In its report, "How to Tackle the Threat From Portable Storage Devices," the technology analyst warns that portable devices containing a USB (Universal Serial Bus) or FireWire connection – the main standards for connecting devices to computers – present a serious threat to businesses.
Pocket-sized hard drives that connect using FireWire, like those from Toshiba, or USB hard drive or keychain drive, such as M-Systems' DiskOnKey, were identified by Gartner as potential threats. So were disk-based MP3 players, such as the iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media.
Gartner warns that these devices can bypass the internal defences of the computer to introduce viruses or other malware (malicious software) onto the computer and any network to which it is connected.
In addition, says the report, this type of high-tech equipment is perfect for downloading sensitive corporate data – which may not only damage the reputation of the company if the data is subsequently leaked, but may place the company in breach of data protection laws.
The best advice, according to Gartner, is not to ban the use of portable storage devices within the workplace, but to take a tight control over its use through a well-publicised security policy, training, and the installation of technology that can control the USB ports directly.
A digital rights management (DRM) system, which would control the copying of data, is also worth considering, says Gartner, but as a general security rule, a desktop lockdown policy should be implemented.