Remember 360K floppies? I performed a security audit on a company in the mid ’90s. I cheated, but it’s all about asymmetry, so I figured cheating was fair. The bad guys cheat and I was looking to emulate them, not make my clients feel good about themselves.
Instead of going to the client meeting I was to attend, I walked around their facility. When I left the building the guards stopped to search my laptop case. Good security. Back in the parking lot I called into the meeting, declaring, “You failed.” The guard questioned why I was returning after just a few minutes and I assured him he would find out soon enough.
Upon receiving icy glares from my clients, I silently dumped a slew of floppies on the conference table. Then I explained that for a high security company they should really do a much better job of letting sensitive government information leave the building. Especially because I was searched and the guard had told me that they were looking for stolen calculators. “Lots of those are going missing,” he explained.
My client went almost numb over the 10MB of 5.25 inch floppies I had rescued from the desks of their secure installation. Their procedures changed — or so they told me.
What a difference a decade can make.
We now cling to our USB thumb drives — or as I have always called them — dip sticks (or something more colorful from time to time.) Four gigabytes of storage in a one-ounce device that easily defies a cursory security scan or can be hidden in the most obscene places. What can an enterprise lose if 4GB of data gets out? Four million personnel records? Gobs of drawing and patents? You do the math. But that’s nothing.
Blu-Ray disc technology is actively over the horizon with a storage capacity of 50GB of data. A piddling amount in the grand scheme of what you have to face in the near future of portable media storage.
The mother-of-all storage technologies — holographic — is ready for prime time; 1.6TB is a dip stick load of data and is a huge threat to corporate data & privacy. The technology is cool, though, as most security-impacting technologies are.
Conventional magnetic storage technology arranges miniscule magnetic domains on the surface of a disk or tape or other physical media. There are limitations due to physical manufacturing, surface area, fringe effect and all sorts of other well-known engineering bits. The latest advance was vertical magnetic recording, which was a significant step forward.
CDs and DVDs use lasers but also etch into the surface of a physical device. Nice intermediate storage capacity. Holographic storage, though, stores data inside of the newly developed light sensitive media. Two laser beams intersect and record data at light wavelengths like DVDs at 1Gbps. They record the data throughout the inside of the media (not just the surface) and at different angles, both of which dramatically increases the storage capacity. The 130mm (5.25 inch) disks have an estimated capacity of 100 TB; that’s 100,000 GB for the prefix-challenged.
Gone are the days of 60-pound satchels of tapes, replaced with a pocket full of keys to the kingdom. So what does the security-aware and concerned company do?
Decide to do something about portable data storage now rather than later.
Let your auditors and risk management staff know that 4GB dip sticks are here, and 1.6TB gel disks are around the corner.
If one doesn’t exist, get proactive about adding a portable media policy to your existing security policies. Should anything from the company ever be on a portable media device? Should you mandate biometric ID on them all? Should they be allowed on the road?
Train the guards and security staff to recognize portable media devices and the danger they represent to corporate security and privacy.
Develop port controls for your desktop machines to prevent unauthorized use of USB ports, portable media devices and other sources of giga-to-tera-sized data leaks.
Train your staff about portable media storage: the pros and the cons and the policies.
The most important action you can take is to not ignore the reality of progress and that your enterprise will face the future and its technology square on — whether you are ready or not.
Portable media devices are a mission critical component of your enterprise security efforts. They already represent a significant risk at the 1GB to 4GB level. You need to get a strong grip on this before the problem gets 1,000 times worse. And it will, as the 100TB version hits Best Buy. Think about that.
