Share This Article:

Army private Bradley Manning may become the patron saint of data loss prevention (DLP). Thanks to his supplying WikiLeaks with hundreds of thousands of sensitive and classified government documents, Manning has done more to raise the level of awareness of insider security threats and the risk posed by unchecked portable media.

Manning, formerly a private first class in an Army intelligence unit stationed in Baghdad, is under heavy guard at a government detention center in Virginia. He’s accused (not convicted) of using his access to a government intelligence network to pilfer more than 400,000 documents related to military operations in Iraq and Afghanistan, State Department operations around the world, and U.S. covert intelligence activities.

WikiLeaks published the documents last Sunday, causing Washington immense embarrassment, disclosing closely guarded diplomatic secrets and compromising foreign intelligence activities. The extent of the damage is still unknown, but the content of the “cables” – as they are known in diplomatic circles – as stirred the ire of heads of state around the world, particularly Russian Prime Minister Vladimir Putin.

Manning had access to immense data, but getting it off the network wasn’t as simple as emailing it to a private account or FTPing to an off-site server. No, Manning allegedly used read-write CDs and USB flash drives to copy gigabytes of files.

The threat of using portable media isn’t unknown to information security specialists. USB flash drives are a favorite tool of malicious insiders. A former Countrywide Financial analyst – one of the mortgage companies that went up in smoke during the financial crash of 2008 – is awaiting trial for using UBS flash drives to steal more than 2 million accountholders’ information and selling it on the digital black market. A former employee with Certegy Check Services is serving five years in prison for using a USB flash drive to steal more than 8 million account records and selling them to telemarketers for $580,000.

According to the Identity Theft Resource Center, the first half of 2010 saw the compromise of more than 8.9 million records, with nearly two-thirds – 5.56 million records – breached from business computers and networks. Insider theft accounted for 38 percent of all pilfered records. While many of these records are being taken out of the corporate domains via email, social networks and Internet-based drop boxes, the vast majority is being smuggled out through portable media.

Consider this: The hottest electronic gadget this holiday season is the Apple iPad and iTouch. If you think these devices are just for surfing the Web, listening to music and reading books, think again. These devices boast 16GB to 64GB flash memory, which can hold any type of file. If that’s not enough, external hard drives ranging from 500 GB to 3TB are relatively cheap. In fact, a 3TB hard drive is less expensive than an iTouch.

Business need to worry about more than hackers when it comes to portable media. Many data leaks are caused by well-intentioned users who simply want to take work home. They will download files on their memory sticks or to their iPads for work off-site. Crisis strikes when their PCs are stolen or they misplace their USB flash drive.

Data loss prevention has promised to prevent authorized info from leaving corporate networks, but adoption of this technology has been slow. Analysts and industry experts push DLP as a compliance tool to keep enterprises out of trouble with government regulators, yet IT decision makers are mostly gravitating to encryption to safeguard files that leave the network perimeter. And, frankly, most DLP vendors focus on the obvious transmission channels, Web and email. Their argument is that 80 percent of all data flows off networks via networks so the focus should go there first. It’s not illogical, but it overlooks the avenue through which massive amounts of data will be stolen or unintentionally leaked – USB flash drives.

In the early days of USB technology, IT departments were literally sealing USB ports with glue guns to prevent users from downloading data to flash drives. There are several vendors who have software that can regulate or lock down the use of these ports. And many vendors have turned to encryption to safeguard data on USB drives – Sandisk has an enterprise-class system for compelling the use of secure USB drives, and Microsoft included USB encryption in Windows 7. But this isn’t enough. Enterprises need to know what’s going on these drives.

A few DLP vendors have the ability to monitor and guard data bound for USB drives. McAfee, Websense, Proofpoint, Code Green Networks and Palisade Systems have the capability to monitor, block and, in some cases, encrypt USB-bound data.

For solution providers specializing in security solutions, PFC Manning has supplied the rationale for implementing stronger data monitoring and leak prevention controls where it matters – at the USB port.

* * *

Lawrence M. Walsh is CEO and president of The 2112 Group, a technology business advisory service that specializes in optimizing indirect channels and partner relationships. He’s also the executive director of the Channel Vanguard Council. He is the former publisher of Channel Insider and editor of VARBusiness Magazine. You can reach him at lmwalsh@the2112group.com.