Block The Security Ban

Branches of the government and some analysts are advising that a host of portable storage devices such as iPods be banned from corporate environments because of the security risk they pose.

Their reason: The possibility of virus transfer and data theft. But their "just say no" solution misses the mark. What's next, ban the floppy drive, laptop and e-mail?

JOHN YACONO Can be reached via e-mail at jyacono@cmp.com.

Most of us carry more competitive and proprietary information in our heads than any USB keychain could ever hold. Solution providers and their customers should concentrate on people, not products, in order to avert perceived security risks. Solution providers can and should train their customers' employees about their overall security policies as well as the auditing and logging routines they've put in place to ensure accountability--and place legal liability squarely on employees' shoulders.

Beyond that, every practical step should be taken to balance access to data with security. If an employee can't get to a database, he or she can't share its data either inadvertently or at will. Encryption policies are also wise, and they should be extended to include portable storage. Perhaps it's also time to introduce digital rights management systems to your larger customers.

Addressing the virus problem presented by storage devices requires more ingenuity. Unfortunately, Windows does not provide the same level of control over USB, FireWire and Bluetooth access as it does for floppies and CD/DVD burners. Access can't simply be turned off at the system policy level. What's more, viruses are attacking cell phones and PDAs, too.

A forceful technique to use is to disable USB and/or FireWire support in the BIOS. That may be fine for a small business, but it's not very scalable unless you use a system management platform to broadcast changes to all of an enterprise's PCs.

Securing the Driver.cab file in the \Driver Cache\i386 directory under the system directory also will prevent the installation of these newer storage devices. This assumes, however, that the drivers aren't already installed. One other option involves third-party software from companies such as SmartLine, San Ramon, Calif. What do you think of the potential ban? Let me know via e-mail at jyacono@cmp.com.