"Flash card syndrome": how to protect data during the work with external devices? TADetails

What external devices can pose with themselves threat for corporate data

External removable devices (USB flash drives) and carriers (CDs/DVDs) are usual in life for a long time, and in business and are even less so almost irreplaceable. Any office in an every spot on the globe are a separate ecosystem in which there was a place to USB drives, FireWire external hard drives, technologies of mobile connections Wi-Fi and Bluetooth, to scanners, multimedia players, digital cameras, smartphones and tens of other devices and technologies. Seeming already very primitive — all of them still bear in themselves high value for daily business operations, increasing performance of any company. And life without them to provide already it seems as it is impossible, here only this value is integrated to serious risks.

"Fast uncontrolled distribution and use of these devices causes serious concern of Information security departments of the companies because of possible accidental or malicious information leak, or a compromise of IT systems — the system engineer of Ivanti company Maksimilian Prilepsky tells. — Training of employees, awareness of risk by them or even strict internal IT policy are often insufficient for safety of intellectual property, confidential information protection from insider threats or accidental losses. And therefore device management is the most important component of strategy of data protection for the enterprises".

Strictly speaking, the potential threat for corporate information is posed by any portable devices of data storage: from USB drives and portable devices of storage, to memory cards and tokens. All of them can be used for copying of confidential data or to serve as point of entry for harmful or spyware. This technology is old too, not as the world, but is close to that: USB producers do not protect a firmware in the devices, and therefore cybercriminals use the malware which will reprogram a firmware and a beret of the USB device under the control. And the user, it seems, is not guilty, and serious damage can be caused to the company.

"The staff of the companies often does not even think that recharging mobile phones, tablets and other devices using corporate ports USB they already put at risk of the IT system of the enterprise, its assets and data — Maksimilian Prilepsky adds. — And if an incident occurs, then financial, legal and image effects will not keep themselves waiting long. By the way, statistics is eloquent: more than a half of cases of loss of corporate information occurs unintentionally or on a personnel oversight — during the transporting and storage of external drives".

How to prevent loss and date leak during the work with peripheral devices

The issue of date leaks is regarded as of paramount importance by cybersecurity services of the companies during the developing of domestic policy and implementation of information security systems. There are enough profile solutions in the market. It and the expensive DLP systems (Data Leak Prevention is "Data loss prevention"), which implementation can take months, and specialized software for control of removable devices and USB ports, both mechanisms of enciphering of external carriers, and the system of audit, authentication and access control. But specialists consider the most important informing and training of employees at least to the simplest methods of data protection and counteraction to methods of social engineering.

Whether it is possible to protect a system from infection with the malware from removable mediums

The infected external carriers are not only infection with a malicious code. Such devices can emulate the keyboard and start the own commands leading to leaks or thefts of files. USB devices can issue themselves for network interface cards, change settings of a system, even secretly to redirect web browser traffic. When the problem is already available, it is difficult to solve it therefore first of all provisional measures of security are important.

"One of the most important councils which without fail needs to be followed: not connect unknown flash-drives to the computer — Maksimilian Prilepsky explains. — Also you should not use personal USB drives on computers of the company and vice versa — not to connect the USB drives containing corporate information to the PC. It you exclude risk of cross infection. Also it is necessary to use passwords and enciphering of USB drives and CD/DVD disks for protection of your data and intellectual property".

Besides, specialists recommend to turn off autostart function. In Windows OS it leads to automatic opening of removable mediums at connection to the computer, thereby opening the road to malware to data, important for business. And the companies should develop and implement really working security policies. The personnel should be trained in rules of interaction with external devices to lower a role of a human factor.

We implement the solution for control of removable devices: the choice of the solution, the main stages that influences terms and cost

For the vast majority of the companies prohibition on use of removable mediums is not the answer to requirements of cybersecurity department. That role which external devices play in questions of effective functioning of the enterprise is too big. And therefore it is important to reach compromise between requirements of security policies, convenience of interaction of employees and, of course, cost of profile solutions.

"Widely advertized DLP systems of the deep content analysis, audit, control and filtering of all document flow remain the promising systems requiring serious training of the customer and classification of his documents — Maksimilian Prilepsky considers. — They are energy-intensive on time, and implementation usually is beyond the budget. Besides, they not always answer customer expectations. In my opinion, easier and simple solutions in management have where high potential of fast deployment and further effective use for most the organizations".

Analysts consider that the solution should as fast as possible and is transparent to control removable devices and information moved with their help. Besides, it should be applied both on computers of users, and on servers, and even on thin clients or virtual endpoints. At the same time it is desirable that the solution was capable to help to create politicians of control what fast identification of the connected devices should accompany to.

"For example, the solution Ivanti Device Control supports a broad spectrum of different classes and types of the connected devices — Maksimilian Prilepsky lists advantages of such programs. — Numerous functions of careful control are provided in it. This forced and flexible enciphering, restriction of copying of data, filtering as files, access according to the schedule, online and offline modes. And still — the patented technologies of bilateral shadow copying of information which registers or read with CD/DVD disks or other removable mediums. And, of course, it was not without audit of all events".

"Ivanti Device Control completely answers our expectations. We can control the most vulnerable parts of our infrastructure, react actively to any threats and adhere to our standards of security" — Grigory Kashin, the chief of the sector of the software of "Norilsk and Taimyr Energy Company" tells.

Process of deployment of similar solutions promises to be not tightened on terms. It is possible to begin work with it in several hours after the end of installation. It is important to administrator to have an opportunity to quickly connect security policies with information on users and user groups which is stored in Microsoft Windows Active Directory. It considerably simplifies management of access rights to devices in network. By the way, powers which are conferred by such solutions (the same Ivanti Device Control) should not only work both in online, and in offline mode, but also apply different politicians in these modes, giving to client modules authority excellent from each other.

"The product Ivanti provides detailed audit of use of devices. All access attempts to external devices are registered in the magazine, as well as all actions of administrators, including changes of powers. In the latest version of Ivanti Device Control the DLP functionality — search of content in a key word in the Microsoft Office and PDF files with the subsequent blocking of its read or write in case of coincidence is added" — Maksimilian Prilepsky summarizes.

"One of main advantages at deployment of Ivanti Device Control is its function "white list" which guarantees that any device if it is not authorized, will never be used irrespective of the fact how it is connected — Paul Douglas, the head of one of divisions of Barclays imparts experience. — Device Control — really strong and simple product in use therefore Barclays selected this solution".