After being banned in November 2008, it looks likely that USB flash drives are about to be reintroduced to U.S. Defense Department computers and networks.

But there will be very strict controls on their use, to avoid future malware and security issues which caused the DoD to suspend the use of all USB memory sticks, removable storage devices and camera flash cards on all networks after a worm infection.

In a recent blog post, the CIO for the U.S. Navy, Robert Cary said Defense officials are finalising details of the new USB security policy.  Cary said in his blog that the important thing is to ensure that thumb drives used in the future cannot transfer viruses to military computers and networks.

Policies will also include practice such as authorised staff being issued with government-owned and procured secure USB drives, a ban on all personally owned flash media, and upgrades to DoD antivirus and malware detection and procedures.  These are all recommended, sensible controls to ensure network hygiene and reduced risks of data losses.

We often see newsflashes telling us about the latest data breach, caused by a lost thumb drive or stolen laptop.  But what happens after the initial loss?  What are the ramifications and the fall-out?

This article shows what happened after a loss of very sensitive data in August 2008, when an employee of IT contractor PA Consulting lost a USB flash drive with the details of all the UK’s 84,000 prisoners.

The contractor was working for the UK Government’s Home Office and human error led to the stick and the unencrypted data being misplaced.  The employee immediately told supervisors, who then told the UK Ministry of Justice (MoJ) and the Home Office.  Although police were brought in to search the offices and the employee’s home and car for the missing memory stick, it was never found.

The unhappy result was, the contractor lost its contract, and the employee’s and line managers’ jobs were lost too.  Home Office staff are now advised not to use flash drives.  All for a single data loss. 

The fact is, it’s impossible to stop devices getting lost or stolen.  But the risk can be mitigated – and the extensive, unpleasant fall-out stopped – by enforcing encryption on these devices.

We’ve made some key updates to our solution range, and introduced an enhanced version of our CMC management software, which we are featuring at the Infosecurity show in London from 28th – 30th April.

All of our Cruzer Enterprise models now shipping are FIPS certified, offering corporate and government IT departments a valuable tool in securing and managing data.  The drives carry FIPS (Federal Information Processing Standard) 140-2 Level 2 certification for encryption.

The Cruzer Enterprise now comes in two versions: standard, and Cruzer Enterprise with McAfee Malware Protection.  The McAfee version helps protect users from infection with an automatic anti-malware scan prohibiting file transfers to the secure USB drive when it detects infection on a host PC.

Also, CMC version 3.0 is now available, giving more tools for distributing, protecting and recovering critical data.  The CMC agent resides on a company-issued Cruzer Enterprise drive, enabling corporate IT departments to manage the entire drive lifecycle from deployment, central back-up and restore, and central usage tracking to remote termination of lost drives.

If you’re attending Infosecurity, visit us on Stand E26.

Howard County General Hospital USB security Selection

Howard County General Hospital in Columbia, Maryland, has selected SanDisk’s Cruzer® Enterprise secure USB flash drives and Central Management & Control (CMC) server software to protect highly confidential medical and organizational data.

Part of the Johns Hopkins Medicine health care system, Howard County General Hospital (HCGH) is a comprehensive medical center providing services to more than 165,000 people a year, with a staff of 1,700 full-time and part-time employees, as well as more than 800 physicians and other allied health professionals. Read More »

The need for secure storage

In today’s business atmosphere, data needs to be transportable. This need for mobility has a by-product; a host of security endangerments with data seepage topping the list. Enterprises are in the midst of a data leakage epidemic. Since 2005, more than 230 million records have been vanished or stolen, according to the Privacy Rights Clearinghouse; many of them stored on transportable devices such as non secure USB drives.

Read More »