Gartner: iPods, other small storage devices pose security risk

IDG News Service - The iPod may be popular, but it also poses such a major security risk for businesses that enterprises should seriously consider banning it and other portable storage devices, according to a study by research firm Gartner Inc.
The devices, using a Universal Serial Bus (USB) or FireWire (IEEE 1394), are risky because they could be used to introduce malicious code into a corporate network or steal corporate data, the Stamford, Conn.-based research company said in its report, "How to Tackle the Threat From Portable Storage Devices."
The report, published Friday, pointed to a variety of devices, including pocket-size portable FireWire hard drives like those from LaCie Group SA or Toshiba Corp., or USB hard drives or key-chain drives such as the DiskOnKey from M-Systems Flash Disk Pioneers Ltd. Gartner also named disk-based MP3 players, like Apple Computer Inc.'s iPod, as a security risk, as well as digital cameras with smart media cards, memory sticks and compact flash.
Gartner advised companies to forbid employees and external contractors who have direct access to corporate networks from using these privately owned devices with corporate PCs. Companies should also consider a "desktop lockdown policy," disabling universal plug-and-play functions after installing desired drivers, to permit the use of only authorized devices.
The report conceded that the devices themselves can be quite useful within corporations, making it "unpractical and counterproductive" to introduce an outright ban.
Companies should take a multipronged approach to portable storage devices, Gartner said, including using personal firewalls to limit what can be done on USB ports. The use of products for selectively controlling ports and encrypting data should also be considered, the company said.
In addition, digital rights management technology should be used by enterprises that want to protect intellectual property, Gartner said.