Late last year the U.S. Department of Defense banned USB drives and other removable media after after a worm infiltrated military networks. The decision highlights a recent increase in malicious code affecting flash media cards, USB sticks, camera's, iPods and more. The decision should also fire a warning shot across the bow of most IT organizations. How well are you managing IT resources that leave the corporate network?
In 2008, for the first time in history, laptop sales outpaced desktop sales. IDC estimates that locally stored data will soon exceed server-stored data. It is startling to think that today's laptops have the computing capacity and storage capacity of the data center from 20 years ago, yet all information is in the hands of an end user that cannot figure out how to load the paper tray.
While IT organizations have traditionally focused on securing the corporate network, in 2009 the attention will need to shift to securing the IT assets that are leaving the organization. Novell offers an online threat assessment tool to help understand potential vulnerabilities in your organization. An excellent IDC White Paper is also available.
What is the cost of not securing your endpoints? Much depends on your line of business – it could result in lost customers or revenue, compliance issues or damage to your reputation. Consider a recent security breach at a State agency in the Southeast United States where employee and retiree data was copied to USB drive. As part of the remediation process, the State offered “free” credit reports to well over 100,000 people whose identity was compromised. Of course, the credit reports were paid for by the agency.
I would be interested to hear how your organization is securing the data on mobile devices. Is your organization applying the same resources to securing mobile data as it has traditionally applied to securing server data? Or is there a blind spot for security on mobile devices?