I confess I found some of the recent publicity around USB sticks a little frustrating. A couple of elements got my goat: first was the fact (on the radio at least) that the liberal democrat MP Sarah Teather insisted on linking the loss of such devices with the ability of the UK government to reliably build a pan-country identity database. Now, whatever you think about the latter (I’m pretty dubious, to be sure), it has very little to do with whether specific servants of the state happen to leave USB sticks around.

The second thing that narked me was far simpler - the fact that nobody mentioned just how easy it is to use USB sticks in a more secure way. I’ve made this a bit of a soapbox over the years - indeed, for as long as USB sticks have had security capabilities, which is a fair while. Let’s be clear: not all devices have such things as password protection. But such features are widely available - any device that professes to incorporate SanDisk’s U3 capability will also have password protection, for example. So, the coverage missed a trick: not just to highlight the issue of data loss, but also to take that high profile opportunity to say one simple thing: “Use only password protected devices.”

Now, of course, the level of protection afforded by passwords, and indeed by devices, will vary. However, the existence of a password offers an order of magnitude (if such a thing could be measured) over the lack of one. My tip to the MoD: just buy a bunch of them, and make them easily available - put a stack in the stationery cupboard. Print on them, “only to be used with password protection enabled.” Sure, some may be pilfered but that’s a smaller price to pay than losing national secrets, isn’t it?

Password-protected USB is a start, but there will always be places where a stronger guarantee is required. Right now for example, I’m road testing a fingerprint-enabled USB device from MXI - it’s about as robust as a USB stick could be (metal casing, slide out connector etc) and its got strong encryption built in. Building on the U3 idea, MXI also has a partnership with MojoPac to enable Windows applications to be run straight off the device without leaving a trace on an XP host computer, making it more of a secure, portable application environment than “just” a way of protecting data in the wild.

The point is, while there are questions, there are answers. How unfortunate that such things are not incorporated into common practice, particularly given just how simple they would be to adopt.

Delicious

Digg

Reddit

Facebook

StumbleUpon