When Data Goes Missing Will You Even Know? 327
Lam1969 writes "Jack Gold says IT shops may have a huge problem on their hands, and probably don't know even know about it. The problem is USB flash drives, which he predicts will probably reach 10 GB in capacity in three years, and the lack of policies to guide use of them by employees. From the article: 'With more and more employees using flash drives, smart phones with Secure Digital memory cards, portable hard drives, etc., the likelihood of companies actually knowing about all instances of data loss is declining rapidly. And as a result, the possibility of companies breaking laws, whether for data-loss disclosure or regulatory compliance, is growing dramatically.' Gold predicts 'at least one publicized major case of unencrypted data loss from a portable device' in the next year, which will result in many companies banning these kinds of devices."
data has walked out the door before. (Score:5, Insightful)
From the slashdot post:
While there is truth to this, it is not a new truth and it is not the complete truth. It's one more mechanism for "losing" data but it's not the first and it won't be the last.It's an effective mechanism for moving large volumes of data, but it's not the only mechanism.
Corporate espionage and theft has and will continue to exist. USB drives are just one more aspect. While there may be some "exposure" and scandal soon about some USB drive falling into the wrong hands I doubt it will surpass any of the recent scandals (lost tapes and customer data).
Unfortunately, I'm guessing the article is correct in its prediction: "It is highly likely that within the next year, we will see at least one publicized major case of unencrypted data loss from a portable device. Afterward, a lot of companies will ban such devices". That would be a knee jerk reaction and counter productive but I'm already seeing it on so many other levels, e.g.,
among many others. I still think the greatest exposures are social engineering... and the paranoia around security policies don't address that. Sigh
(And, besides, isn't the RIAA is working on a solution to apply DRM to USB drives too? ) ;-)
Re:data has walked out the door before. (Score:3, Interesting)
Re:data has walked out the door before. (Score:2, Funny)
Re:data has walked out the door before. (Score:3, Insightful)
You religiously put all your sensitive docs into the to-be-shredded container instead of the usual recycle bin (but people will still inadvertently put critical info in the regular recycle bins from time to time)?
We already hear about it (Score:5, Informative)
Will it be more prevalent? Maybe. But it already happens. Now, the question is, is there a program that can encrypt/decrypt an entire (relatively) small drive with some sort of key system or something? I think that will be the most logical step to protect small drives like these.
Re:We already hear about it (Score:5, Insightful)
-nB
Re:We already hear about it (Score:4, Insightful)
Re:data has walked out the door before. (Score:5, Informative)
No need for "afterward". Most companies that are extremely interested in protecting data (such as a large
It doesn't take a smart company to figure out that you don't want Billing.mdb on a floppy. USB is really no different.
Columnists Rehashing Old Scaremongering (Score:5, Insightful)
- Briefcases get lost all the time, and briefcases have been large enough to contain sensitive information for decades now. Keychains also get lost on occasion, and especially for small businesses that's often enough to get in the building at night or steal a company truck.
- Yellow Sticky Notes with your IP address and VPN password fit in your pocket just fine, and DSL means that people can suck up your data even faster than when we used to use Yellow Sticky Notes to carry modem phone numbers and dialup passwords.
- Documents that are actually important are usually 1-100 pages long. You can store them on mashed-up dead trees if you avoid spilling coffee on them. Them newfangled USB thingies hold a lot of data, but back when we carried 3.5" floppy disks 20 miles through the snow uphill both ways , Microsoft Office wasn't as bloated, so a zipfile of The Secret Plans still usually fit in your pocket. That's not the same as carrying out the whole blueprints for your next chip in your pocket, but mini-CDs do pretty well - they're certainly enough to carry the HR personnel database home.
- DVDs and CDROMs fit pretty neatly into briefcases, and most newer PCs have at least a CD burner, so you can still carry the chip blueprints home.
- Laptops are easy to carry, and go missing all the time. The San Francisco Police aren't very good at recovering them even when they've got them in their evidence room and the thief in custody; your mileage may vary
:-) And unlike keyrings and regular briefcases, laptops have obvious resale value so they're more attractive to thieves.
- RM-05 removable disk packs are a bit big to fit in your briefcase, but magtapes fit just fine, and before magtapes we had ASR-33 paper-tape, which works just fine for carrying the Numerical Control tape that tells the milling machine how to cut your submarine-propeller plans.
- Mainframes with Greenscreen 3270s are much less portable, but back when I worked for The Big Phone Company they were worried about people carrying computer printouts home, and they checked our briefcases on the way out the door of buildings that handled sensitive information.
But yes, within the next couple of years, somebody's going to have a USB keyring/wristwatch/Walkperson/iPod/Pseudopod/someRe:NSA policy (Score:3, Informative)
Re:Obligatory Re:data has walked out the door befo (Score:3, Interesting)
Well, the whole topic is. "People can steal data with USB drives!" News? Ten years ago I was stealing data with floppies. Copied a whole mailing list. (Didn't use the parts I wasn't supposed to, it just simplified things to have the whole thing.) Most "secret" data is basically text, you can fit hundreds of pages onto a floppy.
Anyway, it's impossible to prevent people bringing in floppies, let alone USB dongles. If it bothers you, just open the cases a
Wow! (Score:2, Insightful)
Re:It's not the theft they're worried about (Score:5, Insightful)
It isn't the theft of data that TFA is really concerend about.
The real threat comes from actual LOST data. With portable storage media getting bigger and bigger, more and more data can be put on it. Including massive amounts of spread sheets and even databases. (I worked for one company that insisted on keeping a sensitive database on USB keys, to be sneaker-netted around to whoever needed it).
Top that off with more and more USB keys floating around the office. Sure, right now, not every employee has one. Or, at best, every employee has just one. But it is becoming more and more prevellant to have "unowned" keys. In other words, a company buys a crapload, and people just grab whichever key is available at the moment to use.
Soon, people will treat USB keys like they treat floppy disks; there'll be a big pile of them, and employees will just grab one as they need it.
Because of this causal attitude towards USB keys, it'll become near impossible to track all the data. Employee X copies Spread Sheet A onto a key, takes it home to work on it, brings it back, and tosses the key back in the pile. You now have an unaccounted for instance of that data. Each time an employee does that, you have more and more instances of data that are unaccounted for.
There's no guarentee that the employee will blank out the key. There's no way of tracking which data is on which key. So an employee might check out a key that has data on it that isn't theirs. There might be hundred of files on the key. Who knows. They don't. They won't care, either. They'll just copy thier files over, work on them, copy them back.
So, each key has tons of data on it. If someone were to ask the CFO "Show me all copies of Sensitive Spread Sheet 5", they couldn't.
Now, one employee checks out a key. They treat it just as casually as they would a floppy disk. They lose it somewhere. (Falls out of their pocket, gets left on the bus, etc). Now, a floppy disk might have just a tiny amount of information on it. A few documents. A couple spreadsheets. A USB key could have an entire database! Someone picks it up, and suddenly has the bank information for all the company's employees...
That's the big issue there. Not that employees will sneak data away on USB keys (though that is a concern, too), but that employees will be too casual with large amounts of data and quite literally LOSE it.
Re:It's not the theft they're worried about (Score:2)
As well you could hardwire each employees biometric sig/reader into each key and have a couple boxes made up that only they can use. Let them use them as needed and let them know that each one is
Re:It's not the theft they're worried about (Score:2)
As a policy using the onboard UC you could deny access to any data on request or completely terminate the circuts(james bond stuff) or even just shutdown the interface.
No Software, enhanced accountability, USB comptibility.
Re:It's not the theft they're worried about (Score:2)
Was it their ONLY copy? Because if it was, they were dumber than a ton of bricks, end of story. And it was no fault of the media itself (flash or otherwise), it was human stupid
Re:It's not the theft they're worried about (Score:5, Funny)
Yep. It's in Genesis. Something about a bloody great boat.
What worries me is how far the lesson has been taken. What happens if Him Upstairs has full backups? What if he decides he doesn't like the direction things are going and rolls back to an earlier saved state? How would we ever know if he did?
Re:It's not the theft they're worried about (Score:3, Funny)
Deja vu...
Re:It's not the theft they're worried about (Score:3, Insightful)
I don't see what the big deal is. Huge companies have had really really really important data stolen with no real effect or punishment. I mean things like social security numbers, credit cards, personal information, credit records etc. Do people even remember what happened with choicepoint? Does anybody
That reminds me (Score:2, Funny)
Re:That reminds me (Score:2)
got your rubber goves handy?
Watch the log files! (Score:5, Insightful)
The log files don't lie!
Of course if you can't find them, then it doesn't matter, does it? Does WinXX create a log file of USB insertion - damned if I know!
Re:Watch the log files! (Score:2)
As I am sitting here, I have come up a scheme that might work. 1) Each USB device has a unique key. 2.) Each key has to be registered at a central USB key server. 3.) When a USB device is plugged into a computer, the client machine queries the server to seek for authorization for the USB device to work, if the device is not authorized. 4.) Denied devices trig
Re:Watch the log files! (Score:3, Funny)
My personal hacker (12 years old, immune from prosecution) just duplicated your key-fob's ID. What are you going to do about it?
Check - and Mate!
Re:Watch the log files! (Score:2)
It gets held in a tamper proof SIM card.
The key never actually gets transported nor is it known to anyone outside the USB key and the server.
Re:Watch the log files! (Score:3, Insightful)
That'll work. Just like all the other consumer devices that were marketed as secure -- and were cracked in two days after release. If the key is in the device, it will be known.
Re:Watch the log files! (Score:2)
Might not want to admit that... (Score:5, Insightful)
Wouldn't this be accessing files that you were not granted access to? Isn't this a crime in several US states, and is it really a good idea to admit to it in a column with your picture and name at the top?
Just curious if the 'Good Samaritan' is putting himself at risk (and if it was curiosity or a desire to return the property that was the motivation).
Re:Might not want to admit that... (Score:2)
Re:Might not want to admit that... (Score:2)
Huh? What does that have to do with picking up a stray flash drive and attempting to read the contents? What account are you talking about, and what message banner?
Re:Might not want to admit that... (Score:2)
This is a DoD interest computer system. All DoD interest computer systems and related equipment are intended for the communication, transmission, processing, and storage of official U
Re:Might not want to admit that... (Score:2)
Not at all, which is one of the problems. Besides which, such a banner does not absolve the user from liability for using the computer to commit illegal activities, nor does it make those actions legal.
All it means is that that user should have zero expectation of privacy, that the computer is for business use only (which most companies issue an annual memo about), and that any evidence of illegal activity will be forwarded to la
Re:Might not want to admit that... (Score:2)
He never said 'stray flash' but as long as its connected to a computer that is on MY network that I am administrating it is open game for me to look at.
Re:Might not want to admit that... (Score:2)
dumb approach. (Score:5, Insightful)
Gold predicts 'at least one publicized major case of unencrypted data loss from a portable device' in the next year, which will result in many companies banning these kinds of devices."
Which will solve exactly nothing. What are you going to do, search everyone as they enter and leave the building? If you want to limit data theft, limit access to huge amount of data in the first place. That eliminates the risk to any new technology to get the data offsite.
Re:dumb approach. (Score:3, Insightful)
Re:dumb approach. (Score:2)
What I (and I a
Where I work (Score:2)
Where I work:
They are removing cd drives and floppies from the leased PCs.
No cameras are permitted on site
No cameras in phones permitted.
Users are users, not admins, generally. No access to bios menus.
You can still email small files out, but those are traceable.
Not allowed to use personal email (eg gmail) at work.
They haven't figured out memory sticks yet
Biggest problem I see is the theft of laptops from cars.
Re:dumb approach. (Score:2)
Well I don't know about Dell and I'm not about to go search their website as I already wrecked my uptime by rebooting, checking my BIOS, and seeing that under "integrated peripherals" one can disable USB 1.1 and 2.0
Re:dumb approach. (Score:2)
Re:dumb approach. (Score:2)
(they would need to open the machine or get past the BIOS password and re-enable USB and then they would need to install the windows XP USB drivers or somehow boot an alternative OS (e.g. a Live CD) that would be able to read whatever sensative data they wanted
And this is something that's particularly difficult? You don't have to even have very specialized knowledge to open up a computer, jumper the BIOS reset jumper, and boot a Live CD to get USB support. An interface jockey can do all of that.
What you S
Re:dumb approach. (Score:2)
As for pulling the HD or CDROM, that would mean opening the case (and there are ways to prevent/detect/monitor that, the simplest of which is to use a padlock on the case). Also, someone sitting in a cubicle and opening the case of their machine might arouse suspicions.
As for Laptops, its much easier to prevent employees taking in laptops than it is to prevent employees taking
Lost is the wrong word (Score:2, Insightful)
Re:Lost is the wrong word (Score:2)
Re:Lost is the wrong word (Score:2)
No, it's the right word. (Score:2)
The article's about people having critical and/or sensitive files on their USB drive, and then losing it. As such, the files are lost as well. TFA is not about copying/stolen/pirated files.
Re:Lost is the wrong word (Score:2)
A little epoxy will fix that right up. (Score:5, Interesting)
Re:A little epoxy will fix that right up. (Score:5, Insightful)
As a dev (and with tons of confidential and privlidged info on my computer) I am specifically instructed to take my notebook home every night. It is considered part of our business continuity plan. Not only that but this is a large multinational corp, not a mom and pop shop. That said, the drive is encrypted, and security policies are in place for communication back to the office when I'm away (2048 bit RSA VPN).
What it boils down to is this:
My employer knows that if I want to steal data I can do it. Even if it comes down to hand transcription of one memorized line of code per day. So they trust me and provide me a hardened notebook to do my work on. Even if it is lost the data will not be compromized till it's likely to be useless anyway.
-nB
Re:A little epoxy will fix that right up. (Score:3)
Re:A little epoxy will fix that right up. (Score:4, Interesting)
There is logic in it, if you think about it from a "corporate IT putting out a blanket rule" perspective.
That rule that applies to you also applies to Sharon, a blonde hairdresser by trade who's just taken a second job in the bank to supplement her income.
Sharon has a laptop of her own, and wants to bring it on so she can get on the Internet in her lunch hour - after all, she's not allowed to use company computers for personal web surfing.
Unlike yourself, Sharon's never heard of virus scanning (well, she has, but she was checked by her doctor when she started seeing her new boyfriend, so that's all right). She thinks spyware is the name of the next James Bond film.
Now the bank has a number of business critical systems running Windows. Perhaps unsurprisingly, Auto Update is disabled. This is because, despite Microsoft's best efforts, such updates occasionally break things. Instead, updates are trialled on a test network and then, following a change control procedure, are applied. This procedure takes a while, so at any one time most of the critical Windows systems can be a good few weeks behind on patches. This rises when testing reveals problems, and it rises even further when the system in question was built and maintained by an outside company - their update, assuming they provide one in a reasonable timescale, is subject to the same test requirements and change control as a Microsoft update.
Meanwhile, Sharon's PC, which is swimming in spyware, trojans and viruses, is merrily scanning the network for vulnerabilities.
I don't think I need to spell out the rest...
Re:A little epoxy will fix that right up. (Score:3, Insightful)
Re:A little epoxy will fix that right up. (Score:2)
Re:A little epoxy will fix that right up. (Score:5, Interesting)
And USB, I think, is only 4 wires... if the plug is epoxied, just open the case and hotwire your own outlet.
Somone else already mentioned installing a 2nd harddrive to copy data. And one could also install a $20 USB/Firewire card in one of the PCI slots.
That leaves filling the whole computer with epoxy. Great, you've turned your PC into a commodore 64. I hope you don't have to fix it!
People just have to accept that if a person has physical access to the machine, they can compromise it.
Re:A little epoxy will fix that right up. (Score:4, Informative)
rm -rf /lib/modules/2.6.n/kernel/drivers/usb/storage should do it.
Oh, right. Windows.
Re:A little epoxy will fix that right up. (Score:3, Insightful)
Re:A little epoxy will fix that right up. (Score:2)
That wouldn't worry me. Odds are your disk will probably suffer from the 'click of death' by the time you get home. ;)
A little epoxy will fix that right up forever (Score:3, Insightful)
Seems like physically ruining a device with Epoxy is a lazy way to disable something.
Uh, you can turn off USB drive access in Windows.. (Score:5, Informative)
What the article probably meant to say is that sloppy security practices, combined with increasing personal storage, increases the risk of unknown data loss.
You can lock down a Windows box just fine against casual and accidental leaks if you know what you're doing, and you have a corporate policy to enforce. You can even prevent deliberate attempts at data theft, if you really want to be a hardass.
Re:Uh, you can turn off USB drive access in Window (Score:2)
It's been present ever since Windows 2000 - if a company is worried about data loss via USB drives and the like, it's possible to disable access to USB drives using regular Windows security templates.
Wouldn't it be simpler to deny write access to the source media so that nobody can deprive the owner of the data? Disabling USB would only inhibit copying but what we are talking about here is theft.
Is TFA confused? (Score:2)
No, most of the posters here are confused. (Score:2)
What about laptops? (Score:2, Insightful)
Can't they move huge amounts of data with these things?
What else can you ban? Enforcing policy != banning stuff.
Encryption (Score:3, Interesting)
TrueCrypt [truecrypt.org] works pretty good for these situations and it comes with an open source license [truecrypt.org]. The forums contain a lot of tips and tricks for using the application in odd ball situations.
Not affiliated at all, just a satisfied user.
not just USBs.. (Score:4, Informative)
sneaker net (Score:2)
And in Soviet Russia (Score:3, Funny)
When you go missing, will your data even know?
Re:And in Soviet Russia (Score:3, Funny)
They know when I leave, and they definatly know when I go on vaction. Or when I want to leave early......
auditing (Score:5, Interesting)
Re:auditing (Score:2)
I wasn't endorsing blanket logging. Selective logging is the way to go, but it's not foolproof. The thing is, someone needs to really consider what needs to be logged and log storage for any real security to work. In the mainframe world, some companies even have a person dedicated to this and monitoring the logs.
With the use of a log
Minox Baby!!! (Score:5, Funny)
Security through Stupidity (Score:3, Insightful)
Since 3/4 of you aren't going to RTFA... (Score:4, Informative)
So to clue you all in:
The article is not about people stealing sensitive data from their workplace using their USB drives. The article is about people losing data, because they've lost the USB drive they had it stored on.
Re:Since 3/4 of you aren't going to RTFA... (Score:2)
I don't think the author of the article understands the difference. In all the environments I have worked in people keep their data primarily on servers with regular backups.
Is there another world where important data is kept only on individual USB drives? Maybe, but that's news to me.
U.S. Military Rules. (Score:2)
The U.S. Military has pretty direct rules for dealing with these things, don't bring them. While I would never want to see that enforced everywhere the simple fact of the matter is, that is the only foolproof policy (and even it isn't perfect). Unless companies are willing to be draconian, and can find people who'll a) put up with that and b) obey, then they will lose some data.
While I fully expect some companies to try it I expect that some of them (the smaller, nimbler more sensible ones)
Re:U.S. Military Rules. (Score:2)
The real issue leading to confused reporters (Score:4, Interesting)
It all boils down to "Do you trust your employees"?
There are businesses that do, and there are those that don't.
Those that do work on the assumption an employee will not do anything to harm the business intentionally - take a file he is exposed to during work and transfer it somewhere outside the organization.
Hence, it will not take all measures required to prevent him from doing so.
A business that does worry about such things will - What you carry will be checked at the door. Your PC will be locked (the case, physically locked). No Floppy, CD-R, USB, no means to connect media you bring from home. Internet access will be so restricted you wouldn't even be able to encapsulate an SSH tunnel over DNS packets you kindly ask your DNS server/proxy to send for you. And so forth.
Pointing at a business where everyone has web access and a dell sitting on his desk with 2 USB ports looking at him and saying "Hey, this guy can copy a confidential word document on the USB key" is hardly news, doesn't bother anyone in the first type of organization, and usually a non-issue in the second (which would have taken excessive measures to prevent exactly this kind of thing).
Nothing to see here, move along.
Re:The real issue leading to confused reporters (Score:3, Insightful)
[
[It all boils down to "Do you trust your employees"?
[
[There are businesses that do, and there are those that don't.
And then there are the smarter ones that recognize reality - that regardless of how much trust one gives, statistically speaking, someone will abuse that trust and walk off with data. The smarter businesses put appropriate mechanisms in place that both recognize and attempt appropriately minimize the o
Good idea. (Score:2, Funny)
keywords: P2P music napster free music
Devices (Score:3, Insightful)
Also, the network is everything, there are not so much totally isolated computers with critical data, and most networks have some or several points of touch with internet, encripted traffic and then hard to trace what is happening with the information.
Ban cell phones, too? That would be cool. (Score:2, Funny)
Would anybody beleive me if I made the case that status meetings and rambling, pointless telecons with 3rd parties are risky security leaks too?
Heh... (Score:2)
Data loss (no backup) or data theft (stolen disk)? (Score:3, Informative)
For the first problem (Data loss due to lost or corrupted disks), which seems to occupy the majority of the article, the solution is easy. Back up your data from your portable storage as soon as you can easily access the mainframe. How long does a differential/incremental backup take? 10 seconds? 2 minutes? A piece of data existing in the portable disk, the mainframe, and the backup tapes, is much harder to be lost.
For the second problem (Data theft due to lost disks), encryption works well. To discourage data theft due to lost disks, a simple, easy-to-use on-the-fly encryption on the portable storage device can help tremendously. The solution has to be simple because if it is a few mouse clicks too many, employees will try to circumvent the hassle.
Details (Score:2)
So the issue is about data theft. (Score:2)
The amount of critical data in a company is often very limited and can be kept under control. If more energy is put into research and less into legal battles any data loss will soon be rendered useless.
Of course - this does not apply to all data.
Movie and music copying is a more direct impact where the data is the product. However - it all comes down to the is
Too late! (Score:2, Insightful)
The Dutch 'Secret' Service (AIVD) recenlty lost a memorystick containing 'secret' documents:
in Dutch: http://www.webwereld.nl/articles/39418 [webwereld.nl]
from an Italian newspaper: ( http://www.intesatrade.it/IntesaTrade/News/Dettagl ioNotizieOggi/1,3243,2@1332658,00.html [intesatrade.it] )
We've discussed this (Score:2)
Non-story (Score:2)
Company Data: theft , copy or backup? (Score:3, Insightful)
Not to mention the vast usage of laptops, especially among ICT workers.
Removable media with high capacity is only the "latest" technology to do this.
In the past we have used printers, floppy disks, email and web disks in order to bring data and documents home (or wherever else).
You can lock floppy drives, USB ports, bluetooth features and so on. You can filter web accesses and other publishing media and protocols.
But what about email and printers?
Are you really planning to make work harder and slower?
And I'm pretty sure that in some cases, especially in small companies, the private copy saved the day in more than one case!
What about my own data? (Score:2)
If I had a job where they banned me from carrying my own backups around I'd have to resign, because I'm not about to leave them in my car and I'm not going to open a safety deposit box for daily switchover visits.
Surely it's up to the company to manage their hardware so that employees can't simply copy data to remov
Douglas Adams talked about this (Score:3, Funny)
It couldn't find the look-up table.
Odd.
It looked again. All it got was an error message. It tried to look up the error message in its error message look-up table and couldn't find that either. It allowed a couple of nanoseconds to go by while it went through all this again. Then it woke up its sector function supervisor.
The sector function supervisor hit immediate problems. It called its supervising agent which hit problems too. Within a few millionths of a second virtual circuits that had lain dormant, some for years, some for centuries, were flaring into life throughout the ship. Something, somewhere, had gone terribly wrong, but none of the supervising programs could tell what it was. At every level, vital instructions were missing, and the instructions about what to do in the event of discovering that vital instructions were missing, were also missing.
To executives, concerned about this: guess what? (Score:5, Interesting)
Guess what the company can do about it? It can stop treating the employees as shit. Especially stop pretending that the company is some amorphous entity that makes its owners/shareholders entitled to profit, and can impose idiotic demands and shitty conditions and pitiful pay on everyone else in it. Employees do their work, this is why they have access to company's things. Nothing, ever, happened in a company without some employees making it happen, so if any of you wonder, why people can destroy your precious company, keep it in minds -- THIS IS BECAUSE THOSE PEOPLE ARE THE COMPANY.
There is nothing wrong with avoiding overbroad access where it isn't necessary for things to work, however there is no way to make any company "secure" from the very people whose only responsibility is to keep things running. Don't piss them off, and remember that you didn't become Presidents, CEOs and VPs by understanding how to operate anything that makes your company what it is. Every time you eat your lunch, think how many people you have abused today, and what will happen if any of them will press a few buttons.
He's mixing two different things (Score:3, Insightful)
The first one is data being compromised. There's a clear example when the author found a USB drive in an airport. (He could read it without problems). The second one is data loss, also mentioned. The author mixes both concepts when he compares the loss of a USB drive (assuming it's not backed up) with the loss of records by a big company (that would probably be compromise).
Even though they look like the same problem (if I put all my important data in a standard USB drive, if I lose it the data gets lost and compromised at the same time), they're not. These risks are mitigated with different methods. When you start taking steps against either data loss or compromise, it is shown that the author's definition of "data loss" is not that clear.
Imagine I had all my important data on a USB drive, encrypted (but without backups). If I lost said drive, I would be left without some important data, but it would have not been compromised.
The opposite would have happened if I had backups, but no encryption.
If both encryption and backups were available, if would be (under most circumstances) a non-issue (except for the loss of a USD 20 drive).
All of that assuming the drive owner is honest, and not using it to smuggle data out of a secured area.
The author seems to treat data as a physical object, which is not.
So, disable the USB port (Score:4, Interesting)
* Disconnected the USB ports and,
* Disabled them in the OS and,
* Removed the USB flash device
* Padlocked the case shut.
It takes a few moments per machine and should be part of the standard build for any business that cares about their data.
Re:So, disable the USB port (Score:3, Insightful)
How are you to use your USB printer?
Or:
Your USB keyboard and mouse?
PS/2 and parallel ports seem to be disappearing in a hurry. Your supposed fix for the USB key problem is, well, somewhat flawed if it makes the whole rest of the workstation unusable at the same time...
Thin Clients (Score:3, Insightful)
Sun has been pushing thin clients for years and some of their major selling points have been security both from the data sensitive aspect and security from the user-can't-break-it aspect.
Espionage? (Score:2)
I'm s
Re:Espionage? (Score:2)
While your NDA regarding an online pet food store promoted by a sock puppet may be worth littl
Re:It'll be okay... (Score:2)
Personally I'd rather know that it's been used and let the experts go looking for it :)
Re:DRM is the solution (Score:2)
TFA is talking about the potential for loss given loss of a USB drive (thumb or whatever) that might or might not have been authorized to copy the original info. If authorized then chances are that DRM might have saved the info from exposure. If not (and today this is the most likely scenario) then whatever is on the USB drive is now public info.
DRM is not yet widely used or even liked. And none of my customers use it for anything (and some are publisher