How to Secure USB Drives and Other Portable Storage Devices
For all their convenience, misplaced or stolen storage devices often result in the loss of confidential data. To protect against embarrassing, costly and damaging data breaches, take these steps to protect your employees' portable storage devices.
Tue, May 28, 2013
CIO — As individuals and organizations digitize more data, they become more susceptible to major data breaches. Though convenient, inexpensive USB flash memory sticks and other portable storage devices certainly don't help the cause, beacuse workers use them transport databases and other confidential information. On top of the real danger of misused data, major data breaches also cause damaging negative publicity.
It may seem inherently complex, but securing portable storage devices is within reach for small businesses. Here's what organizations can do to secure their data.
Above All, Encrypt Your Data
Before discussing common methods of securing portable storage devices, it's worth highlighting an often-underappreciated advantage of encrypting data on portable storage devices. Specifically, properly encrypted data offers a safety net against potentially embarrassing or damaging data surfacing from storage devices that were discarded or sold off.
Many businesses don't realize how easily deleted files can be retrieved with off-the-shelf recovery software from mechanical storage devices such as hard disk drives (HDD) or USB drives. Reconstituting previously encrypted data, on the other hand, is far more involved, as it that requires the original credentials or even a copy of the decryption key.
An encrypted storage device with a decryption key that's been erased, or one with a good authentication passphrase, offers a good safeguard against malicious data recovery. A thoroughly wiped or physically destroyed storage device remains the most secure defense against data leakage, though.
Windows 7 and 8: BitLocker To Go
For Windows users, BitLocker To Go is the easiest way to encrypt an entire USB portable storage device. This capability, which first appeared with Windows 7, is initialized to at the disk-volume level of a removable storage drive. The drive's unencrypted content is password-protected, and data is automatically encrypted as it's copied over. For convenience, it's possible to enable auto-unlock, which lets a PC to store decrypted data from specific storage drives.
Though BitLocker To Go volumes can be accessed by any versions of Windows 7 and later, you need Windows 7 Enterprise, Windows 7 Ultimate, Windows 8 Pro or Windows 8 Enterprise to initialize BitLocker To Go on storage drives. For Windows XP or Vista platforms, you can install a BitLocker To Go Reader application onto the target storage device during initialization; this app, available as a download, gives users password-protected, read-only access to encrypted data. Note that the reader app only work on storage devices formatted with the exFAT, FAT16 or FAT32 file systems.
Businesses already using the Domain system can set up a policy to enforce mandatory BitLocker protection before data can be copied onto removable drives, for example. Additional controls can cover password complexity or mandate the use of a smart card. Overall, BitLocker To Go is a robust encryption solution that offers a seamless experience for Windows-only organizations.