|
Microsoft Lets You Take Your Desktop With You
By Dan Morrill
Expert Author
Article Date: 2007-05-14
In another move that will make it harder for companies to keep track of their documents and where they go.
Microsoft is teaming up with peripherals manufacturer SanDisk in an effort to develop smart USB devices that will allow users to carry their complete personal computing environment on a device as small as a thumb drive, Microsoft announced Friday. Under the plan, Microsoft will develop software that will let users store their applications and data on small, Flash memory-based devices that connect to their computers' Universal Serial Bus. SanDisk will design and manufacture compatible hardware. Source: Information Week Given that the security of USB devices isn't that great, and that most commercial crypto can be broken fairly easily over the long haul, carrying your personal computing environment on a USB drive raises a number of security issues that security departments need to address.
While companies make software agents or systems that can disable USB devices, many companies that I have consulted with are not aware of the risks that USB devices have become.
Like the early days of floppy disks, various forms of malware travels along with USB drives if the PC they have been used on is infected. As well, two studies have shown that random USB Devices found in parking lots will be picked up by people and inserted into company computing systems, or home systems leading to another social engineering process that could compromise computing assets.
While the idea is good, the inability to enforce corporate computing standards into the household is problematic. Especially since household computers are normally shared in a mixed environment, that the users may or may not have any form of security training or otherwise. The synchronizing of the home computing environment and the work-computing environment will make things difficult for the corporate security department.
As USB drives get larger, hold more information, and have a larger capacity, the mixing of home and work computing environments will pose many challenges for users, and computing systems.
These challenges will be multi-pronged, social challenges, in that USB keys have already proven to be a way to loose data, they are small, easily lost, and easily replaced. Users know that the cost of USB keys is nominal, so there really is not a financial barrier to loosing a key. The mobility of malware from different computing environments is enabled by easy and carefree use of USB keys. As well as the random seeding of malware laden USB tokens in parking lots requiring more training for users.
It will be interesting seeing how corporate security manages this kind of process over time, and it will not be easy to keep USB tokens out of the corporate computing environment. They are just too easy to use.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
|
