November 27, 2006 4:33 PM PST
Security from A to Z: USB sticks/devices
But as the amount of data they are able to absorb has increased, they have become a very effective tool for covertly making off with files from the corporate network.
The problem here is the combination of growing storage capacity with the fact that devices such as USB (universal serial bus) memory sticks, cameras and Apple Computer iPods look pretty inconspicuous in the hands of an employee. Ninety-nine times out of a 100 there may be nothing to worry about, but if an employee does "go rogue," those devices may be the most effective tool at their disposal.
Similarly, inbound data could also be a problem. Employees transferring files from home on a mobile device may not be aware there is also malicious software on the device they are introducing to the corporate network. Also, files transferred could include those in breach of copyright, such as music files or pirated software, and companies might not fancy facing possible prosecution for the actions of their employees.
As such, many call centers and other offices where sensitive information is accessed, including some government departments, have now taken to banning such devices. Other extreme measures have included companies pouring glue into USB ports to permanently disable them.
A security industry veteran has even created an application that searches corporate networks for files likely to contain business-critical data and downloads them to an iPod at a rate of around 100MB every two minutes--a process dubbed "pod-slurping."
Natasha Lomas reported for Silicon.com in London.