<div class='os_post_top_link'><a href='http://www.theinquirer.net/?article=23350' target='_blank'>http://www.theinquirer.net/?article=23350</a><br /><br /></div><i>"It's been dubbed the 'Mobile Manager' but PalmOne's latest mobile beastie, the LifeDrive, is set to land network managers with one of their worst nightmares. A device which is designed to suck data out of any decent Windows machine. Not only does the PalmOne LifeDrive boast a 4 GB hard drive but its software is deliberately designed to sync with a PC. Copy the entire contents of your my Documents folder is dead simple. As is syncing your emails with a Microsoft Exchange server. The INQ's heard of some firms banning iPods for similar reasons but the LifeDrive takes this threat to a new height."</i><br /><br />The security threat posed by mobile devices is nothing new, while the proliferation of portable players with a plethora of storage means that the threat going to get much, much worse. I know a lot of folks who routinely carry around 1Gb personal USB memory sticks, have 512Mb MiniSD cards in their phones and who also bring 40Gb MP3 players to work. That's a lot of potential routes for data to escape from companies and I haven't even mentioned embedded cameras ;-). So is it time for firms to start routinely locking down USB &amp; Firewire ports etc. for most employees, should they draconianly ban all mobile storage devices or is there another better way? What are your thoughts on the conflicting demands of security versus freedom and flexibility in the workplace?

If users are intent on data copying, there is nothing a sys admin can do to stop a dedicated thief. Now as far as casual copying goes, I don't think it would be a bad idea to have USB ports locked down and the user being required to be 'educated' on proper use of memory sticks, devices with built in memory, etc.. to avoid problems.

And by educated I mean informed an perhaps required to sign a contract. I don't mean educated as in: :snipersmile: :bangin: or :pukeface2: . I mean friendly educated, perhaps over a cold one and contract... :beer:

OT: I just realized that the total capacity of my (seven year old) primary PC is just under 8GB, with 4.5GB used, not counting the 3.5GB of SD cards I have. My C: drive is 1.85GB. The LifeDrive (rather hippy-sounding name imo) has 4GB of storage built-in. Maybe it's time to upgrade. :oops:

Well, to that end, the company I work for has banned all PDA's &amp; Smartphones from the office. 15,000 employees all had their PDA's banned.
There were only about 1,000 pda's in the company, but still.

It stinks not having a PDA...bye bye Axim x50v. I've missed you, as the ban took effect 3/1/05, and haven't carried a PDA since. Almost 6 years with PDA's...and I'm lost without one. Probably going to pick one up as I'm so dependent on them now.

Yeah, they are a security issue. The main problem was with e-mail's as they can contain customers personal info...so I think it was the right move. Supposedly, they're working on a solution that would only allow syncing Calendar &amp; Contacts as those aren't as critical. Everything else would be disabled.

Well, to that end, the company I work for has banned all PDA's &amp; Smartphones from the office. 15,000 employees all had their PDA's banned.


Well now if they would ban; all meetings (won't remember when they are anyway, things to do or remember (I am a helpless puppy without my task list), notes and memos (I can't memorize everything I read) and email, voice mail, IM, etc. and supply me with a PHA (Personal Human Assistant) maybe I can actually be able to get something done.

Maybe the company should focus more time on not giving their employees any reason to be devious or careless with confidential information.

my job bans PDAs sometimes. the problem is that they don't warn us, you just come in one day and security says "you can't bring that in here". i don't drive to work, so when that happens, i usually call my boss from the front desk, tell him i can't bring my PDA in, and then go back home. then i leave it home for a couple of weeks, and all of a sudden, it's ok to bring them in again.

my job has other stupid rules as well, but if i give any more away, i risk the dreaded NDA :)

What a dumb concern. If you ban lifedrives/ipods/PPCs/USB flashdisks but continue to allow laptops in your company, which is the bigger threat to security?????

LouisB

You can always email sensitive information out of the office in various shapes or forms. Innumerable other ways to compromise a company existed before USB devices (iPods/PDAs/Memory Sticks) were around.

Goodness, you could even write a letter to someone with company secrets in it.

But clearly anyone with a PDA, Smartphone or iPod will be led into temptation and must be protected for their own good. Madness.

The worst problem at my school is people boot Linux from their flash drives, grabbing the network password hashes and then cracking them. We thought all we had to do was ban booting from flash drives but now they are running Linux once they have logged on as a windows process and grabbing the hashes. Arghhhhh :twisted:

I work on projects for the Navy. My last job had me working in a Navy owned facility where cell phones were banned and I had to get a property pass for my Pocket PC and laptop.

I now work in a field office in the same community for another company on the same project. For now my Axim x30 is safe, as is my cell phone. However, I sometimes have to run to other sites, many of which are owned by a competitor, and there's no telling from one to the next where I can bring either my PPC or cell. A lot of people I work with have no idea what to do when their cell phones get outdated because it's next to impossible to get one without a camera or recording device built in, and banning them is right around the corner. We were once working on a project that embeded a Word document in an Adobe file for recording, so people could take it on a Tablet PC, but the Navy won't allow tablet PCs so that project got scrapped and they get to use paper printouts like they have all along.

Technology is both a blessing and a curse. It makes our lives easier, so long as we're allowed to have it.

Don't make me go back to buying Franklin Planner refills!

We all know that eventually the technology we have today will be generally accepted in secure areas. The overriding question is how do we get there securely. From a security standpoint it is quite easy to control the flow of paper documents within an office - they can have secured copiers, disconnect from email, and physically watch for any misapproriated "secrets".

The solution is to be able to do the same thing with "electronics". We all know there are already hardware and software solutions that enable administrators to log all keystrokes performed on a PC, perhaps these soluitons need to be expanded to record ALL activity - drives connected, files copied, etc in such a way that it will be easy to monitor who is accessing what information and what they are doing with it. That way before we leave the building with our technology it will be easy for a security officer to quickly review what we did and verify that classified information isn't leaving with us.

On the flip side, I often think that many of the anti-technology security measures are more window-dressing than anything else. It's been proven that if an unscrupulous person wants to steal information they have access to, they will. In most cases the banning of our "tools" is nothing more than a security officer demonstrating that they are doing "something" to control these things rather than addressing the real issue - technology doesn't steal secrets - people do.

my job bans PDAs sometimes. the problem is that they don't warn us, you just come in one day and security says "you can't bring that in here". i don't drive to work, so when that happens, i usually call my boss from the front desk, tell him i can't bring my PDA in, and then go back home. then i leave it home for a couple of weeks, and all of a sudden, it's ok to bring them in again.

my job has other stupid rules as well, but if i give any more away, i risk the dreaded NDA :)

I'm just curious - how do they tell you have a PDA on you? I'm assuming you don't blatently walk in with it, its probably in a pocket or briefcase. If briefcases are searched, why not just slip it in a pocket that can't be patted down?

I guess I'm just one of those people who like to defy authority. After all, what's the worst that can happen: They kick you out and you come back later with/without it. I don't believe it would be legal for them to confiscate it permanently.

Anyone know the legal side to this, or is it just corporate rent-a-cops that like to feel self-important? (Obviously working for the government would be a bit different, but for companies not involved in government work, is there really any legal right they have to confiscating property?)

I guess I'm just one of those people who like to defy authority. After all, what's the worst that can happen: They kick you out and you come back later with/without it. I don't believe it would be legal for them to confiscate it permanently.

I'm thinking the worst that could happen is that he could get fired and lose his job. To me, that would be much worse than having a $400.00 PDA confiscated.

I've always lived by a saying, I'll share with you all now. "If I'm going to get fired, it's not going to be on a technicality. I'll give them a real reason to fire me." :lol:

What a dumb concern. If you ban lifedrives/ipods/PPCs/USB flashdisks but continue to allow laptops in your company, which is the bigger threat to security?????

LouisB

Well, think of it this way. Laptops can be secured to a point that if they are stolen, there's no way for a thief to get to the data. Our laptops have Safeboot installed, and the HD's are fully encrypted...so if it is stolen, no data can be recovered.

PDA's store a lot of the same info, and yes can be secured as well. However, they aren't deployed by the corporation and therefore they cannot as easily enforce their security requirements on them. Plus, they're small, rarely have a password on them, and if stolen or lost, a thief has immediate access to all kinds of personal info through e-mails.

As a customer, would you really want your SSN floating all over God's creation because your bank didn't protect your data by not allowing e-mail syncing? Would you say, well its ok, because it was stored on a PDA that was stolen?

I do agree with their decision as its supposedly temporary until a more secure solution is found.

I guess I'm just one of those people who like to defy authority. After all, what's the worst that can happen: They kick you out and you come back later with/without it. I don't believe it would be legal for them to confiscate it permanently.

I'm thinking the worst that could happen is that he could get fired and lose his job. To me, that would be much worse than having a $400.00 PDA confiscated.

I've always lived by a saying, I'll share with you all now. "If I'm going to get fired, it's not going to be on a technicality. I'll give them a real reason to fire me." :lol:

I think I could feel good about saying $#*# to a security guard and getting fired over it. But then again, this is why I'm not in the mainstream job market.