RealTime IT News

Has SanDisk Solved USB Device Security?

The convenience of tiny Flash drives is also their downfall when it comes to IT security.

The hugely popular tiny Flash devices, also called "thumb" and "keychain" drives, provide an easy way to move files from desktop to notebook computer and transport files and data in your pocket. But that ease-of-use can be a nightmare for IT departments that worry about any non-authorized software that might be introduced to their networks by the Flash drives, as well as what sensitive corporate information might be removed.

SanDisk would like to change all that with TrustWatch, an integrated suite of applications that works only with SanDisk Flash drives introduced this week at the RSA security conference.

In some cases, government agencies and corporations have had the USB ports glued shut to prevent USB devices from being attached.

TrustWatch is built around a secure network appliance and a management console designed to let IT administrators easily configure and deploy secured USB Flash drives (UFDs). The system also prevents information from being copied to unapproved devices.

"Sandisk believes USB Flash drives have their place and can change from being a threat to IT to being a competitive device that makes employees more productive," Ron LaPedis product marketing manager at SanDisk," told . "But they need to be managed."

The system's centralized management gives road warriors more flexible access to their data and applications. In some cases, the UFD might suffice rather than a notebook computer.

SanDisk said a TrustWatch UFD can be used on a borrowed PC without leaving any trace of its activity on that PC. If the UFDs are lost or stolen, their data can be remotely destroyed. Built-in e-mail software syncs with Microsoft Outlook folders and has Outlook's look and feel to manage e-mail while on the road.

"Basically, it's a thin client with a secure log-in," said LaPedis. "Every time it's plugged in it talks to the management server."

TrustWatch also performs a security check. When a TrustWatch UFD is plugged in, the software runs a spyware scan to make sure no keyloggers are in memory. File vault storage includes AES  256-bit encryption for security.

Analyst Roger Kay applauds the security effort SanDisk is making, but would rather see a standards-based approach that works with other hardware.

"I'm here at the RSA Conference, which is full of companies offering solutions from a narrow perspective," Kay told internetnews.com. He noted the efforts of the non-profit Trusted Computing Group to promote open, vendor-neutral security standards.

SanDisk is the primary mover behind the U3 platform for application interoperability between Flash drives. LaPedis notes the comprehensive nature of SanDisk's solution and its immediate availability. Though he also notes "We want to sell SanDisk drives."

Other solutions address various aspects of the security issue. For example, SmartLine introduced DeviceLock v6.1 at RSA, end-point security software designed to prevent employees from using their corporate and personal computing resources to siphon off valued information outside the guidelines of IT security policy. DeviceLock controls and audits activity at all peripheral ports and removable device interfaces on Windows-based computers natively via Active Directory Group Policy Objects (GPO) and/or DeviceLock management consoles.

The company said administrators gain precision control over which users and groups have what level of access to which devices on which computers and when that access is allowed. Prices begin at $35 for a single-computer license, or $7,400 for managing 1,000 computers.

SanDisk TrustWatch drives are available now in 1 gigabyte to 8 gigabyte capacities. The TrustWatch security system is $89.95 per seat starting at 100 seats. The software is browser based and doesn't require a native client, so it can be managed from anywhere there is access to a browser.

LaPedis said TrustWatch has been in pilot testing by two banking customers for several months. IT administrators have a number of options in setting up access and policy rules. For example, the system could report on all activities including when the drives are used at home. There could be an alert issued if home use is not allowed.