Could inappropriate use of a USB stick be bad for your health?
Earlier this week I attended an event by PR firm Bite Communications that demonstrated various gadgets and future technologies.
Among the new laptops, audio/visual home entertainment systems and Dyson vacuums were several USB sticks. Now call them USBs, flash drives or memory sticks, the fact is that in most jobs these days they are becoming more and more popular as a method of transportation of data and as a result, are getting bigger and bigger.
On the same day as the PlayBite event I met with Becrypt, whose various technologies are based around the USB stick. There I met with technology officer Marc Hocking, who claimed that there is a problem with modern technologies that people use that are being re-badged as security products.
Speaking about the USB stick, he claimed that he had seen capacities of up to 128GB and admitted that he was a fan of them, but they do offer a ‘false sense of security'.
Hocking said: “It comes down to a false sense of security, saying we should be doing encryption by default and saying it needs to be the responsibility of the hardware. It is about hardware vs. software encryption, these are the same levels of evaluation.
“Is it always encrypted though? People are forgetting where they access encryption from whilst the stress to plug it in and remember a password is the source of the problem of data leakage.
“That is what happened with PA Consulting, they had the data on an encrypted stick and transferred to an unencrypted media, in this case (their CONNECT Protect product) the only way to gain access is by login but you have still protected the product and at the endpoint.”
He further claimed that the reason for data leakage is a lack of control, and this is an area that is starting to be addressed.
“I am all for encryption, but it needs to be more and that is not what is being done. While organisations are not grappling with it, the problem moves to the next level, as devices get bigger and bigger and hold more stuff losing data can be a greater impact. You have got to have a wrap around it,” said Hocking.
According to SanDisk's CEO Eli Harari, flash memory capacity growth has exceeded Moore's Law in recent years.
SanDisk Enterprise's head of sales EMEA Jason Holloway, believed that it is true that as the capacity of removable media increases, people are more likely to use them, and more likely to put potentially sensitive data on them.
Holloway said: “There will always be strong demand for unencrypted data storage due to the cost/price advantage of the simpler technology. But demand is strengthening for hardware-encrypted USB drives as organisations, and savvy consumers, better recognise and manage the potential risks.
“However the secure drives should also offer secure centralised management of the encryption systems as well as data recovery, otherwise organisations are asking for trouble in terms of controlling data usage.”
Holloway further claimed that organisations that it is working with are taking great care in educating users on the associated risks, to the extent of having USB ‘amnesties', in which all unauthorised or personal USB drives are withdrawn from use, and users issued with a secure, encrypted drive.
Another commentator on USB stick capacity was Anders Pettersson, chief security officer at BlockMaster, who claimed that the company was currently offering up to 64GB and would shortly be moving up to 128GB.
So the first thing I asked him was is there any limit to the size capacity that could be achieved with a USB stick? He admitted that the main limitation was in the physical size of the chip to hold the memory data, also a layered device could go bigger, and differs slightly from storage perspective.
The company announced the launch of the SafeStick SuperSonic earlier this year, which Pettersson described as the fastest in the industry and that it is impossible to get a viral infection as it features malware prevention.
So could we be at a stage soon where anti-virus is hosted on a USB stick? Pettersson claimed that this was ‘not likely as it is not the right fit'. The SafeStick features a whitelisting approach, so when files go on they are by approval. “This is a big difference to having anti-virus on the device,” said Pettersson.
“Many organisations are using USB devices but we are analogue beings in a digital world and USB is changing that. When you are burning a CD it can be slow and the CD can be damaged, the USB is hard to get wrong and ready to go but this allows us to take work home. We will see an increase in the management of devices and we will see the benefit.”
USB sticks are becoming ever present in my world, and with the exhibitions about to begin after a summer break over the next few months, I am likely to see a new bagful of devices coming back to the office with me. These will be in different shapes and capacities, but I am willing to bet that many will not come with a level of security or instruction.
While I realise that the appeal of the USB stick lies in its ease of use and transfer, and they are an ideal platform for the modern computer user, perhaps it is time they came with cigarette-style warnings – ‘Use of a USB could damage your information'.