Removable Media Meets the Whitelist

Kachina Dunn spoke with Dennis Szerszen, vice president for marketing and corporate strategy at SecureWave.


Dunn: Can you address the two main problems with removable media: malware coming in and sensitive data going out?
Szerszen: There are two precise problems that are bringing people to us. Sanctuary, our product line, deals with both. It's malware coming in, and there are a variety of ways malware can come into the company. And it's data leakage, or sensitive information leaving the province of the enterprise. It's not just data walking out of the enterprise, it's walking out without either the enterprise knowing that it left or being able to somehow control and audit the fact that it's left. It's a slight twist, but there are actually two problems there with data leakage.

The problem has been predominantly driven by what you understand clearly to be the proliferation of removable media devices. Those are not just memory sticks, the little fobs that we can now carry with us, it's also MP3 players, iPods, the fact that almost every printer these days has a provision so you can stick a flash card in it so you can print straight from the card. Almost every device that you can walk around with and plug into your PC probably has some sort of removable media that you can literally exploit to either move information into the enterprise or move data out. Now, truthfully, this problem has existed since the days of the floppy. Remember 5 -inch floppies? In truth, the problem has existed since then, but why is the problem so severe now? It's the fact that the types of removable media these days are so ubiquitous, so cheap to own. I can go to Best Buy right now and pick up a 64 MB stick for 2 or 3 dollars. And I can get a half a gig stick for less than 35 bucks. And look at where the trend is going. I know some of our partners, hardware vendors, are rolling out four and eight gig sticks that'll be available within the next few years. And it's just commoditizing everything. The fact that these sticks are there is incentive for some of these large enterprises to do power buys. Rather than just provisioning their end users with PCs and cell phones, they're also provisioning them with other removable media that, by the way, also comes with encryption on board. But the problem still exists. ...

Hardware vendors are coming to us now. ...They would like to sell to enterprises. They started in the consumer market, they're coming into the business area. Their big barrier to entry is that there is a total lack of controls over these type of devices. And control is two things. It's not only enforcing the behaviors that you want to have happen. In other words, if you want people to read and write with encrypted technologies, or prevent reading out, or prevent reading in, or whatever, you need a mechanism like Sanctuary Device Control to do that. We're forming a technology partner program that allows us to not only assure that things behave like they're supposed to but also start doing some development beyond what a typical USB stick can do with or without a device control program like ours in place.


Dunn: So people are looking toward a whitelisting approach because it's just not feasible to glue the port shut, etc.?
Szerszen: That does happen in the government sometimes. We've seen folks do things like literally epoxy the ports shut. We know that some vendors are trying to buy machines without any type of media port. And that's kind of hard to do. Especially since you can just crack the box open and add the ports yourself. So that brings me into the design of what Sanctuary's all about. We had a few design fundamentals that we wanted to put in place. All of our solutions, both the application and device control solutions, use a whitelisting approach. We believe it's far easier to identify the good things you want people to use and to identify the appropriate behaviors and then disregard the rest.


The other is that you can't impose a device or app control regime on your enterprise end users and expect them to like it unless you are very accommodating. You have to have granular enough policies to let them do some things that they want to do. Then forbid the bad behaviors that you don't want If you don't have flexibility, you're going to have rebellion. And not only should you be flexible about behaviors that you allow, but you should also keep track of everything that happens. What I mean by that is, if I allow you to move data onto a memory stick, I'm going to keep track of the filenames, when you did it and the fact that you're associated with that behavior. I now have provenance. I can prove what happened, I can audit that behavior anytime I want to. To some of our customers, that is probably more important than the enforcement of the policy.


Dunn: How do you see this larger trend of portable, powerful media playing out?
Szerszen: One of the things that we're seeing is that it's not just the ubiquity of these devices; it's the fact that this is truly a collision between our consumer selves and our professional lives in the enterprise. One of the clash points is technology. There are all sorts of behaviors that are potentially increasing risk levels in enterprises, beyond a point where it's not just uncomfortable, it's not acceptable at all. The problem's not going to be getting easier. It's probably going to get a lot more difficult. We can predict that the endpoint might not be a desktop PC in the future. That might go the way of the typewriter. It might become a device that is highly portable, very personally oriented. We see all sorts of form factors for new thin clients coming out. Processing power is becoming far more portable and far more transportable. One of those trends that we think is going to be very likely is where maybe the processing power and displaying the keyboard becomes static. Maybe what walks around with you is the data, the apps and the identity. All those things can be easily carried today on one of these pieces of media. It might be that these aren't USB devices. Maybe it's an RFID-type device that you wear around your neck. It might have everything we just talked about right there. All you do is sit down in front of a screen with a keyboard and start typing. That type of scenario is highly likely, because we've already moved a lot of data onto these things. We see large enterprises moving toward where they want people to maintain their data on these devices as well. And we're starting to see where some of these sticks are always married with data space and with identity credentials. The reality is that risk has increased exponentially because it's far easier to move data in and out of the enterprise. Consequently, it's far easier to bring threats in and out as well.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data