IPods pose security risk for enterprises, Gartner says
- 07 July, 2004 11:59
The iPod may be popular, but also poses such a major security risk for businesses, that enterprises should seriously consider banning the iPod and other portable storage devices, according to a study by research firm Gartner.
The devices, using a Universal Serial Bus (USB) or FireWire (IEEE 1394), present risks to businesses on several fronts: from introducing malicious code into a corporate network, to being used to steal corporate data, the research company said in its report How to Tackle the Threat From Portable Storage Devices.
The report pointed to a variety of devices, including pocket-sized portable FireWire hard drives, such as those from LaCie or Toshiba, or USB hard drives or keychain drives, such as the DiskOnKey from M-Systems Flash Disk Pioneers.
Gartner also named disk-based MP3 players, like Apple's iPod, as a security risk as well as digital cameras with smart media cards, memory sticks and compact flash.
It advised companies to forbid employees and external contractors with direct access to corporate networks from using these privately-owned devices with corporate PCs.
Companies should also consider a "desktop lockdown policy" ,disabling universal plug and play functions after installing desired drivers, to permit the use of only authorised devices.
The report conceded that the devices themselves can be quite useful within corporations, making it unpractical and counterproductive to introduce an outright ban.
Companies should take a multipronged approach to portable storage devices, Gartner said, including using personal firewalls to limit what can be done on USB ports.
The use of products for selectively controlling ports and encrypting data should also be considered, the company said. Additionally, digital rights management technology should also be used by enterprises that want to protect intellectual property, Gartner said.