Removable media is one of the things that makes personal computers useful and has been with us in many forms since the advent of the personal computers – these days we have moved on from tape based systems and floppy disks to high capacity USB memory sticks. The downside to this is that as the capacity of removable media increases so do the risks; it is possible to lose more information as the result of a single security incident.
Many of the recent data leaks in the public sector have been as a result of problems with removable media – from the well publicized case of child benefit records in the UK being sent unencrypted on CDs through an insecure mail service to any number of cases where USB memory sticks have been lost.
The trouble with removable media is that is so convenient – how many times have you used a USB memory stick to transport information without thinking about how that information is protected or the consequences of losing that information. A particular issue with USB memory sticks is that they are quite small, while this does make them convenient it also makes them very easy to lose.
There are two issues – one is user training about appropriate use of removable media –simply there is some information that is so confidential that it should never be stored on removable media. This should also be backed up with an enforcement and auditing system.
The second issue is mitigating the effect of losing removable media – this is really the domain of encryption products, if the data is encrypted then the usefulness of the removable media to anybody who does not have the encryption keys is seriously limited.
No comments:
Post a Comment