iPod: Your Portable Corporate Hellraiser
MrAndrews writes "In an article on ZDNet UK, a Gartner says that "Companies should consider banning portable storage devices such as Apple's
iPod from corporate networks as they can be used to introduce malware or
steal corporate data" I recently came into contact with a similar policy at a consulting firm that was concerned that top-secret information might escape through my USB watch, and made me leave it at the front desk every day. In that case, I know it was absurd overkill ... but is this concern a legitimate concern? No more music on the way into the office?"
Cute.
Makes me thankful for my original iPod with it's Firewire connectivity only, there's no firewire ports in this office.
Yes, like you're going to win that arguement at the security door/HR rep/etc. "But my ipod only has a firewire interface, unable to connect to the computers here!"
To them, that sounds like technical nonsense that makes you even more suspecious. "He mentioned fire!"
Those in charge of company security should remember that these same employees bringing in iPods are the ones who were issued key cards to get into the building. Companies have no choice but to give their workers the benefit of the doubt.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
To use a tired cliche, a security policy is as "strong as its weakest link." If people have access to web mail, CD burners, or other simple means of transferring data, then the policy is absurd. However, if strong security measures have been taken elsewhere, then this is perfectly reasonable, too.
I struggled for days and days and all I got was this lousy sig.
That's all good and well, but there are these things that have been used for years to facilitate corporate espionage, they're called floppy disks.
Also, what's the point of taking a watch? Unless they do a strip search, you'll always be able to get information out of the building.
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose.
It's not the saboteurs you should be worrying about (or rather, you should be worrying, but this won't stop them), it's the fools. The people who think it's fine to take something home and put it on their machine, which is sitting on a DSL line without much security. Your corporate firewall is now as weak as the security on this machine.
Not everybody is a criminal or has criminal intentions. If you don't trust an employee with an iPod, please explain why you would trust them to have access to the data in order to do their job?
A policy against iPods and other USB or other portable devices applied blindly is illusionary security at best. There are countless ways for a dishonest employee to steal data - the only mitigating factor is going to be how secure the network is - that should be the primary focus of any system administrator.
I could steal the source to all my company's software and related documentation on my USB key. Of course, I could upload it to my home computer or some other site with no USB key. Who could tell the difference with SSH? Instead, they trust me. I signed the NDA and I honor it.
I rarely criticize things I don't care about.
Typical heavy handed IT lunacy. You're making it harder to use a possibly essential device on a machine you didn't know might need it, creating more work for yourself while gaining little to no security, as potential theives would just go to a machine that didn't have USB disabled.
I've been subverting this type of network policy since second grade, and it's easy because it lulls you into a false sense of security. "I don't have to worry about X machine, I've locked it down!" Meanwhile, us grade school kids are running video games through the shell in WordPerfect.
Want a secure network? Stop with the locks and start with the spies. Befriend your users and make them your eyes and ears. Remind them not to trust anybody and help them identify suspicious activities. Most of all, make them care. That's tough to do. But unlike being an asshole, it actually works.
Hey freaks: now you're ju
Alert! A new device, known as a "Briefcase" has been increasing in popularity in the workplace. While useful for ordinary business it brings with it some sinister baggage. This nefarious device serves to conceal a large amount of objects, such as sensitive data and staplers, in a small space, enabling employee theft and espionage. While it's true that file folders have been commonplace in corporate environments for years, this new product threatens to bring unforeseen and catastrophic results. Ban it before your company falls apart and you have to spend the rest of your life living in the street trying to support your starving family.
I do think it makes sense for companies that already employ policies like searching employee belongings and metal detectors to add USB storage devices (and any data storage medium for that matter) to the list of things they check for. If you really needed to bring one in, you could have some sort of approval/checking process. As far as most companies go, I think it makes sense to judge based on whether they seem to be causing problems in the workplace, and if so, banning them or finding some other way to fix the problems. I think it would be a good idea to do virus-checking on insertion of any removeable media.
I thought this was a particularly interesting quote:
"Another potential danger is that the devices -- that typically make use of USB and FireWire -- could be used to steal large amounts of company data as they are faster to download to than CDs."
I think they've been watching too many movies. I highly doubt that most downloading of corporate data happens in a down-to-the-second race against corporate security. I think it's much more likely that most data is stolen by those with official access and all the time in the world. And I may be naive, but I think a corporate spy would be able to think of a better way to export data than an iPod.
And in the mean time, the actual thieves simply carry in their USB storage device hidden away in their pocket, without registering it, and leave without any search.
This is just another example of a stupid law or policy that does nothing to prevent theft, but inconveniences the honest people.
---------------------------------------------
SERENITY NOW!!!!!!!!!!!!!!!!