As always, you need to do your best to educate users, come up with incentives : larger capacity drives, goodies, fun event, etc. But in the end, control mechanisms must be in place as well !
If your security requirements are THAT high, you could prevent unauthorized USB devices from mounting. At the very least, you should be able to alert the SysAdmin team... Implementation obviously depends on your environment (Unix or Windows ? Maybe both ?). If that sound too harsh, periodic scans of your internal network could help catch offenders.
As far as drives go, I would stay away from costly proprietary hardware solutions and use commodity drives with Truecrypt... but that's just me :)
One last thing: encrypted thumb drives do not protect against OS/applications caching & revealing confidential information.
No comments:
Post a Comment