Data Defender has visited many companies over the years within both the private and public sectors. One factor that always stands out is that many companies have no security around USB devices or they chose hardware-encrypted USB drives and, as these are not blocked, they remain highly vulnerable from within the company itself.

1. No restrictions or a IT policy stating no USB access permitted - very common.
Solution: Unrestricted USB access or company IT polices stating USB devices should not be used.

Pros:
  • Fast
  • Simple to use
  • No hassle to users
Cons:
  • No audit or control of data
  • Open to viruses
  • No certifications
  • Zero control
2. Hardware encrypted USB drives - fairly common but may still leave a company vulnerable.
Solution: The company supplies their staff with hardware-encrypted USB drives and puts in place a policy stating that staff are not allowed to use non-hardware-encrypted USB drives.

Pros:
  • Strong security for USB drives
  • High certifications, ie. FIPS or CESG
  • Simple to use
  • Quick to use
    • Cons:
      • Expensive, some USB drives are £70 - £300 each
      • High physical investment and an expensive item to loose
      • Users can still plug in unencrypted USB drives
      • No security for other removable media, like CDs, DVDs or memory cards
      • Possibly no audit or control of USB drives
      3. Software-based automated encryption with central management - quite rare but the best scenario.
      Solution: An automated software client installed on the PC or laptop with a centrally-managed console on a server. This restricts un-encrypted data leaving the office.

      Pros:
      • Generally high certifications, ie. FIPS or CESG
      • Automated security for USB, CDs, DVDs or memory cards
      • Users cannot get round the restrictions
      • High audit and control
      • Management of data and passwords
      • Transparent to users, fast and simple to use
      • Works with most removable media brands
      • Far cheaper with no hardware investment
      Cons:
      • Requires setup on server and client
      • Some solutions encrypt files and not drives, meaning file names are visible but cannot be opened
      • Quite restrictive, but this is a good point