Reining in the insider data threat (and USB storage devices)

Reining in the insider data threat (and USB storage devices)

Summary: Do you know how many personal devices are on your corporate network? Ever wonder how many iPods are tapped into your corporate network?

TOPICS: Big Data

Do you know how many personal devices are on your corporate network?

Ever wonder how many iPods are tapped into your corporate network? How about USB storage devices? What's your USB port strategy at your company?

Tough questions. The good news: Companies have written policies in most cases. The bad news: Those policies are almost impossible to enforce.

Security company PointSec is hoping to make things a little easier with a port protection system called Pointsec Protector. Essentially, the software tracks and manages storage ports throughout a network while encrypting key data. Pointsec customers with Protector can control their employees' use of personal devices such as USB drives, Bluetooth smartphones, digital cameras and music players. With the software a company could ban all iPods in the workplace (Pointsec officials say it's been done before) or classify what devices can be plugged in. The iPod ban raises an interesting conundrum: Would a company ban the iPhone because it's more iPod than phone?

The goal: Control the influx of workers personal devices and limit sensitive data that can flow out of a company with relative ease on removable media devices. Martin Leamy, president of Pointsec, says the company's sales pitch goes like this: We can roll out our technology quickly (35,000 PCs in three weeks is the record) and help you control the data that may walk off site. "The challenge is that written policies are hard to enforce," says Leamy. "A mid-sized company may have 12,000 devices plugged into the network at any one time."

When implementing Protector, Pointsec recommends that customers install the software and then just monitor the number of devices tuned into a network. The goal is to balance productivity and security. Companies don't want to be draconian, but do need to find a balance of limiting devices.

"The goal is to make sure no one walks away with anything useful," says Bob Enger, vice president of product management and global marketing.

Not too surprisingly, Pointsec, which has been acquired by Check Point Software, says the bulk of its customers are financial services firms and technology and pharmaceutical companies that stand to lose the most if intellectual property and key data walks out the door. Prices start at $149 per seat up to 100 PCs with volume discounts beyond that.

And who's asking for this product the most? Companies and industries that have either had to disclose (or had a rival disclose) a data breach.

Topic: Big Data

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Common Sense Lacking

    Everyone who knows anything can easily figure a way to keep open ports from being physically accessed on a work station.
    Physically disabling the ports to proper planning of the peripheral devices needed in order to operate the system is all you need to think about.
    With work stations there is no need for USB ports at all. Even if a USB mouse is used there is adapters that can allow it to be used in a PS2 port instead. With some motherboards Jumpers can be installed to disable USB ports.
    But the problem is not just USB devices, no, any peripheral drive that offers a way to access is a means to copy and or corrupt a system, besides the obvious internet access means.
    When you take away the physical access to a system and remove access to the internet, so the systen can not be accessed remotely is the only safe way to guard a system. Allowing access to the internet even through a company e-mail server offers a means of causing issues because all they would have to do is e-mail a co-worker or themselves a virus or data mining trojan from another location to their office e-mail user account and when it is opened..well we know what happens next don't we? SO nothing is safe as long as a company allows access to e-mail, internet, and or through certain physical devices that can interface with the system by a disgruntled employee as you mentioned.