<div class='os_post_top_link'><a href='http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html' target='_blank'>http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html</a><br /><br /></div><i>"The iPod may be popular, but also poses such a major security risk for businesses, that enterprises should seriously consider banning the iPod and other portable storage devices, according to a study by research firm Gartner Inc. The devices, using a Universal Serial Bus (USB) or FireWire (IEEE 1394), present risks to businesses on several fronts: from introducing malicious code into a corporate network, to being used to steal corporate data, the Stamford, Connecticut-based research company said in its report "How to Tackle the Threat From Portable Storage Devices," published Friday."</i><br /><br />As crazy as this may sound to some people, it actually makes a great deal of sense. The iPod is, after all, a portable hard drive. Lifting secure data off a client PC or workstation would be all too simple for any would be thief, without anyone knowing. This wouldn't be the first time a popular type of gadget was banned from the enterprise. Cell phones with built-in cameras are also a taboo in many work places as well. <br /><br />Corporate espionage is a serious business. Companies have to cover their uh...assets.

Its just crazy. Are they going to ban Pocket PCs or Palms? I can have lots of storage in a Pocket PC (with enough money to buy CF or SD cards.) What about USB keys. I work in a group that does software consulting, and USB keys are a necessity when on site with a client (change some code, recompile, provide to client to test, repeat as necessary.)

I see their argument, but there are lots of other ways to get data out of a company besides personal music players.

or perhaps the it department could disable all usb and firewire ports on PCs. naaah....way more easy to tell people leave their crap at home!

I see their argument, but there are lots of other ways to get data out of a company besides personal music players.

Amen to that.

There's nothing stopping you from using ANY portable media to take stuff off of work comps.

Get real, people.

Hey the iPod is known by everyone. What use would there be in Gartner telling people that the iRiver players do the same thing. Most of America knows what an iPod is. They could have just as easy, said HD based mp3 players, but they didn't.

This kind of headline grab stuff is just so we'll talk about them and remember that "Gartner Research helps you stay ahead, no matter what challenges you face". :roll:

In the same way, floppy drives posed a security risk too. I think it is paranoid. If someone wants to get data in or out they will find a way. A good security model is one that can control access (and information) from the desktop to the gateway.

Most companies are aware that security is no longer a case of what is behind the firewall vs. what is out in the open. I don't think this is anything new for security IT people...

or perhaps the it department could disable all usb and firewire ports on PCs. naaah....way more easy to tell people leave their crap at home!
Actually, in a discussion of security and digital cameras, one user at Pocket PC Thoughts did say that his company (or government facility) did disable USB ports on his computer.

Of course, they probably had a really pressing need to do so. Disabling USB ports on all computers in general would make it much harder for the IT department to upgrade a computer. A simple policy relying on trust is a lot less work (and, of course, also easier to violate).

Steve

Its just crazy. Are they going to ban Pocket PCs or Palms? I can have lots of storage in a Pocket PC (with enough money to buy CF or SD cards.) What about USB keys. I work in a group that does software consulting, and USB keys are a necessity when on site with a client (change some code, recompile, provide to client to test, repeat as necessary.)

I see their argument, but there are lots of other ways to get data out of a company besides personal music players.
What you say is certainly true, but there is one big difference -- flash-based memory solutions are much smaller. A disk-based player could have a computer's entire drive dumped to it; flash-based devices would likely only be able to have some documents saved.

Granted flash-based solutions are big enough to hold a lot of sensitive information, so maybe that will be the next battleground (after cameras and music players). :-(

Steve