Secure USB drive

Secure USB drive

USB Flash Drive products have been on the market since 2000, and are increasing in use exponentiallyFact|date=October 2008. As both consumers and businesses have an increased demand for these drives, so manufactures are producing faster devices with greater storage levels.

An increased number of portable devices are used in business, such as laptops, notebooks, universal serial bus (USB) flash drives, personal digital assistants (PDAs), advanced mobile phones and other mobile devices. Companies in particular are at risk when sensitive data stored is stored on unsecured USB flash drives by employees using them to traveling with data and take work home. The consequences of losing drives loaded with such information can be significant, and include the loss of customer data, financial information, business plans, reputation and confidential information.

Major dangers for USB drives

The uncontrolled use of USB drives is a major danger since it represents a significant threat to information confidentiality.

Therefore the following should be taken into consideration for securing USB drives assets:

* Storage: USB flash drives are usually put in bags, backpacks, laptop cases, jackets, trouser pockets or are left on unattended workstations.
* Usage: corporate data are stored on personal non-secure drives and move constantly. As USB drives gain wider acceptance among IT departments in organizations, the likelihood of security breaches and data loss increases. Many enterprises have strict management policies toward USB drives, and some companies ban them outright to minimize risk.

The average cost per breach ranges from less than USD 100 000 to about USD 2.5 millionFact|date=September 2008.

According to a surveyFact|date=October 2008, corporate end users most frequently copy:

# customer data (25 %),
# financial information (17 %),
# business plans (15 %),
# employee data (13 %),
# marketing plans (13 %),
# intellectual property (6 %) and
# source code (6 %)

to USB drives. Examples of security breaches as a result of using USB drives include:

* In the UK:
** a laptop with data of some 2000 people with individual savings accounts (ISA) was stolen from a HM Revenue & Customs employee
** HM Revenue & Customs lost personal details of 6500 private pension holders
** nine NHS trusts lost patient records kept on disk; details of 1 500 students were lost in the post
* details of three million British learner drivers were lost in the United States a USB drive was stolen with names, grades and social security numbers of 6 500 former students
* USB flash drives with US Army classified military information were up for sale at a bazaar outside Bagram, Afghanistan. [ [http://www.veteransforcommonsense.org/ArticleID/7120 ‘Afghan market sells US military flash drives’] , Paul Watson, Los Angeles Times, 18 April 2006]

olutions

oftware

Software solutions such as FreeOTFE and TrueCrypt allow the contents of a USB drive to be encrypted automatically. This software can be carried on the same USB drive, and run without having to install it on a host computer.

Such software solutions may be used with "any" USB drive - turning cheap, commonly available USB drives into secure storage systems.

Other software solutions may help minimize risk by allowing corporations to record the interactions between the drive and the PC or server and record them in a centralized database.

Hardware

Some USB drives offer embedded hardware encryption, although these do cost significantly more. Chips within the USB drive carry out automatic encryption

Hardware systems may offer additional features, such as the ability to automatically reformat the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system, as the encrypted data can simply be backed up before trying multiple passwords - then restoring it if the wrong password is attempted, resetting the device to the same position it was in before attacking it.

Retailers of secure USB drives include: SanDisk (through its Enterprise division), Kingston Technology, Lexar

Management

In an enterprise environment, in which most secure USB drives will be usedFact|date=October 2008, a central management system provides IT organizations with the level of control they require for a corporate IT assetFact|date=October 2008. This includes password administration mechanisms, backup utilities, audit trailing and strong reporting tools. Many of the controls a management system can provide support organizations in their regulatory compliance efforts.

References

ee also

* Health Insurance Portability and Accountability Act - encryption is needed in order to move confidential data

External links

* [http://www.enisa.europa.eu/doc/pdf/publications/Secure%20USB%20drives_180608.pdf 'A users’ guide: how to raise information security awareness'] , ENISA, June 2006.
* [http://www.sandisk.com/Corporate/PressRoom/PressReleases/PressRelease.aspx?ID=4179 'SanDisk Survey Shows Organizations at Risk from Unsecured Usb Flash Drives; Usage is More than Double Corporate IT Expectations'] , SanDisk, April 2008.
* [http://www.ssddfj.org/papers/SSDDFJ_V1_1_Bem_Huebner.pdf ‘Analysis of USB flash drives in a virtual environment’] , Derek Bem and Ewa Huebner, Small Scale Digital Device Forensics Journal, Vol. 1, No 1, June 2007.
* [http://www.infosectoday.com/Articles/Plugging_the_Leaks.htm 'Plugging the Leaks: Best Practices for Securing Data in Endpoints'] , Dror Todress, Information Systems Security
* [http://attrition.org/dataloss/2008/05/pfizer01.html ‘Another laptop stolen from Pfizer, employee information compromised’] , Lee Howard, 12 May 2008,
* [http://fedtechmagazine.com/article.asp?item_id=352 ‘Closed doors policy’] , Daniel Tynan, FedTech Magazine, August 2007
* [http://www.vnunet.com/vnunet/news/2203540/security-breaches-everyday ‘Data breaches are “everyday incidents”’] , Matt Chapman, vnunet.com, 15 Nov 2007
* [http://www.infoworld.com/article/08/03/06/10NF-data-loss-prevention-problem_1.html ‘Data-leak security proves to be too hard to use’] , Infoworld.com

* Dataquest insight: USB flash drive market trends, worldwide, 2001–2010, Joseph Unsworth, Gartner, 20 November 2006.
* Determine the appropriate level of ITAM controls for mobile assets, Jack Heine, Gartner, November 15 2005.
* ‘Disc listing foreign criminals lost for year’, The Times, 20 February 2008.
* [http://www.crn.com.au/News/79936,data-leaks-emerge-as-worst-security-threat.aspx Data leaks emerge as worst security threat]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • USB flash drive — JumpDrive redirects here. For the fictional propulsion system, see Jump drive. SanDisk Cruzer Micro, a brand of USB flash drives …   Wikipedia

  • USB Disk Security — USB Disk Security …   Википедия

  • Secure Digital — SDHC redirects here. For the gene, see SDHC (gene). SD, SDHC, SDXC SD (top), miniSD, microSD cards Media type Memory card Capacity SDSC (SD): 1 MB to 2 GB although 4 GB cards are available SDHC: 4 GB to 3 …   Wikipedia

  • Secure Digital card — Infobox media name = Secure Digital logo = caption = Pair of SD cards type = Memory card encoding = capacity = Standard SD: 8 MB to 4 GB SDHC: 1 GB to 32 GB [pricerunner.com 2008 08 27] (theoretical max for SDHC is 2 TB.) read = write = standard …   Wikipedia

  • Solid-State-Drive — Speichermedium Solid State Drive (SSD) Verschiedene SSD (Computex Ritek RiDATA Ultra S) Allgemeines Typ Halbleiterbausteine Kapazität …   Deutsch Wikipedia

  • Live USB — A live USB or USB live distro is a USB flash drive or an external hard disk drive containing a full operating system which can be booted. Live USBs are closely related to live CDs, and are sometimes used interchangeably. Like live CDs, live USBs… …   Wikipedia

  • BitLocker Drive Encryption — infobox software caption = developer = Microsoft latest release version = 1.0 latest release date = January 30, 2007 programming language = C, C++, AssemblerFact|date=June 2008 operating system = Windows Vista, Windows Server 2008 language =… …   Wikipedia

  • Solid State Drive — Ein Solid State Drive (SSD, dt. Festkörperlaufwerk), auch Solid State Disk (dt. Festkörperplatte) genannt, ist ein Speichermedium, das wie eine herkömmliche Festplatte eingebaut und angesprochen werden kann, ohne eine rotierende Scheibe oder… …   Deutsch Wikipedia

  • Solid-state drive — A solid state drive (SSD) is a data storage device that uses solid state memory to store persistent data. Unlike flash based memory cards and USB flash drives, an SSD emulates a hard disk drive interface, thus easily replacing it in most… …   Wikipedia

  • Flash memory — Computer memory types Volatile RAM DRAM (e.g., DDR SDRAM) SRAM In development T RAM Z RAM TTRAM Historical Delay line memory Selectron tube Williams tube Non volatile …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”