Report: USB security/management is, shockingly, an afterthought

Posted by: on Aug 26, 2011 | No Comments

A major research paper regarding the current status of USB flash drive security and management was released this month, and its publication has caused a major disruption…to say the least.
The State of USB Drive Security: U.S. Survey of IT and IT security practitioners, compiled by the Ponemon Institute, clearly demonstrates that organizations are fully aware that – in using USB flash drives as a productivity tool – they are at major risk of suffering data loss due to employee negligence and inattention. Further, the report indicates that, despite their understanding of these inherent and problematic risks, organizations are not taking the required action to ensure USB flash drive security and safety, nor to implement USB management procedures of any sort.

And, considering the increasing prevalence and severity of USB data breach situations, why, pray tell, are organizations not being proactive on these fronts?

The report indicated three primary reasons for the lack of proactivity among respondents:

  1. reluctance to interfere with a proven productivity tool,

  2. insistence on relying on employee capacity and trustworthiness (honor code), and

  3. prevailing uncertainty regarding the tracking and monitoring of USB implementation and use.

Well… We certainly understand that this is an emerging realm, but – considering that the organizations involved in the study have lost an average of 12,000 records (customer, consumer, employee) due to missing USB flash drives, the results of this research seem almost bizarre and cataclysmic. It is almost as if everyone understands the scope and seriousness of USB security and management, but has little idea what to do about it.

Companies seem to be completely in the dark regarding the heightened capabilities of a USB management system such as BlockMaster’s SafeConsole USB Management Software – which allows organizations to have the heads up of knowing when a flash drive is lost or stolen and allows for the remote management of all flash drives in such a scenario (and myriad others). To illustrate the level of darkness in the room, regarding the value of USB management, let us take a closer look at one case in point: the uninspiring responses within the research report to the survey question, “What procedures are in place to recover or secure missing UBS devices?”

In the research report (which surveyed 743 IT and IT security professionals who have an average of 10 years of relevant experience), only 13 percent of those surveyed said that their organization has policy requiring end-users to contact the help desk immediately, when a device is lost. Only two percent said their organization has the capacity to implement a remote termination of devices (kill switch) and an overwhelming 58 percent of those surveyed said that no formal procedures whatsoever are in place to deal with the risks of lost USB drives.

80% Suffered From Lost USB Drives

So, to review… Companies, predominantly, will not know when a flash drive containing sensitive and confidential device has been lost or stolen; most organizations, even when they become aware of the loss, do not have the ability to do anything about it from a remote location; and, overall, organizations have not even taken the time to inspect the need for a USB management system to help keep track of and secure information contained on USB flash drives that can potentially be highly sensitive and volatile. This seeming indifference seems almost remarkable, especially considering the response to another survey question in the report. When asked, “How frequently are USB drives reported as lost or missing in your organization?” – an alarming 80 percent (combined) of all respondents answered either “all the time” or “very frequent.”
Hmmmm….We are pretty sure it’s high time for proactivity – we’ll help you take necessary actions to never lose data again.

Register for a Free SafeConsole Trial here >>


Leave a Reply