1. No restrictions or a IT policy stating no USB access permitted - very common.
Solution: Unrestricted USB access or company IT polices stating USB devices should not be used.
Pros:
- Fast
- Simple to use
- No hassle to users
- No audit or control of data
- Open to viruses
- No certifications
- Zero control
Solution: The company supplies their staff with hardware-encrypted USB drives and puts in place a policy stating that staff are not allowed to use non-hardware-encrypted USB drives.
Pros:
- Strong security for USB drives
- High certifications, ie. FIPS or CESG
- Simple to use
- Quick to use
- Expensive, some USB drives are £70 - £300 each
- High physical investment and an expensive item to loose
- Users can still plug in unencrypted USB drives
- No security for other removable media, like CDs, DVDs or memory cards
- Possibly no audit or control of USB drives
- Generally high certifications, ie. FIPS or CESG
- Automated security for USB, CDs, DVDs or memory cards
- Users cannot get round the restrictions
- High audit and control
- Management of data and passwords
- Transparent to users, fast and simple to use
- Works with most removable media brands
- Far cheaper with no hardware investment
- Requires setup on server and client
- Some solutions encrypt files and not drives, meaning file names are visible but cannot be opened
- Quite restrictive, but this is a good point
-
Cons:
Solution: An automated software client installed on the PC or laptop with a centrally-managed console on a server. This restricts un-encrypted data leaving the office.
Pros: