Small Devices, Big Risks

Portable, handheld storage devices like USB memory sticks and iPods pose a greater security risk internally to many businesses that focus primarily on halting external threats.

Centennial Software, a developer of IT asset discovery and security management solutions, said it is addressing one of the biggest, and possibly most overlooked, security threats facing organizations &#151 the unauthorized use of removable media by anyone with access to PCs on the network.

The Portland, Ore.-based company today announced the availability of DeviceWall 3.0, a new security solution that focuses on halting those increasing threats.

“It has never been easier to walk out with your corporate data these days,” Matt Fisher, vice president of marketing at Centennial, said. “They don’t need a backpack full of files or even a plug-in hard drive &#151 a tiny 2GB thumb drive can do severe long-term damage to a company’s operations and reputation.”

According to Fisher, the latest version of DeviceWall offers permission control and greater flexibility for managing the growing use of USB sticks, iPods, PDAs, Smartphones, CDs burners and other devices.

The solution also lets you lock down Bluetooth, Infrared and Wi-Fi wireless connections, preventing the transfer of information between corporate PCs and unauthorized devices, he said.

These small devices pose big risks to businesses as they can be used to deliberately or inadvertently remove sensitive data from the corporate network, introduce malicious code or transfer inappropriate content.

According to Fisher, research indicates 80 percent of IT related crimes originate from within a company’s network, while most businesses have been focused on external threats.

Mike Heffernan, computer operations manager at Los Angeles Yellow Cab Co-op, agrees, noting security is his organization’s top priority.

“Like many others, we have spent much time and many resources securing our assets from the ‘glamorous’ vulnerabilities: viruses, spam, malware, intrusions,” he said in a statement. “Whether it’s as serious as preventing data theft or as basic as blocking introduction of unwanted files or malware onto the network, we needed to be able to prevent access by certain types of devices.”

DeviceWall can be controlled by both user and device class, which let authorized users continue unhindered and minimize the impact on business productivity.

“Today, it is extremely easy to suck critical data from a production network and walk out with it on a device the size of a pack of gum,” Heffernan said.
“Yet it is equally unproductive to deny people the resources they need to do their jobs effectively.”

Adapted from Internetnews.com.