Now more than ever before, protecting a company's data is of utmost importance. With many employees bringing their own smartphones and tablets to work, expecting full access to the company network, corporate and confidential data can be all too easily exposed. Additionally, hacking is always a problem, as are viruses on the network, brought about by inconsiderate use of portable flash drives or email. What can be done to better protect critical company data?

As companies face tighter budgets, smaller security staff, and growing data containment challenges, hackers are becoming increasingly sophisticated. However, threats to a company's security are not just external, they can, and are often even more likely to, come from within.

This is made worse by the fact that there are few easy answers in the fight to reinforce data security, while organisations find themselves facing a multitude of challenges. These include:

• The proliferation of smartphones and other mobile stosrage devices.
• Data endpoint sprawl and difficulty in centralising security management.
• Threats by privileged insiders with access privileges.
• Customised and targeted malware attacks.
• Information and device sharing in cloud computing environments.
• Stringent compliance and data breach disclosure requirements.

Be smart with flash memory

The good news is that there are options available that can help enterprises meet these challenges and secure their data.

Smart businesses are incorporating advanced technologies that can detect devices as well as actively encrypt the data that is stored on them, whether this is of a personal nature or not. Regardless of who owns the device, companies can focus on protection against both malicious and unintentional data theft with encryption software, which puts protected data in permanent lockdown mode.

Additionally, advanced technology offers several valuable features. These include specialised monitoring to detect when devices are accessing enterprise resources (such as databases, files and intranets), the ability to lock a lost or stolen device, and a way to prove that data stored on a particular storage device is protected.

Protection protocols

Controls may also be put in place to prevent the use of USB flash storage devices. Without the ability to use any USB storage devices on the endpoint, the likelihood of a data breach or infection by USB-malware is significantly reduced. However, end-users who are accustomed to using company-issued or private USB storage devices, may find themselves having to re-evaluate processes and procedures. This policy is almost certain to produce significant user resistance. As such, it should only be adopted in scenarios where the risk of very sensitive information being breached is high, or where special circumstances apply, such as a shared system in a public area acting as a kiosk.

Security on a stick

A number of commercially available, self-encrypting USB storage devices already exist and are available on the market. These products aim to provide the convenience of a USB drive with enforced encryption, which resides on the device itself. An even more secure approach is to allow users to utilise their own USB devices, and to enforce encryption on them. This approach enables users to continue to use USB devices that they own, but reduces the risk of a breach by ensuring that any data on them is well secured.

Employer's options

There are a number of considerations that must be taken into account when deciding to allow users to utilise their own USB devices. These include the protocols that can be put in place regarding use of the device outside the corporate network.

Portable storage devices, especially those owned by employees, will often be used outside of the corporate network. While this may seem entirely sensible to many users, any drive that has been used within the network (and which therefore may contain highly sensitive information) should never be used externally, as this greatly reduces the risk of an employee copying sensitive information from one computer to another. The alternative is to allow users to copy information onto a USB device, as long as the information is encrypted while being copied to the device.

Secondly, companies also need to consider that the majority of removable media storage devices used within the company's network may belong to employees, and likely contain information which is either not sensitive or may belong to the user. With this in mind, organisations may wish to put in place controls that will encrypt only new information added to the removable media device.

Conclusion

With the ever-expanding mobility of the enterprise, data threats are introduced anywhere, from the home office to the cyber cafe, causing exposure of highly sensitive corporate data. The demand for a highly mobile workplace is only going to increase, so implementation of removable media encryption is a must. As corporations become increasingly mobile, implementing removable media encryption, and following best practices in doing so, is becoming imperative in keeping one's enterprise clear of potential data breach.

For more information, please contact Gregory Deane at HP on 082-882-4444, or email gregory.deane@hp.com.

Sources:

Hewlett-Packard - "Guide to Data Protection: Best Practices" http://welcome.hp.com/country/us/en/prodserv/storage.html

Credant Technologies - "Removable Media Best practices" www.credant.com