Manage Learn to apply best practices and optimize your operations.

Encryption and password protection methods for removable storage devices

In this Ask the Expert Q&A our platform security expert explains how to use encryption and passwords to secure removable storage devices.

In light of the plethora of removable storage devices, such as flash drives, etc., what do you recommend for reducing the possibility of data being accessed by the "wrong people?" Also, what are the best methods and practices for encryption and password protection for these devices?
The proliferation of removable, high-capacity storage devices and fast data connections, such as USB and FireWire ports, make controlling data transfer at the desktop a major security issue. The threat of uncontrolled portable media devices is of particular concern because they can be used to remove confidential files from the network, bypass security systems and introduce malicious software.

As always, layered security is the best way to protect your data, and at the heart of your defenses has to be strong authentication and access control lists so you know who has access to what data. When using Windows, this requires that all data be stored on NTFS drives, which also allows you to encrypt sensitive data. With regard to your PCs, keep their cases locked and maintain control over physical access to them. They should all have the BIOS set to only boot from the hard drive to prevent users from booting them to an operating system stored on a portable device. The BIOS should also be password protected. You can use the Windows device manager to disable unwanted ports, such as FireWire or Bluetooth, to prevent their misuse. Your security policy should cover and restrict the use of privately owned devices within your organization, and where portable devices are allowed, the policy should state the need for passwords and encryption of any stored data.

If you are managing this problem at a large organization, you might want to look at DeviceLock. This allows administrators to lock out unauthorized users from USB and FireWire devices, WiFi and Bluetooth adapters, and CD-Rom and floppy drives. It can also control access to devices, depending on the time of day and day of the week. More information is available at http://www.protect-me.com/dl/.

Regarding encryption and password protection for removable storage, there are several products available. If you do need to share sensitive information using removable media and don't want to force recipients to have to install special software onto their PC in order to access the data, you could use something like encryptX SecurDataStor (http://www.encryptx.com/products/securdatastor.asp).

This was last published in September 2005

Dig Deeper on Disk and file encryption tools

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.