Employee Slurping

This editorial was originally published on Oct 21, 2006. It is being re-run as Steve is out at SQL in the City today.

I’m not talking about soup at the employee cafeteria or summer trips to 7-11, but rather the newest definition of slurping: siphoning off data with portable storage devices. It started to become a big concern with the wide deployment of iPods with their 20+GB storage capacity and easy connection to PCs. The advent of this scale of portable device, made more disturbing because of their benign appearance, has raised the concern of IT security folks. Now someone could appear to be listening to music while doing their work and siphon off an entire database!

Now a number of companies are starting to build software to secure USB devices and help prevent data theft. And they’re taking an interesting approach, similar to that taken by networks: they control the access to USB devices at the PC level.

This is a step in the right direction, but it still doesn’t limit what data can be downloaded to the device if USB access is enabled. It does report on access, which is probably as important as blocking the transfer. Being able to respond to security events and track them down is critical since someone will always find ways around the limits you impose.

The is of particular concern for DBAs as the sizes of these devices grow close to that of our databases. Losing a record or two of data is one thing. Losing an entire database is something else.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.

1 Response to Employee Slurping

  1. Brian Kelley says:

    DLP can control what data is loaded, to some extent. Control of USBs have been around for a while. When we were first considering full disk encryption solutions about 5-6 years ago, the USB controls were already available.


Comments are closed.