PointSec's latest research suggests that a lmost one-third of organisations believe staff are connecting USB storage devices to PCs without permission. According to the survey of technology staff, few firms are doing anything to stop files being downloaded on to drives or media players, such as the fast-selling iPod. The fact that many media players can store gigabytes of data means they could potentially store huge amounts of sensitive information.

The Race for Faster, Smaller, Cheaper
Technology has supported our desire for mobility. Removable storage media is at the centre of a variety of new ways we can share and use information e.g. the small cards used in PDAs and cameras; thumb drives used to move files between PCs; and personal entertainment devices, such as iPods,® which may have as much as 100 Gigabytes of storage capacity.

Removable devices can take on forms like pens and wristwatches, making it impossible to attempt to control their use by “search and seizure.” You would be hard pressed to find someone that does not own at least a couple different types of removable media today.

Most personal media devices can be connected to a PC via USB or ‘firewire' connections. Today's PCs sport as many USB ports as there are cupholders in a mini-van, so there's no problem finding an available port. Windows makes it simple to use these devices. Plug and play means that these devices can simply be plugged in- Windows will do the rest by automatically detecting them and installing the right drivers for their use.

What really made removable storage viable was the advent of USB 2.0 which made transfer rates up to 480 megabits per second possible. At these rates, it takes less than 5 minutes to move up to 60 Gigabytes of data. An entire PC can be copied to a removable media device and carried away in a matter of minutes. Imagine – an entire desktop could disappear!!!

Personal entertainment devices are typically purposed to playing music or displaying pictures, utilising copyright controls to manage the files on them. They pose an added issue of appropriate use. Does your corporate policy govern the use of personal entertainment devices, including access to network sites to share music or pictures? It may seem like a trivial question until you realize that Napster alone represents a significant amount of overall network traffic, not to mention others like iTunes and BearShare.

On top of this, enterprises are behind in protecting information at the source: at the data itself. Copyrighted materials, such as digital music, already exploit digital rights mechanisms incorporated into the media and the devices themselves, but other highly confidential data like patient records often do not.

So why not simply ban the use of portable devices altogether? Suppose you prohibit the use of removable media of any sort in the enterprise. Violations can be dealt with on the spot. Some enterprises do have that sort of policy in place, but it is like trying to stem the tide of progress. It is also just shy of having no policy at all- unenforceability is the death of many security policies.

To enforce a complete ban, you would have to eventually ban cell phones, ebooks, and the variety of form factors that we can anticipate removable media will take on in the near future. What would make more sense is to determine an acceptable use policy for these devices. Determine how they may be used securely, and make them work for you rather than against.

The Answer - Implement Effective Device Control with SecureWave's Sanctuary Control
Device Control provides a means to develop and enforce a granular use policy for how removable media, or any device that can be accessed from an end user's PC for that matter, can be used. There are a few important steps to take in implementing a strong usage policy. Developing and enforcing a device use policy must be done in a non-disruptive fashion, minimizing any adverse impact of going from a non-controlled to a controlled use environment.

Sanctuary Device Control ™ establishes a trusted devices environment and control for desktops. Users and devices are denied access by default and no one can plug into the network without approval. Sanctuary also audits I/O device use as well as attempts to use unauthorized devices. It can even create and log a complete copy of all data written to authorized devices

Sanctuary uniquely comes equipped with all that is needed to develop and enforce a comprehensive device use policy, combining centralized control with end-user flexibility. Administrators retain total oversight, setting rules, monitoring activity and even controlling network lockdown if necessary; yet at the desktop level, users are empowered to authorize applications and executable files they personally know and trust. This inclusive white-listing approach enables, for example, a user to upload digital photos of their children as a screensaver, yet block that same device from introducing any other type of files (dangerous executables) AND from taking data off the PC.

The software's comprehensive scanning and logging capabilities make it simple to know what devices are attached whether they are attached on remote systems or in a lab. Sanctuary's passive monitoring and logging mechanisms enable administrators to know what is being used whether they are approved devices or not. Auditing and reporting enable enterprise administrators to precisely track how devices are used, by whom and how. They can also see when un-authorized device usage is attempted and track that as well.

Since Sanctuary works with devices, not just ports, it can understand devices to a granular level, enabling enterprises to develop very detailed use policies-working with the devices rather than simply enabling or disabling them. Tying in with directory services enables Sanctuary to immediately associate user groups to the devices, all on the fly- important since the enterprise is very dynamic today.

Sanctuary's Shadowing capability provides the ultimate in tracking precisely what data is being written to portable media in the cases where high confidentiality must be maintained and tracked.

Everything needed is provided and designed to make Sanctuary Device Control one of the quickest products to implement and one of the easiest to administer.

What should you do?
To find out more about how Sanctuary Device Control can block unauthorized devices, prevent data theft, and audit data copied, speak to your Servo Account Manager, and please follow this link http://www.securewave.com/sanctuary_DC.jsp

The clock's ticking for Exchange 5.5 and Exchange 2003 is getting hot with Windows Mobile 5.0
The bad news: If you're still on Exchange 5.5, by Christmas, this product won't be supported and you'll be running your corporate messaging on a completely unsupported platform. A risk? Yes! Have you mitigated the risk? The good news: Exchange 2003 is here, stable and widely used by all sizes of organisation
Even better news: Exchange 2003 Service Pack 2 is coming soon.

XP on the desktop – easy to deploy or not?
An essential read for any organisation that is apprehensive about migrating to XP and Office 2003, this article gives you advice on managing the desktop with relative ease.

.PST nightmares – how to avoid them
If you're fed-up with managing unsecure .PST files, or concerned with getting the most out of your storage, then this article will provide you with an affordable solution to reduce your storage costs, and enhance the performance of your Exchange servers, whilst keeping
the legal and compliance officers
at bay.

Infiltration of the iPod – a must see movie or something more than an average day in the office?
Imagine a well informed user waltzing onto your network listening to their favourite tracks (legally downloaded the night before and not from your network of course!!) on their iPod and then going home at night with the contents of their network drive snugly copied and stolen from your network…? Too much to handle then you should consider the SecureWave Sanctuary Control product to protect you from this situation.