MP3s – The Big Security Risk In 2006
by Martin Allen - MD of Pointsec - Wednesday, 25 January 2006.
The mobile video market has no doubt been helped substantially by the entrance of Apple with a video iPod. However, there are numerous other vendors, such as Archos, that have had high capacity video jukebox players for a number of years now. The storage in these devices is set to soar with the introduction of new perpendicular disk drives. We are already seeing the first 160GB disk drives and they will only get bigger.

While this is ideal for very high quality video it also poses a massive and significant risk to corporate data. The capacities at this high end equate to a laptop drive. This means that vast amounts of corporate data can be removed on a small consumer device that sits in the pocket.

Introducing measures to prevent such devices from connecting to corporate resources are failing. As fast as vendors bring out software to identify and block the devices, device manufacturers and software companies are releasing utilities to hide the devices from network administrators. A common approach now is to just report them as removable CD players. This allows them to avoid many of the restrictive practices introduced by the network administrators.

The goal, then, is not to exhaust resources trying to ban the devices, but find a way to encompass their existence within the corporate data security policy.

One of the first problems is that devices are likely to have content put on them at different locations. There are no anti-virus, anti-spyware programs for the majority of these devices although software to protect Smartphone’s is beginning to appear. With multiple connection points for the mobile device, corporate desktops and laptops MUST be updated with the relevant software.

As the capacities increase, another measure, if these devices are to be tolerated, is to introduce transfer quotas. These allow you to restrict the amount of data that can be moved to an individual device. While this will not prevent data being taken out of the building it will restrict the quantity that can be taken at any one time.

A major problem with consumer devices is that they are not looked after carefully and attract thieves. This is where companies can take a very positive step to protect data. There are products that insist on encrypting data as it is being moved onto portable devices.

One advantage of this approach is that should the device be stolen, the data is protected. Another is that the larger capacity devices can be utilised as pseudo backup devices for mobile workers while keeping the data secure.

So, if you want to make sure that this New Year you keep your staff happy and the company safe and secure be sure to look at investing in strong encryption on all devices that enter and leave your office. Make encryption mandatory and educate your users so that they are aware of the risks to themselves and to your company if they lose one. That way you’ll ensure you’ve done a great job which will guarantee a great big fat bonus to enjoy for yourself next Christmas.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th