
	Home > Ask the Security Experts > Security Management Questions & Answers > Should enterprises ban USBs because the DoD banned them?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Should enterprises ban USBs because the DoD banned them?

EXPERT RESPONSE FROM: David Mortman, featured expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 11 December 2008
The Department of Defense recently banned the use of all USB thumb drives. Do you think this would be a good position to take in all enterprises in which end users regularly interact with highly sensitive data?

BROWSE BY TAG

Security Management, Information Security Policies, Procedures and Guidelines, Information Security Management, Wireless Network Security: Setup and Tools, Handheld and Mobile Device Security Best Practices, Enterprise Network Security, Smartphone and PDA Viruses and Threats, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	How to create configuration management plans to install DLP
	Best practices for log data retention
	Learn security program management strategies to improve IT security
	How to avoid HIPAA Social Security number compliance violations
	Best practices for choosing an information security team new hire
	What Obama's Blackberry means for mobile device security
	IT auditing applications and tools for ISO 27002 certification
	How to choose a general security risk assessment
	How to quantify business risk exposure to malware
	What are the ethical issues when consulting for two competing companies?

Information Security Policies, Procedures and Guidelines

Twitter risks, Facebook threats trouble security pros

Cybersecurity czar candidate questions clout of new position

Incident response planning

The basics of enterprise GRC project management

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

DHS fills National Cybersecurity Center post

New partnerships, creative thinking help security bust recession

Experts optimistic of Obama cybersecurity plan

Handheld and Mobile Device Security Best Practices

How to prevent mobile phone spying

Unified communications: Securing a converged infrastructure

RIM patches serious BlackBerry Attachment Service flaws

How secure are iPhone App Store mobile applications?

Is there a spy on my mobile device?

Mobile phones win during Pwn2Own contest

Latest Apple iPhone features prompt security concerns

Apple iPhone app could boost two-factor

What Obama's Blackberry means for mobile device security

SMS mobile worm attacks Symbian smartphones

Handheld and Mobile Device Security Best Practices Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

defense in depth (SearchSecurity.com)

non-disclosure agreement (SearchSecurity.com)

security policy (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Be careful about using any one organization as the model for designing security in your enterprise, particularly when the organization is government- or military-based. Just because the Department of Defense believes that banning USB drives is a worthwhile security/usability trade-off, that doesn't mean it is an acceptable option for your business. In general, people who work for the government and the military are wiling to put up with more inconvenience in the name of security. But is the average office worker? Not so much.

Before deciding on a mandate, I suggest performing some sort of risk assessment, and then find a workable solution -- one that won't make users want to cover you with tar and feathers. In general, it's a good idea to look at monitoring products, combined with data leak prevention (DLP) technology when appropriate. This is often an ideal strategy because it allows users to perform their day-to-day duties without overtly compromising security. It also provides the necessary monitoring to detect whether data is currently leaking, or has recently leaked out of the enterprise.

Going beyond monitoring to a full DLP suite offers the advantage of being able to notify employees in situations with potential policy violations. For instance, you may have a policy against putting company confidential information on removable media, but allow non-confidential data such as marketing materials to be moved around. As such, this software is useful because it can remind users of policies when they start to copy data and also let them know they are being monitored. This allows users the flexibility to do their jobs well and take an active role in protecting corporate data.

More information:

Learn how to lock down USB devices.
Want to find out how to fight viruses with a USB flash drive? Read this expert response.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy