Many enterprises restrict or even outright ban the use of removable storage devices to help protect the loss of data. Yet those policies can seem unnecessarily prohibitive to employees working in a BYOD world. Because of this, some IT organizations have adopted a “don’t ask, don’t tell” approach to policy enforcement.
It doesn’t have to be that way, however. Lawrence Reusing, general manager for Mobile Security at storage vendor Imation, says enterprises can safely use removable storage media. Reusing oversees the IronKey mobile security portfolio which includes secure USB storage devices.
When it comes to the broad industry number on how removable storage policies are employed, the numbers aren’t encouraging. According to Reusing, approximately 90 percent of organizations have a policy, with perhaps half of them actually enforcing it.
“Organizations need to be much more careful about utilizing portable storage devices that are necessary and are being used by the workforce,” he says.
Removable Storage Best Practices
Reusing has a number of suggestions for enterprises on how to implement best practices for safe removable storage usage.
First, he recommends buying and deploying hardware-encrypted flash storage devices. He also recommends the use of a management system that enables enterprises to control, manage and provision flash storage devices. The platform should also give enterprises the ability to “kill” a device in the field if needed.
“So if an employee is terminated or if you suspect he has put data on the device that shouldn’t be there, you can shut that device down,” Reusing said.
Imation includes an ARM processor as well as a smartcard as part of its secure USB flash drive. The processor has its own operating system that performs encryption operations on the flash drive data. In addition, Imation offers the kind of “remote kill” management capabilities mentioned by Reusing.
When it comes to the safe use of removable media, Reusing stresses that awareness is the key. Removable storage is a trend that is here to stay and there are solutions in the market to help provide proper security.
With proper best practices, there is no need to ban the use of removable USB flash storage media in an organization.
“It’s not the right strategy to try and outlaw USB storage devices, because that doesn’t work,” Reusing says. “It’s a tool that employees will use, and it’s really a question of organizations making an investment to implement secure USB or management systems that can secure the devices that they use.”
Watch the video interview with Lawrence Reusing, Imation’s general manager for Mobile Security, below: