Reining in the insider data threat (and USB storage devices)
Do you know how many personal devices are on your corporate network?
Ever wonder how many iPods are tapped into your corporate network? How about USB storage devices? What's your USB port strategy at your company?
Tough questions. The good news: Companies have written policies in most cases. The bad news: Those policies are almost impossible to enforce.
Security company PointSec is hoping to make things a little easier with a port protection system called Pointsec Protector. Essentially, the software tracks and manages storage ports throughout a network while encrypting key data. Pointsec customers with Protector can control their employees' use of personal devices such as USB drives, Bluetooth smartphones, digital cameras and music players. With the software a company could ban all iPods in the workplace (Pointsec officials say it's been done before) or classify what devices can be plugged in. The iPod ban raises an interesting conundrum: Would a company ban the iPhone because it's more iPod than phone?
The goal: Control the influx of workers personal devices and limit sensitive data that can flow out of a company with relative ease on removable media devices. Martin Leamy, president of Pointsec, says the company's sales pitch goes like this: We can roll out our technology quickly (35,000 PCs in three weeks is the record) and help you control the data that may walk off site. "The challenge is that written policies are hard to enforce," says Leamy. "A mid-sized company may have 12,000 devices plugged into the network at any one time."
When implementing Protector, Pointsec recommends that customers install the software and then just monitor the number of devices tuned into a network. The goal is to balance productivity and security. Companies don't want to be draconian, but do need to find a balance of limiting devices.
"The goal is to make sure no one walks away with anything useful," says Bob Enger, vice president of product management and global marketing.
Not too surprisingly, Pointsec, which has been acquired by Check Point Software, says the bulk of its customers are financial services firms and technology and pharmaceutical companies that stand to lose the most if intellectual property and key data walks out the door. Prices start at $149 per seat up to 100 PCs with volume discounts beyond that.
And who's asking for this product the most? Companies and industries that have either had to disclose (or had a rival disclose) a data breach.