Full Text

USB flash drives, iPods and other portable storage devices are pervasive in the workplace and a real threat. They can introduce viruses or malicious code to the network and be used to store sensitive corporate information. While IT has responded with policies and audits, the best way to safeguard data taken outside of a managed envrionment is encryption.

If data is encrypted, it cannot be read by an unauthorized user in case of loss or theft. Most removable-media encryption products can be configured to restrict access to devices on an authorized list using the proper encryption software and the correct key. To any other computer the device appears to be unformatted and any data is inaccessible.

The first issue is to control the flow of data leaving the enterprise. A full audit of existing data flows should be conducted to ascertain who is using removable media or portable devices and for what purpose. Once that is ascertained, IT can craft a policy that defines who is permitted to transfer data to removable media and under what circumstances, and ensure the policy is properly implemented.

With that in place IT can turn to the encryption issue, which will involve evaluating the following:

* How will the encryption solution for removable media affect hard disk encryption?

* Will there be compatibility issues with existing encryption software?

* At what level (file or folder) should removable media devices be encrypted?

* Does the...