost significantly more. Chips within the USB drive carry out automatic encryption
Hardware systems may offer additional features, such as the ability to automatically reformat the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system, as the encrypted data can simply be backed up before trying multiple passwords - then restoring it if the wrong password is attempted, resetting the device to the same position it was in before attacking it.
Retailers of secure USB drives include:
SanDisk (through its Enterprise division),Kingston Technology ,Lexar Management
In an enterprise environment, in which most secure USB drives will be usedFact|date=October 2008, a central management system provides IT organizations with the level of control they require for a corporate IT assetFact|date=October 2008. This includes password administration mechanisms, backup utilities, audit trailing and strong reporting tools. Many of the controls a management system can provide support organizations in their regulatory compliance efforts.
References
ee also
* Health Insurance Portability and Accountability Act - encryption is needed in order to move confidential data
External links
* [http://www.enisa.europa.eu/doc/pdf/publications/Secure%20USB%20drives_180608.pdf 'A users’ guide: how to raise information security awareness'] , ENISA, June 2006.
* [http://www.sandisk.com/Corporate/PressRoom/PressReleases/PressRelease.aspx?ID=4179 'SanDisk Survey Shows Organizations at Risk from Unsecured Usb Flash Drives; Usage is More than Double Corporate IT Expectations'] , SanDisk, April 2008.
* [http://www.ssddfj.org/papers/SSDDFJ_V1_1_Bem_Huebner.pdf ‘Analysis of USB flash drives in a virtual environment’] , Derek Bem and Ewa Huebner, Small Scale Digital Device Forensics Journal, Vol. 1, No 1, June 2007.
* [http://www.infosectoday.com/Articles/Plugging_the_Leaks.htm 'Plugging the Leaks: Best Practices for Securing Data in Endpoints'] , Dror Todress, Information Systems Security
* [http://attrition.org/dataloss/2008/05/pfizer01.html ‘Another laptop stolen from Pfizer, employee information compromised’] , Lee Howard, 12 May 2008,
* [http://fedtechmagazine.com/article.asp?item_id=352 ‘Closed doors policy’] , Daniel Tynan, FedTech Magazine, August 2007
* [http://www.vnunet.com/vnunet/news/2203540/security-breaches-everyday ‘Data breaches are “everyday incidents”’] , Matt Chapman, vnunet.com, 15 Nov 2007
* [http://www.infoworld.com/article/08/03/06/10NF-data-loss-prevention-problem_1.html ‘Data-leak security proves to be too hard to use’] , Infoworld.com* Dataquest insight: USB flash drive market trends, worldwide, 2001–2010, Joseph Unsworth, Gartner, 20 November 2006.
* Determine the appropriate level of ITAM controls for mobile assets, Jack Heine, Gartner, November 15 2005.
* ‘Disc listing foreign criminals lost for year’, The Times, 20 February 2008.
* [http://www.crn.com.au/News/79936,data-leaks-emerge-as-worst-security-threat.aspx Data leaks emerge as worst security threat]
Wikimedia Foundation. 2010.
