By Andrew Donoghue, 6 July 2004 09:20
NEWS Companies should consider banning portable storage devices such as Apple's iPod from corporate networks as they can be used to introduce malware or steal corporate data, according to an analyst.
Small portable storage products can bypass perimeter defenses like firewalls and antivirus at the mailserver, and introduce malware such as Trojans or viruses onto company networks, claimed analyst house Gartner in a report issued this week. Analysts have warned for some time of the dangers of using portable devices, but the report points out these also now include "disk-based MP3 players, such as Apple's iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media."
Another potential danger is that the devices - that typically make use of USB and FireWire - could be used to steal large amounts of company data as they are faster to download to than CDs. Also the size of the portable devices means they can be easily misplaced or stolen.
Gartner advises that companies should forbid the use of uncontrolled, privately owned devices with corporate PCs and adopt personal firewalls to limit what can be done on USB ports.
"Businesses must ensure that the right procedures and technologies are adopted to securely manage the use of portable storage devices like USB 'keychain' drives. This will help to limit damage from malicious code, loss of proprietary information or intellectual property, and consequent lawsuits and loss of reputation," the report stated.
Andrew Donoghue writes for ZDNet UK
Comments
There are 15 comments. Join the discussion
1. anonymous
Basically any removable device is the same security threat. Be it a floppy drive, an external HD, a CD-R/RW, a usb keychain drive, or an iPod. Funny how it gets reported as "iPod is the latest security risk for business." Is anyone calling for a ban on these other devices?
2. Gene Wolf
Is this guy for real? Yes, let's ban iPods. They have a large capacity and can be connected to corporate networks via Firewire.
Let's also ban laptops, which many of us take home every night for the same reason because the have an even larger capacity!
How about VPN connections so I can use my iPod, or CD burner, or DVD burner at home after downloading company information to my home computer?
Please! If someone is going to steal corporate information there are many, many other ways of doing it other than a limited iPod or USB device.
While people should be aware that corporate information theft is a real threat, picking out something like the iPod is idiotic and ignores other easier ways of information theft.
3. anonymous
The real story here is that Gartner is getting headlines for this "report." You should be ashamed for indulging in press release reporting.
4. anonymous
1) Any removable device has the same security bypass ability.
2) Why do you single out the iPod? Do you receive kickbacks from Microsoft / DELL / SONY?
3) Anyone can steal information from a compay with a CD, Floppy (forgot about those huh?), MiniDisc, USB Key disc, MemoryStick, Compact Flash, SD, e-mail, and not to mention, just printing it out. ALL TOO EASILY.
I cannot beleive the ignorance of this article singling out the iPod for it's title. Grow up people.
5. anonymous
How about banning people who are security risks? Or, Microsoft products that are inherent security risks?
It's not like you can't email, FTP, use a USB keychain, hell, even drop it on a floppy.
Sometimes you have to wonder the motives of editors who have a slow news day.
6. Chris Sansom
Iets face the facts - any computer running Windoze is a security risk. Not the humble IPod.
7. blegfa
Ban computers! They are all security risks! Ban people from ever coming to or going from the work place — that will work also.
8. anonymous
Let's ban pen and paper whilst we are about it!
Obviously Gartner are so desperate to be noticed that they publish this rubbish. Silicon.com should have more sense than to indulge them. Mockery is all they deserve.
9. Max Rutherford
Jeez - talk about stating the ble*ding obvious.!!
Did the brain at Gartner never use floppy, zip or Syquest media. Could they have been security risks? Just maybe? Doh!
And someone at Gartner is considered an expert analyst for this statement. Unbelievable. Ban iPods - yeh right...ban Gartner spouting rubbish more like.
10. David P
WTF have personal firewalls got to do with preventing access to USB ports?
Does the author have any element of clue at all? Or does he just want to use the words 'iPod' and 'security risk' together to get the headlines?
11. Alan
One hardly knows which part of this story to attack first.
1) The iPod does not let you use its integral hard drive for file transfer (that why I bought a cheaper and more functional iRiver IHP40 instead).
2) If this kind of paranoia is the new garbage that Gartner and the other con-artist research orgs are now peddling, they'd be better starting with looknig at CD and DVD recordables.
3) If Silicon's journos want to generate some actual useful news (rather than just regurgitating this kind of proly-feed) they should do some research into the track record for accuracy of the IDCs, Gartners etc of the world over - say - the last ten years or so. Now THAT would be a story!
12. anonymous
The difference in the ipod as a security risk is the number of people who have the means to steal data or upload a virus. A lot of people have ipods and use them at work, which increases the overall risk. In addition most companies who have sensitive data do try and disable most of the devices that have been mentioned above. Its not signalling out IPOD, its simply highlighting an additional risk.
13. Mickael Behn
First off Alan your wrong you can use the harddisk in the ipod as a storage unit on Macs and PC's. The problem with this story is that you need to install drivers to get the iPod ( on Windows )to do that and run iTunes, so first off dont allow Users to install the drivers or applications for that matter and its not a secutiry risk.
what is a risk !?!
USB dongle styled storage units, the drivers are in the OS (windows and Mac) and anyone can use them, they are small so not as visible when in use.
The security iPod headline is only for grabbing headlines. He is a fool of the Highest IT order.
14. Russell Henley
First off, as a pure security risk any portable storage media is a quantifiable risk.
Some of the earliest viruses got around by assuming people left floppy disks in the their computer and switched them on.
If you want to ensure your company is totally watertight against viruses (which is something you SHOULD be doing!), then any risk is unacceptable. Some moron that pulls files down off Kazaa or any other P2P share and stores them on their USB device (be it a camera, USB Drive or an iPod) and brings it into the office is a risk. Not a big risk, but a risk nonetheless.
IT departments restrict people installing software, using CD-RW's or even having floppy drives (we don't install them as standard anymore). So why not go the extra step?
As far as taking data home, sure if you have a laptop it's dead easy. But if you are in a competitive market then an iPOD can carry a significant amount of data out *very quickly*. It's the discretion and speed that is the issue - taking an equivalent amount of paper files out would require a bloody transit van!
Admittedly you can now pick up terrabit USB drives for not very much more than an iPOD, which poses an even greater risk.
Another factor not considered so far is the employees time. You (as an employer) are paying this person to work. And yet they have an iPOD plugged into their machine, obviously using your network bandwidth and resources as well as their own time to download/copy/listen to music.
Just think of the implications of that - not just the fact that your corporate network could be used for illegal filesharing (it's so easy to copy an MP3 onto your corporate network share for a work colleague), but also the waste of company time doing so. I'm sure your legal department would have an instant hernia at the thought.
15. anonymous
Wait for the silver lining, folks: His use of the iPod in this (admittedly moronic) warning isn't an attack on our beloved gizmo, but a re-affirmation of it's primacy in the market.
Even the masses know what an iPod is, although some couldn't identify it as an mp3 player, or know that it contains a hard drive.