In July, Gartner Inc. warned CIOs to be wary of portable storage devices such as iPods and USB flash drives. These devices, says Gartner analyst Ruggero Contu, can present serious security threats: Not only could disgruntled employees use them to download massive amounts of sensitive corporate data, but they could also be used to introduce viruses into the network. "Any device that can be easily connected to the USB port and can download data poses a threat," says Contu.
But is it realistic to think that IT departments can prevent data theft and virus introduction simply by banning iPods?
As it turns out the Gartner warning, while hard to enforce, is warranted. Last summer, two portable storage devices holding sensitive nuclear weapons information went missing from the Los Alamos National Laboratory in New Mexico, prompting U.S. Energy Secretary Spencer Abraham to suspend all classified work on computers until security for such devices was tightened at DOE facilities nationwide.
Is the average 23-year-old programmer listening to his iPod a threat to national security? Probably not. But there are steps you can take to secure systems while still allowing the devices. Contu suggests CIOs adopt personal firewalls to limit what can be done through USB ports, and that they use digital-rights-management software.