RealTime IT News

Small Devices, Big Risks

Portable, handheld storage devices, like USB memory sticks and iPods, are posing a greater security risk internally to many businesses that are primarily focused on halting external threats.

Centennial Software, a developer of IT asset discovery and security management solutions, said it is addressing one of the biggest, and possibly most overlooked, security threats facing organizations -- the unauthorized use of removable media by anyone with access to PCs on the network.

The Portland, Ore.-based company today announced the availability of DeviceWall 3.0, a new enterprise security solution that focuses on halting those increasing threats.

"It has never been easier to walk out with your corporate data these days," Matt Fisher, vice president of marketing at Centennial, said. "They don't need a backpack full of files or even a plug-in hard drive a tiny 2GB thumb drive can do severe long-term damage to a company's operations and reputation."

The latest version of DeviceWall offers permission control and "increased granularity" for managing the growing use of USB sticks, iPods, PDAs, Smartphones, CDs burners and other devices, according to Fisher.

The solution also adds the ability to lock down Bluetooth, Infrared and Wi-Fi wireless connections, preventing the transfer of information between corporate PCs and unauthorized devices, he said.

These small devices pose big risks to businesses as they can be used to deliberately or inadvertently remove sensitive data from the corporate network, introduce malicious code or transfer inappropriate content.

According to Fisher, research indicates 80 percent of IT related crimes originate from within a corporate network, while most IT managers have been focused on external threats.

Mike Heffernan, Computer Operations Manager at Los Angeles Yellow Cab Co-op, agrees, noting security is his organization's top priority.

"Like many others, we have spent much time and many resources securing our assets from the 'glamorous' vulnerabilities: viruses, spam, malware, intrusions," he said in a statement. "Whether it's as serious as preventing data theft or as basic as blocking introduction of unwanted files or malware onto the network, we needed to be able to prevent access by certain types of devices."

DeviceWall can be controlled by both user and device class, which enables authorized users to continue unhindered and minimizing the impact on business productivity.

"Today, it is extremely easy to suck critical data from a production network and walk out with it on a device the size of a pack of gum," Heffernan said. "Yet it is equally unproductive to deny users the resources they need to do their jobs effectively."