So the security officer hates USB flash drives - and who can blame them – but can’t face the hassle and pained expressions aimed in the IT department’s direction of having them banned. What to do?
When these drives first appeared they were a storage-only proposition. Then some bright sparks put encryption on as an added extra (the hash keys for which some people promptly forgot), and finally more corporate-savvy drives have been appearing that can be managed by the all-powerful IT department.
There’s still a problem. You hand out secure USB drives but how do you know people aren’t still using their own insecure ones in parallel with the official ones? You don’t.
That hasn’t stopped one US-based organisation from taking the interesting step of handing out new and managed flash drives without actually appearing to ban the old ones. The official SanDisk units will be tracked via a central server and secured using encryption on the condition that they are the only drives approved for data transport. The IT department also gets to destroy the old drives at the point they are handed in to be exchanged for the new ones.
How anyone will know that the unofficial drives aren’t being used is a matter of guesswork. But presumably, anyone caught using such a drive would have to have made a deliberate decision to shun the approved one, and would stand out from the crowd by not having taken part in the exchange program.
This is an ingenious way to ban them by the policy back door, even though it won’t stop the determined information thief. It’s a pity more companies don’t adopt this approach, though it’s also possible that some companies simply can’t be bothered to manage yet another device.