Put Security Policies in Place for Portable Storage Devices

G00122085

Analyst(s): |

  Free preview of Gartner research

Summary

Learn from the U.S. Department of Energy's troubles. If you deal with sensitive information, adopt strong security policies for portable storage devices.

News Analysis

Event

On 26 July 2004, U.S. Energy Secretary Spencer Abraham ordered Department of Energy (DOE) facilities around the country to stop all classified work on computers until security for removable storage devices is tightened. The order followed the loss of two computer disks containing nuclear weapons information at Los Alamos National Laboratory in New Mexico. It applies to Los Alamos and 16 other DOE facilities.

Analysis

Gartner has warned repeatedly that portable storage devices pose a serious security threat. These devices can be removed and used to leak sensitive corporate data, and can also be used to bypass security systems and introduce malicious software into a network. The U.S. Department of Energy announcement followed reports of a similar ban on portable storage devices by the British Ministry of Defence (ministry officials later announced that there was no outright ban, but rather a "flexible management approach in regards to iPods and similar devices that can move data from official systems").

Recommendations:

  • Companies dealing with sensitive information should restrict the use of uncontrolled, privately owned devices with corporate PCs. The prohibition should include employees and external contractors with direct corporate network access.

  • Security managers should adopt suitable policies for the use of portable storage devices, with advice on the main procedures to be followed for the eventual use of such devices. For example, policies should confirm the need for passwords and encryption of stored corporate data.

  • Security managers should consider mobile data protection and firewall tools to help control the use of portable storage devices, to prevent the possible introduction of malicious code and minimize the risk of information leakage.

Analytical Sources: Ruggero Contu and John Girard, Gartner Research

Recommended Reading and Related Research

(You may need to sign in or be a Gartner client to access the documents referenced in this FirstTake.)

© 2004 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

Contact us online

  Research

More  

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more