Security vendors blame USB memory keys for some network security breaches

Users are saving data on to devices ranging from CDs to iPods, and IT managers are rarely able to keep track of which files have been saved on to portable storage devices, said Sean Wray, chief technology officer of Andover, Mass.-based MobileSecure. What’s worse, he added, is not only can users lose the devices on buses, trains and in other public places, but they are transferring corporate files on to home computers as a means of backing up their work.

Wray spoke at the Spring Security Solutions Symposium, hosted last month by Simple Technology Inc., a Vaughan, Ont.-based security hardware distributor.

Wray said MobileSecure’s management products give IT administrators information on which external devices are connected to the network and information on files that were written to them — allowing managers to figure out who is copying which files.

Encrypting information that is copied on to USB or floppy drives is not enough to prevent it from being sent in clear to the wrong people, said Predrag Zivic, chief operating office of Scienton Technologies. He said one of his clients recently found out one of its confidential marketing plans — which was encrypted using technology from Entrust — was posted to the Internet. He added they were surprised to be told an employee could copy an Entrust client, take it home and decrypt the document.

“If we use encryption, how do we handle encryption? Can we specify who can access encrypted files? Who can decrypt the information? How do we manage this process? Is there anything we can do to ensure that the information stays inside the network and cannot be sent anywhere else?”

Share on LinkedIn Share with Google+