Once upon a time, the floppy disk was the main portable storage device you had to worry about. Now there's USB sticks, flash cards, and even iPods. This article explains how a portable storage policy can help secure your network.

Your organization is heavily invested in security. It likely maintains firewall technologies, works to counter social engineering attacks and monitors an intrusion detection system. Wireless transmissions may be encrypted and the server room probably requires a key code separate from the facility's regular entrances. Password policies may even be in place requiring users to log on to organization systems using only complex alphanumeric passwords.

But all those efforts may be for naught. Just one user strolling out of work with a portable disk drive buried in a backpack can easily abscond with 250GB or more a day of sensitive, confidential and proprietary data. Think about those ramifications and you'll see why it's necessary for most any organization with sensitive data to implement and enforce a portable storage policy.

Think that's overkill? Then consider the facts. Industry statistics regularly repeat that insiders consistently pose the single biggest threat to organizations. A single disgruntled employee or contractor armed with a valid user account, password, network access and physical access to systems can easily cause more harm than an army of hackers. Allowing an organization's staff members to install external hard disks, flash-based memory drives and even iPods on organization systems makes the task of stealing corporate information and data that much easier.

Portable storage policy

While implementing a strong portable storage policy won't make anyone in the Information Technology department popular, it will prove a significant step in helping secure the organization's data. Unauthorized duplication, and the prohibited distribution of sensitive information outside the company, will prove much more difficult if employees aren't permitted to bring portable drives and audio players (which can easily transport sensitive data outside organization walls without detection) on company property.

Further, your organization's portable storage policy should ensure that employees and staff using mobile systems (such as laptop computers and Blackberry-type telephones) understand they're prohibited from transferring any organization data to portable storage devices whether the staff member is in the office or not. While having staff members sign such a policy upon beginning employmentÂ won't necessarily prevent unauthorized data loss, it will prove helpful in prosecuting offenders. For this reason your organization's legal team may be asking that the Information Technology department implement such a policy.

Ensure your organization's portable storage policy has teeth. Be sure to list the types of devices that are prohibited, what steps should be taken in the event of a violation and the penalties offenders could face.

Among the devices that should be prohibited are the following:

External hard disks
Portable hard drives
Portable network accessible storage drives
All forms of flash memory cards
Flash memory-based "thumb" drives
MP3 audio players
iPods

If you're unsure whether your organization necessarily requires a portable storage policy, complete TechRepublic's Portable Storage Vulnerability Assessment, which will help gauge your organization's exposure. Should your organization require a portable storage policy, check out TechRepublic's Portable Storage Policy for a ready-made template you can use as-is or customize to meet your organization's specific needs.

Just rolling out such a policy won't solve your organization portable storage issues, however. The Information Technology department must vigorously enforce such a policy. Otherwise the effort is nothing but a paperwork exercise.

You can quickly implement a portable storage policy in your organization by downloading TechRepublic's Portable Storage Policy. Included you'll find a risk assessment spreadsheet that will help you determine the importance of such a policy to your organization's security along with a basic policy that you can use and modify. You can purchase it from the TechRepublic Catalog or download it for free as part of your TechRepublic Pro membership.

The importance of an effective portable storage policy

Portable storage policy

Editor's Picks

IT Buying Cycle

Changes to Google Chrome and Chrome OS certificate handling

Quick Tip: Sharing Google Drive documents is now a bit easier

Colleges ramping up data analytics degrees to meet big data challenge

Oracle Optimized Storage E-Book: Staying Ahead of the Data Explosion

Oracle Delivers One-Two Punch with New ZS3 Series

Transforming Business with Oracle's Optimized Storage for Oracle Database 11g

Five hard disk cleaning and erasing tools

Five DVD ripping tools

Google charges hefty premium for 16GB Nexus 7 storage

Manufacturer Gains Business Insight and Boosts IT Efficiency With Database Solution

The Corona Energy Challenge

Media Company Lays Firm Foundation for Business Growth

10 troubleshooting tips for your storage and SAN environment

The brewing battle between hybrid and all-flash storage

Helium-filled drives will lift capacities to new heights