USB Device Security

USB (Universal Serial Bus) storage devices are very convenient to transfer data between different computers. You can plug it into a USB port, copy your data, remove it and be on your way. Unfortunately this portability, convenience and popularity also brings different threats to your information.

Data thefts and Data leakage are everyday news now! All these can be controlled or minimized with care, awareness and by using appropriate tools to secure the information. The tips and recommendations provided in this document helps you to keep your information secure while using USB storage devices.

Threats

1. The Conficker worm spreads via removable devices and drives such as memory sticks, MP3 players and Digital Cameras. 
2. Also 30 percent of new worms have been specifically designed to spread through USB storage devices connected to computers.
3. The Stuxnet worm was one of the year’s high-profile threats that spread through USB drives.
4. Malware Spreads through USB storage devices. Somebody may intentionally sell USB storage devices with malware to track your activities, files, systems and networks.
5. Malware may spread from one device to another device through USB Storage Devices using autorun.exe, which is by default enabled.

Unauthorized Usage

• Somebody may steal your USB Devices for Data.
• Somebody intentionally leave USB devices at your Desk or Place with Malware.

How to stop Data Leakage via USB Storage Device?

• Design and adopt a good security policy to limit the usage of USB Storage devices.
• Monitor the employees what they are copying.
• Implement Authentication, Authorization and Accounting to secure your information.

What to do when you lose the Device?

• If you have stored any personal or sensitive information inside the USB drive like passwords etc, immediately change all passwords along with security questions and answers provided during any account creation [There may be chances that hacker can retrieve your online account logon information by using data in the stolen drive].
• Also ensure that all security measures have been taken against the data lost.

How to secure USB Device?

• Always secure the drive physically by tagging it to a key chain.
• Never leave your drive unattended anywhere.
• Never keep sensitive information with-out encryption.

Types of Devices which supports USB:

• Card readers
• Mobile phones
• PDAs
• Digital cameras
• Digital audio players
• Portable Media Players
• Portable flash memory devices

Guidelines for usage of USB Devices

Do’s

• Always do low format for first time usage.
• Always delete the drive securely to clear the contents.
• Always scan USB disk with latest Antivirus before accessing.
• Protect your USB device with a password.
• Encrypt the files / folders on the device.
• Use USB security products to access or copy data in your USB.
• Always protect your documents with strong password.

For Small Business or Enterprises

• Monitor what data is being copied.
• Block the unauthorized USB from connecting.
• Pick the device with features and correct level of encryption to meet compliance requirements and organization needs.
• Educate employees on acceptable and unacceptable use of USB flash drives.
• Document policies so that users know who is authorized and what they are authorized to do.

Don’ts

• Do not accept any promotional USB device from unknown members.
• Never keep sensitive information like username/passwords on USB disk.

Mobile as USB

The mobile phones can be used as USB memory devices when connected to computer. A USB cable is provided with the mobile phone to connect to computer.

Do’s

• When a mobile phone is connected to a personal computer, scan the external phone memory and memory card using an updated antivirus.
• Take regular backup of your phone and external memory card because if an event like a system crash or malware penetration occurs, at least your data is safe.
• Before transferring the data to Mobile from computer, the data should be scanned with latest Antivirus with all updates.
• Remember to remove the USB connection from your computer before you walk away.
• Don’ts
• Never forward the virus affected data to other Mobiles.

Evolution of Cloud Computing

Enterprise organizations will likely experiment with cloud computing, carefully choosing projects that benefit from cloud’s features and cost benefits as they develop more formal cloud computing strategies.

The phases of the model include:
Test and development: This phase introduces cloud for proof of concept use. During this initial phase, IT becomes comfortable with server virtualization and gains experience with system performance, application response times, and technology stability.

Consolidation: This phase is highlighted by the migration of physical servers to virtual machines typically referred to as P2V. At this point, IT rapidly moves workloads that have been identified as viable candidates and gives them the green light for production usage on the virtualized infrastructure.

Enterprise: This phase is a significant milestone where the business chooses a virtualization platform for mission critical applications, standardizes data protection, implements disaster recovery, automates routine tasks, and meets SLAs. The goal in this phase is a near 100% virtualized data center.

Dynamic: In this phase, the IT infrastructure is tightly integrated with IT and business processes. As
Administrators apply security, performance, and availability policies, the virtualization platform responds automatically without manual interaction. This is the really the beginning of a true private cloud.

Cloud: The cloud or final phase provides a real time consumption model that meets the descriptions and definitions detailed previously. At this phase, business owners only pay for what they consume and can quickly provision and decommission resources as needed. Control shifts into the hands of the application owner, allowing for management of an extremely fluid environment that instantaneously responds to change across distributed resources regardless of whether they are owned or leased from or hosted by a third party. This entire process is completely transparent to the application and its administrators.

Cloud Computing Deployment Models

Just like the cloud services models, cloud computing can be deployed in a number of ways depending upon factors like security requirements, IT skills, and network access. The IT industry has outlined four cloud computing deployment models:

Private cloud: The cloud infrastructure is operated within a single organization. In this case, internal groups such as business units consume resources and services provided by a single internal (i.e., the IT department) or external cloud computing provider.

Community cloud: A community cloud is a superset of a private cloud. The cloud supports the needs of several or an extended community of organizations. Again, community clouds can be built and operated by members of the community or third party providers.

Public cloud: The cloud infrastructure and services are available to the general public. Examples of public clouds include Amazon Elastic Compute Cloud (EC2), Google App Engine, Microsoft Azure or Terremark Cloud Computing services.

Hybrid cloud: The cloud infrastructure amalgamates private or community clouds with public clouds. In this case, private or community cloud services have the capability to extend or “burst” to consume public cloud resources.