The Ministry of Defence recently banned the pocket sized Apple iPods from certain areas of their network because of the threat of security breaches. Their radical reaction follows a report from IT industry analysts Gartner who have warned about the dangers of portable devices for some time. However, their latest report, adds the following to its list of risks; disc-based MP3 players such as Apple’s iPod, digital cameras with smart media cards, memory sticks, compact flash and other memory media including USB keys.
A lot of media coverage has singled out the iPod but in reality all external media devices pose the same risk. Milton Computers’ Marketing Manager Alex Nutt comments ‘The Apple iPod is an iconic piece of personal technology. It has gained massive popularity because it is a light, sleek device that is desirable and trendy. It has its uses in a corporate environment but there are much smaller USB data keys with greater capacity and faster download speeds.’
The threat to network security is inbound because these external hard drives can bypass perimeter defences like firewalls and antivirus at the mailserver. The network is then exposed to virus infection, Trojan horses and malware. Data security is compromised because the devices can download data faster than writing to CDs. Some USB devices are so small they fit into a shirt pocket and can’t be detected at security checkpoints, short of doing a full body search.
Gartner’s Ruggero Contu comments "Businesses are increasingly putting themselves at risk by allowing the unauthorised and uncontrolled use of portable storage devices. Companies should forbid the use of uncontrolled, privately owned devices with corporate PCs.’
Check-Tek’s Managing Director Evan James is puzzled by the MOD’s approach and says ‘Surely, the MOD’s security needs are in the league of their own because of the threat of espionage. If a member of staff needed to download high-volume data you would buy them something like a 250 GB hard drive for £170 as opposed to an iPod which has one sixth the capacity and costs more.’
Perhaps the question should be ‘Is the iPod authorised company property or personal property?’ Alex adds ’If the device serves no useful corporate purpose, why is it on the premises? Are people using the company’s bandwidth to download music from the internet while they are at their desk? If its done in company time then productivity suffers which is an HR issue.’
Both Evan and Alex agree that it is not the devices that are the problem but holes in network security. Evan continues ‘A few years ago the security issue was software. Company policy was to lock down the desktop only giving you access to software n for your job. Floppy discs were seen as the enemy because they transferred viruses from home computers with lower security standards than corporate networks.’
Software is available that locks out all external USB devices. Evan says ‘You can also disable the Windows Operating System so any device plugged in is not recognised or granted access. An administrator can authorise access on a case-by-case basis. One option we recommend is to have a single PC where anyone with a legitimate need can plug in a device and download what they need off the system, but their access is monitored.’
If companies are not confident about the trustworthiness of their staff, again this is a Human Resource issue rather than an IT issue. With network security – you cannot steal what you do not have access to and companies need to tackle the issue of disgruntled employees at source rather than blaming IT security.
‘You are more likely to get Malware entering a network from people using laptops and downloading stuff off the internet indiscriminately. Evan says ‘The cost to the business is not just the individual’s lost productivity but the IT departments’ time fixing the problem. You need the right level of security for your company; not so tight that it stops people from doing their everyday job, but not so flexible that all and sundry have access to sensitive data.’
Word count 688
|
