USB security tokens offer an additional layer of protection that can help guard your network against unauthorized access. Though they might not be the right solution for every organization and user, the results of our recent survey show that many of our members consider these devices as viable options for certain groups of individuals and for particular uses.
Although most who responded felt that specific users would benefit most from using USB security tokens, a surprisingly high number thought that all end users should have them and that they should be used to support both desktops and laptops. The results are a clear indication that USB security tokens have a place in the enterprise as a means of securing network access. After reading the results, let us know your opinion about using USB security tokens.
How many USB-based security keys will you need?
As responses to this question show, most people seemed to favor the use of USB security tokens by a select group of individuals in their organizations. Notice, however, that many (20 percent, to be exact) supported USB use by more than 100 employees (see Figure A).
Similar results are reflected in responses on user population percentages. Only a small number of those responding felt that very few users (three percent)—or possibly none—in their organizations actually need a USB security token (Figure B).
Again, most considered USB security tokens applicable to particular groups in their organizations, but 13 percent felt that USBs are needed by 76 to 100 percent of their users. Respondents obviously see a need for this kind of security solution in some applications.
Exactly who needs a USB-based security key?
As Figure C shows, our survey respondents indicated that the two biggest groups who could benefit from USB security tokens are those who handle sensitive data and those who travel frequently and use laptops.
There often exists, however, a significant disconnect between the individuals the IT department believes "should have" a particular technology and those who "actually receive" that technology (i.e., the executive assistant with the 19" LCD). To find out if our members thought such factors would influence the purchase of USB security tokens, we rephrased our question slightly to focus on the individuals who respondents thought would actually receive tokens bought by the IT department.
Interestingly, the results shown in Figure D are nearly identical to those in Figure C. Respondents again indicated that those users who handle sensitive data or travel with laptops would be most likely to be given a USB token. So it seems as if our respondents believe those who need USB security tokens would actually receive them.
What would you use a USB-based security key for?
The majority of members who responded see USB tokens as authentication devices that could become useful alternatives to the standard user ID and password logon system (see Figure E).
The security of user passwords is increasingly being questioned, and USB tokens offer a means of improving on the flaws and weaknesses of such passwords. The token represents a physical means of preventing unauthorized access to the network—something that can’t be cracked like a password can.
Many respondents also felt that USB tokens would likely be used to encrypt data. Devices such as Authenex, Inc.’s A-Key have specialized in this function, and it’s a feature that many feel is useful.
Some members also saw tokens as a way to prevent software piracy, which is an important concern. USB devices could offer additional protection against software theft and license abuse. But security may not be the biggest concern users have with USB security tokens as the answers to the following question reveal.
What is most important when you purchase a USB-based security key?
As Figure F shows, respondents are most concerned about the compatibility of the devices with their current systems.
That doesn’t mean that security is of secondary concern; a significant number also said the strength of security was most important to them. Many likely trust the security of the devices, but security doesn’t mean anything if the devices won’t work for them. Since the devices conform to USB standards, however, compatibility issues should be minimal for most users. And strength of security isn’t far behind compatibility as the most important issue.
Ease of administration and price are also issues with which organizations must contend. Only a few members thought the brand name would be their top consideration when making a purchase.
These results show that many are looking for new ways to secure their networks and authenticate users, and USB security tokens offer a viable solution. These devices likely have a place in most organizations, even if their use is limited to particular groups or functions.
Other thoughts on USBs?
Let us know what you think by posting a comment below or by sending us a note.