If you work for a security company you wouldn’t normally leave your laptop and your BlackBerry with a journalist you’ve only just met when you go to fetch coffee. Feeling comfortable doing that says you’re confident in your security. Susan Callahan of Safend isn’t worried about leaving her laptop on a table, in a security tray, or anywhere. If she loses it, it’s just an inconvenience - not a security breach.
You probably know of Safend as a tool for protecting USB ports. That’s a big part of the security story today. Flash memory sticks are everywhere - they’re the new floppy disk that can carry all your information. Walking around the various memory companies at CES we found all shapes and sizes of memory stick, all united by being something that easily fits in a pocket. 1GB devices cost almost nothing, and the latest generation give you up to 64GB of storage. You’ll even find them built into Swiss Army knives.
64GB? That’s more than many laptop hard disks. It’s also more than 13 DVDs-worth of data.
With that amount of low cost storage available to all and sundry, it’s not surprising that businesses are seeing flash drives as a security risk. Two CD-ROMs worth of tax data caused one of the biggest data losses in the UK, so it’s easy to imagine just how much damage a tiny memory stick can do.
So how do you protect your data, when it can easily move onto a keyring?
We spent some time on a hot January afternoon at a Silicon Valley Starbucks with Susan, talking about how businesses can use endpoint security tools to protect their data. Securing USB sticks is just part of their story, as the Safend software lets you control exactly how you can use USB ports. You can set up policies for approved devices, and provide different levels of access for different classes of users. There are also rules for controlling just how DVD and CD writers can work, as well as tools for handling hard disk encryption.
That means that the CEO may get full access, while sales teams will only be able to read data sent to them by clients. Other teams might only be able to share data using encrypted memory sticks that are automatically encrypted as soon as they’re connected to a PC. Managing the rules is easy enough, with a central console and a single policy server that can handle up to 10,000 client devices. You can even set up geographic rules, to handle the differences between EU and US privacy requirements, or provide rules that work on specific file content or sizes. There’s even the option to set up rules based on content – so you could have rules that would allow staff to copy any document that doesn’t contain credit card numbers or any other identity information.
Data loss isn’t just about the network, and the Safend tools also help handle disk encryption (which is why the ThinkPad was safe on the cafe table). Lose a protected laptop and anyone who “acquires” it won’t be able to read the files – let alone copy them onto a CD or a flash disk.
There’s enough regulation out there to make device protection as important as your firewalls – so have you locked down your laptops yet?
–Simon (in Silicon Valley)