This editorial was originally published on Oct 21, 2006. It is being re-run as Steve is out at SQL in the City today.
I’m not talking about soup at the employee cafeteria or summer trips to 7-11, but rather the newest definition of slurping: siphoning off data with portable storage devices. It started to become a big concern with the wide deployment of iPods with their 20+GB storage capacity and easy connection to PCs. The advent of this scale of portable device, made more disturbing because of their benign appearance, has raised the concern of IT security folks. Now someone could appear to be listening to music while doing their work and siphon off an entire database!
Now a number of companies are starting to build software to secure USB devices and help prevent data theft. And they’re taking an interesting approach, similar to that taken by networks: they control the access to USB devices at the PC level.
This is a step in the right direction, but it still doesn’t limit what data can be downloaded to the device if USB access is enabled. It does report on access, which is probably as important as blocking the transfer. Being able to respond to security events and track them down is critical since someone will always find ways around the limits you impose.