Security vendor Reflex Magnetics has joined the USB disk drive (read: iPod) security risk feeding frenzy with a new survey.
It spoke to 100 UK IT managers and found widespread complacency about the security hazards posed by employees using USB storage drives. Yes, 60 percent of those surveyed across a cross-section of large companies admitted they took no steps to monitor the usage of these devices on their networks, while 84 percent said they had no policies to stop employees using removable media of any type.
Eighty-two percent of those questioned admitted that removable and portable storage represented a threat to their networks, which suggests that the issue is still seen as a lower priority when measured against other security worries.
Analyst Gartner has been sounding off about this far-from-new issue in recent weeks, even making the faintly ludicrous claim that Apple’s iPod music player should be banned by companies wanting to protect themselves against data theft and virus incursion on their networks. This caused a first-rate media frenzy that reached its zenith with the UK military denying that it had banned iPods.
The Reflex Magnetics survey is based on more solid data than Gartner's, even if the company is, as ever, looking to publicise its own product for centrally managing USB and other storage devices, Disknet Pro.
That former employees can now walk out of companies with large amounts of data on a tiny device - drives of 2GB are now on the market - should be of major concern to IT managers, according to Reflex Magnetics managing director Andy Campbell. "It’s always a worry when a sales person moves on. Now they have the capability to take a whole database," he said.
Campbell repeated claims that security-conscious organisations such as the Royal Air Force had banned USB devices from its bases without prior authorisation because of the security implications. The Ministry of Defence's rebuttal - "Certainly it is not the case that the MOD has banned these. We have a flexible management approach in regards to iPods and similar devices that can move data from official systems" - was in the very best tradition of MoD non-denial denials.