Device threat: iPod espionage emerges as corporate concern.DOWNLOADING files onto iPods almost always involves music. But with 20 to 40 gigabytes of storage capacity, what's to stop someone from downloading sensitive company files and taking them out of the office? In a move that captures the challenge of maintaining security in a digital age, a growing number of companies, including a few of Boeing Co.'s Southern California Southern California, also colloquially known as SoCal, is the southern portion of the U.S. state of California. Centered on the cities of Los Angeles and San Diego, Southern California is home to nearly 24 million people and is the nation's second most populated region, offices, are banning digital music players Hardware or software that plays audio files encoded in MP3, AAC, WMA or other audio formats. There are several software-based music players that play audio files in a desktop or laptop computer, including iTunes, RealPlayer and Windows Media Player. , portable memory sticks and camera cell phones. "In some of our facilities where we do sensitive business--like integrated defense programs and aircraft programs--we don't allow things that can carry storage devices," said Kelly Donaghy, security spokeswoman for Boeing. Employees are told to drop them off before they enter the building, or leave them in their cars. "The people who work in those buildings, they know the rules," she said. An example of the new rules: A vice president of business development for GuardianEdge Technologies Inc. was stopped at the front gate of a large consumer electronics maker and told to declare if he had an iPod, a camera phone or a PDA (Personal Digital Assistant) A handheld computer for managing contacts, appointments and tasks. It typically includes a name and address database, calendar, to-do list and note taker, which are the functions in a personal information manager (see PIM). . The devices were put in plastic bags and tagged. When he exited the building, he had to prove that the bags remained unopened in his pocket throughout the visit. "They had a no-tolerance sort of policy," said Steven Lerner-Wright, a spokesman for GuardianEdge, a Silicon Valley information security consultant, who was told of the incident but declined to identify the company. GuardianEdge helps companies protect against data theft, usually by installing encryption software Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, email messages, or in the form of packets sent over computer networks. . But occasionally, Lerner-Wright admits, companies choose to ban devices rather than change the way they protect their data. Ready availability Part of the reason is that technology is developing faster than company security policies. Just a couple of years ago, memory sticks--small, removable hard drives that can be plugged into computers--weren't on key chains, phones didn't have cameras in them, and portable CD players didn't have hard drives. "The iPod exploded so quickly--I don't think everybody thought of it as generic portable storage," said Lerner-Wright. "Companies are only now trying to come to grips with the ready availability of these devices." Apple officials declined to comment, as they have throughout the security controversy over the iPod. The furor furor /fu·ror/ (fu´ror) fury; rage. furor epilep´ticus an attack of intense anger occurring in epilepsy. started last fall when the research firm Gartner Inc. released a report pointing out the risks that employees' portable devices pose to corporations. These products, the report concluded, "have the capacity to quickly download much valuable corporate information, which can be leaked to the outside world." Analyst Ruggero Contu, author of the report, recommended banning these devices from company premises, disabling dis·a·ble tr.v. dis·a·bled, dis·a·bling, dis·a·bles 1. To deprive of capability or effectiveness, especially to impair the physical abilities of. 2. Law To render legally disqualified. the USB ports A USB socket on a computer or peripheral device into which a USB cable is plugged. See USB. on computers, or simply forbidding employees and external contractors from using personal devices with corporate PCs. "No one can deny that they're fantastic," Contu said in an interview. "It's such a small and light item and can store so much." Contu didn't want to single out the iPod. because memory sticks and Palm Pilots have similar capabilities. But there are 20 million users of the super-popular iPod. "Apple was very upset with us," said Vic Wheatman, another technology analyst at Gartner. By lumping the popular iPod with hard drives and data storage devices, the report touched a nerve with consumers and businesses that hadn't looked at the white ear buds as anything more than a fashion statement. "The fact that these devices are so capable certainly increases the risk," Wheatman added. "Just 100 bytes of the right information is going to be important. Just think, corporate drawings, secret formulas, plans for the next-generation missile system--those things have a great deal of competitive value." The aerospace industry appears to be taking the lead in restricting iPod-like devices, while policies on devices haven't been clearly established in other industries yet. Occidental Petroleum Occidental Petroleum Corporation ("Oxy") NYSE: OXY is an international oil and gas exploration and production company with operations in the United States, Middle East/North Africa and Latin America regions. Corp. spokeswoman Jan Sieving said that the company has a security policy, but that it doesn't involve iPods or camera phones. Wells Fargo Wells Fargo armored carriers of bullion. [Am. Hist.: Brewer Dictionary, 1147] See : Protectiveness Wells Fargo company that handled express service to western states; often robbed. [Am. Hist. & Co.'s policy prohibits employees from using any type of equipment to copy or send unauthorized information. "Our policy doesn't go that specific, to the type of device," said spokeswoman Jennifer Langan. "We just say equipment cannot be engaged in this type of behavior." Chuck Freadhoff, spokesman for the American Funds  Please see the discussion on the talk page. in full Universal Serial Bus Type of serial bus that allows peripheral devices (disks, modems, printers, digitizers, data gloves, etc.) to be easily connected to a computer. key-chain drives or iPods, are not allowed to plug into company computers. Personal cell phones, which may be equipped with digital cameras or memory cards, are to be used outside the building. "We have very strict controls to make sure that all shareholder records are secure and not shared," Freadhoff said. 'Everything's digital' Some industries with tech-savvy employees face an uphill battle Uphill Battle was an metalcore band with elements of grindcore and noisecore. The group was based out of Santa Barbara, California, USA. History Uphill Battle got some recognition releasing their self-titled record on Relapse Records. . "It's been talked about," said Craig Mitchell Craig Mitchell (born April 22nd 1964 in Hempstead, NY) is an American character actor and comedian. On stage he has appeared in over 40 productions. As a Stand-Up comedian, he toured for 15 years (1987-2001) and gained respect as solid performer on the eastern comedy circuit. , a spokesman for Calabasas-based video game maker THQ THQ Toy Headquarters THQ Territorial Headquarters THQ Tehsil Headquarters (Pakistan) THQ The Holy Quran THQ Theater Headquarters Inc. "But it's not something we have to take a class on." Mitchell's phone has a digital camera and his iPod is in his bag. As with most creative tech companies, employees sign a non-disclosure agreement A non-disclosure agreement (NDA), also called a confidential disclosure agreement (CDA), confidentiality agreement or secrecy agreement, is a legal contract between at least two parties that outlines confidential materials or knowledge the parties , he said. and it is generally "frowned upon" to use those devices on a company computer. "An iPod is just like any other storage device," said Bob Finlayson, head of corporate communications Corporate communications is the process of facilitating information and knowledge exchanges with internal and key external groups and individuals that have a direct relationship with an enterprise. for THQ. "I don't see why you'd ban it specifically. In our world, everything is digital." Thousand Oaks-based biotech bi·o·tech n. Informal Biotechnology. biotech Noun short for biotechnology Noun 1. giant Amgen Inc.'s Web site notes that personal health information is "kept physically behind firewalls that meet or exceed industry standards." But that doesn't cover people inside the firewall who happen to have iPods or memory sticks. "I would bet that most companies in the pharmaceutical industry would prohibit unauthorized use of cameras," said Jon Martino, manager of investigations for Amgen and chair of the American Society for Industrial Security's pharmaceutical industry advisory group. "Obviously the technology has stepped up with the use of camera phones and iPods. These are things that each company has to individually look at and decide." He declined to comment on Amgen's security policy. Security experts say that company policies must evolve as devices become smaller, cheaper and more popular. "You may soon see brokers being told not to bring iPods to work," said Lerner-Wright. But he insists that it's better to focus on the data, not the device, because devices are constantly changing. "It's about looking to solutions that will automatically encrypt data when it's exported, or technology that will scan whatever device you're attaching to the port and can say, 'This device does not have the proper credentials,'" he said. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion