Business Innovation Homepage > Information Management

Portable data storage devices seem to be everywhere these days. Whether it's USB (universal serial bus) flash drives, MP3 players, iPods or other products, the devices are becoming ubiquitous—including in the workplace.

These devices can be valuable assets. They enable users, particularly people who spend a lot of time on the road, to conveniently store large volumes of business data when they don't have access to the corporate network. But the products can also pose significant risks. If the devices are misused, lost or stolen, that can result in serious security or privacy breaches, which can get an organization into trouble.

Portable storage devices are becoming more common at work. Credant Technologies, a provider of mobile data protection technologies, in July released a survey of 323 business and IT professionals that asked about the use of portable data storage devices, including iPods, MP3 players, USB flash drives and data-centric phones/Secure Digital (SD) cards, in the workplace. The survey showed that 86 percent of respondents said the USB flash drive was the device most often used to store data exchanged between computers. Adoption of the iPod at work is high, according to the study, with 61 percent of respondents saying they use an iPod when traveling or at work.

Portable storage devices can certainly be beneficial for business users. They're small, convenient, relatively inexpensive and provide easy file backup and network-independent file transfer, says Craig Mathias, a principal at Farpoint Group, a research firm in Ashland, Mass. Many people have become dependent on the products, particularly when they're on the road and use them to back up data, Mathias says.

But if portable storage devices are allowed to proliferate in an organization without any kind of central control or policy governing their use, problems could result. Credant says its survey shows there's a lack of understanding about the threat iPod use poses to organizations, although about two-thirds of the respondents think these products and similar devices are a security threat.

With portable devices capable of storing larger amounts of data, the threat of "pod slurping," or using the products to illicitly download confidential data from a company computer becomes more of a concern.

Security products are available to help organizations monitor devices such as flash drives, lock out USB drives or disable USB ports. But in addition to deploying these tools, it's important to set guidelines on the use of portable storage devices—including whether employees are allowed to connect the devices to company-owned PCs. Organizations should also take the devices into account when creating or updating their security policies.

Mathias says Farpoint recommends that organizations adopt a policy stating that all sensitive data stored on any portable storage device must be encrypted. "The risk is that if the particular device is lost or stolen, the data can be compromised," he says. If devices are lost or stolen, it's likely that nothing problematic will happen to the data—other than it being lost, Mathias says. But if the organization or user is targeted by a professional thief who is seeking the data, that's a more serious problem.

One of the keys to building a safe environment for portable devices is ensuring that security becomes part of the corporate culture, Mathias says. Users need to understand that with the privilege of having a small but potent information asset comes a huge responsibility.

Click here for more Information Management articles