Tuesday, January 22, 2008

Late thoughts from CES - data leakage via gumdrops

A friend of mine just returned from the Consumer Electronics Show, where he saw NBC giving away 2GB flash drives at its booth in return for a badge swipe!

I remember when flash drives first came out: 8 or 16MB cost more than $100, and people gladly paid it. The price point has hockey-sticked downward, and with it, demand for more and more storage that fits in your pocket has skyrocketed. To me, however, there’s a more important focus: when 2GB flash drives are being tossed around like gumdrops, it means that the means of preventing access to files have to be rethought. And I’m not just thinking of flash drives.

The cat-and-mouse game that infosec pros have played with the bad guys has now extended to the good guys as well. It’s not a matter of them trying to do something wrong, per se...it’s all a matter of convenience to the people inside an organization. If you gum up their USB ports to prevent the use of thumb drives, they’ll will use Gmail...or Hotmail. And if you block those sites, they’ll use another site you don't even know about until too late. (Has anyone seen YouSendIt.com?)

No, files leaving the cozy confines of the company cannot be totally controlled. However, if the files were protected, we may have a chance. Makes me believe that a data-centric approach to protection of information is an absolute must.... And through a combination of encryption, access control and retention. So that the information stays protected, even if there are more ways and means than ever before to gain access to the files.

Now, if anyone can figure out a way to load (or "leak") one of those 150” diagonal plasma screen TVs my friend saw at CES onto that 2GB flash drive, let me know. :)

1 comment:

ann said...

I am so in agreement that it is counter protection and productive to lock-down the USB interface of a machine. From the group of friends and colleagues I have, there must be more than two USB flash drives per person, and everyday, someone is looking for a missing USB drive. It is important to have a easy and transparent way to make sure the important data (those you will care if you lose) go on to the USB drive protected (encrypted and not able to be copied by others is possible). That was why a product called, Personal Fortress ( by Fortressware: www.fortressw.com) is intriguing. They provide you an area on your disk to prepare those particular important files. You continue using the exact same tools, MS Office suite, e.g. But everything you stored in that area (they call it a secure virtual drive), are encrypted and it anti-replication by everyone else but you. When you are ready to copy the content to a USB drive, you just drag and drop the capsule they create off this area. And you are all set to take the drive and use it the next time when you want to use it again. Check it out, they are running a free Beta.