- Data Leakage – To minimize the threat of data leakage, enterprises can start by limiting the use of USB drives to company-authorized devices.
- Regulatory Compliance – All organizations should ensure they comply with government and security regulations—such as SOX, HIPAA, GLB, California SB and FISMA—to minimize the risk of data loss. The first step is to set clear security policies, publicize among employees and enforced through use of technology that audits, tracks and backs up all information on mobile drives.
- Lost data and support costs – Despite security measures, data may be lost or stolen, leaving the organization in a position to minimize the damage done. Issuing company-authorized USB devices will enable the initiation of procedures to recover lost data and reduce the subsequent damage.
What can enterprises do to beef up security measures for personal storage devices? There are a number of hardware and software solutions used, ranging from data encryption to authentication, anti-virus protection, and other monitoring options.
There are a few solutions, such as blocked ports, encrypted storage devices and software encryption of data; however these solutions do not address all that is required to ensure a comprehensive secure solution for the majority of removable devices.
7 Steps to Securing Personal Storage Drives
The following steps will help your enterprise secure personal storage drives, both on and off the network.
1. Always define and publicize your company policy for personal storage devices.
2. Institute company-issued personal storage devices.
3. Make sure devices are fully encrypted.
4. Ensure that users cannot circumvent security measures.
5. Maintain an audit trail of data stored on devices.
6. Have the ability to recover data that resides on personal storage devices.
7. Make sure your enterprise solution is comprehensive enough to provide you with the ability to store information on secure USB drives, control the use of all removable devices both inside and outside the corporate environment, and centrally manage company-issued USB drives.
The value of portable storage devices in today's business environment is clear. Equally clear is the initiative corporations must take to integrate these devices with their storage and security policies. By taking the right steps, today’s enterprises can secure their data by choosing the right technology that can both secure and monitor data, developing robust policies that protect company data to comply with regulations, and ensure the use of enterprise-ready personal storage devices.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.