SanDisk warns of USB drive threat

SanDisk has warned that IT managers are unaware of the extent to which unsecured flash drives are being brought into their organizations, backing this with a new study of corporate end-users and IT executives.

The study found that 77 percent corporate end-users surveyed have admitted to using personal flash drives for work-related purposes. However, when asked to estimate what percentage of the workforce uses personal flash drives, corporate IT respondents said only 35 percent.

Users meanwhile admitted that data files most likely to be copied to a personal flash drives includes customer records (25 percent), financial information (17 percent), business plans (15 percent), employee records (13 percent), marketing plans (13 percent), intellectual property (6 percent), and source code (6 percent).

The survey highlights that due to the highly portable nature of USB flash drives, they represent a significant risk of data loss for enterprises. Approximately one in ten (12 percent) of corporate end-users reported finding a flash drive in a public place. Additionally, when asked to pick the three most likely actions they would take if they found a flash drive in a public place, 55 percent indicated they would view the data.

SanDisk meanwhile hopes to give IT managers a fighting chance of controlling the usage of flash drives in organizations, and earlier this week unveiled a new version of its CMC (Central Management & Control) software used to manage its Cruzer Enterprise USB flash drives.

The SanDisk Cruzer Enterprise flash drive comes in 1GB, 2GB, 4GB, and 8GB storage capacities.

Version 3.0 of the CMC software is designed to give IT managers an easier way to manage the lifecycle of Cruzer Enterprise USB flash drives, including deployment throughout the organization, password recovery and renewal through the network, central backup and restore, central usage tracking, and remote termination of lost drives.

"CMC is at the center of SanDisk's mission to make flash memory the preferred solution for authentication, workspace virtualization, and end-point security," said Etti Berger, product marketing manager for CMC in SanDisk's Enterprise Division.

Specifically, CMC 3.0 allows IT managers to rapidly introduce new applications through the network, without users having to initiate an installation process or having to bring their drives to the IT department. It also keeps track of application and seat licenses on Cruzer Enterprise drives.

In addition, CMC 3.0 allows for Cruzer Enterprise drives to be remotely configured from any corporate PC without requiring pre-installation of a software agent. SanDisk says this reduces the time and effort needed to add new drives, especially in large organizations with multiple locations and many remote workers.

IT managers can also create pre-defined reports on user activity, giving the IT department new tools for uncovering violations of the organization's data security policies, and for providing confirmation of regulatory compliance through an enhanced audit trail.

Finally, CMC 3.0 features improved password policy control, and passwords can now be set to expire after a number of days selected by the IT department. It can also synchronize with Active Directory password policies.

SanDisk said that CMC 3.0 is expected to be available in the third quarter, with pricing provided on request to enterprise clients.

SanDisk also revealed that Cruzer Enterprise drives also now have the ability to deploy, store, and use RSA SecurID software tokens from RSA. This gives end-users a single device for secure data storage and two-factor authentication, an alternative to carrying both a flash drive and a separate hardware authenticator.

Techworld is an InfoWorld affiliate.