Workers in the state of Washington's Division of Child Support are to get state-owned USB flash drives as part of a move to eliminate the use of unsanctioned thumb drives.
External flash drives used by field workers hold the names, dates of birth and Social Security numbers of children served by the agency. They may also hold client tax documents, employer records, criminal histories and passport data.
The state began rolling out 200 SanDisk Cruzer drives late last year after recalling suspect devices used by workers in the agency's 10 field offices. Most of those had been purchased independently by employees, causing myriad problems for the agency, said Brian Main, the division's data security officer.
We do periodic risk analysis of our systems, and one of the things that came up is the use of thumb drives; they were everywhere, said Main. We had a hard time telling which were privately owned and which were owned by the state.
The Cruzer Enterprise drives provide 256-bit AES encryption and are password-protected, Main noted.
The agency also plans to use SanDisk's Central Management and Control software in its Olympia headquarters. The Web-based management software can centrally monitor and configure the miniature storage devices and prevent unauthorised access to them.
Larry Ponemon, chairman of research firm the Ponemon Institute, said that most organisations were too enamoured of the convenience, portability and low cost of USB flash drives to consider security issues.
"I think a lot of organisations are asleep at the switch. They don't see this as a huge problem. It obviously has the potential to be the mother of all data-protection issues," Ponemon said.
Main said the agency first looked at Verbatim's thumb drives but ultimately chose the SanDisk technology because of its support for Vista.
Workers in the agency's training operations are getting 4GB devices to store large presentations and screenshots, while enforcement personnel will get 1GB drives, Main said.