Following the news that IBM have banned its workers from using USB Sticks and removable media, Jon Fielding, Managing Director at EMEA Apricorn commented below.
Jon Fielding, Managing Director at EMEA Apricorn:
“This would appear to be an extreme reaction from IBM and they themselves admit it is “restrictive”. They site 2 reasons for the decision; loss and misuse, and the valid concern that either could result in “financial and reputational” damage. The first concern is addressed by providing corporately approved, hardware encrypted devices to employees that have a valid business justification for their use. IBM, or any company for that matter, should then enforce this policy by locking down all corporate USB ports to only accept the corporately approved device. Once implemented, they can be confident that any data crossing the USB is encrypted in hardware and, if the device is lost, is unavailable to anyone other than those authorised.
The second reason – misuse, plays to the concern of employees with bad intention. Banning USBs doesn’t solve this problem as there are many different vectors a determined bad actor can leverage; this would be more about hiring policy and employee validation.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.