USB under control Home»Solutions»USB under control
According to the specialists in human relations, trust is one of the things which can change the performance and results of an organization. “Trust, but verify” is a saying, which helps to many to build an organization environment full of trust amongst people. “Trust, but verify” is also a saying, on which is the USB Under Control solution built. Believe in the benefit of the usage of modern USB devices, but, on the other hand, check the purpose of their usage.
USB Under Control allows to gain control of the usage of the USB devices throughout the organization. At the same time, it increases and verifies the trust in your own employees and, therefore, limits the possibility of carrying out sensitive documents, information and data of an organization.
Why the USB Under Control?
The USB interface, currently the most standard and supported by all manufacturers, is a necessity in every organization. Without this interface, the computers of an organization would be running with a quarter tank of gas. However, besides the benefits, there is also the other side of the coin. Via USB interface, an organization can leak sensitive information, or, on the other side, the organization might be receiving some unwanted data. The price availability of USB and external discs allows a user to carry out the internal corporate documents, corporate know-how, information from files, strategic plans, lists of employees and many other sensitive documents, information and data within a few moments. Moreover, the ubiquitous anonymity of the performed operations builds a productive environment for the mentioned operations.
Nevertheless, three steps are enough to build a trustworthy environment for USB devices. They are:
- Monitoring of the user’s work
Limiting the use of unwanted USB devices
Preventing the use of content outside the organization
Monitoring of the work and active protection
By monitoring the work of a user, you will get a precise picture of his/her work with the computer. Monitoring can help to find out the used USB device, other peripherals connected via PCMCIA, FireWire, Bluetooth, and files loaded, recorded and copied to external memory media. Besides these operations related to the USB devices, you will get the overview of the used applications, movement on the internet and the time spent with active work on computer.
In the first phase, you will get oriented to the use of USB devices in your organization. In the second phase, it allows you to keep records of the performed operations and retroactively evaluate the potentially dangerous activities leading to the decrease of trust. In the third phase, you will be able to unambiguously prove that the USB device was used for unauthorized operations or even to an eventual attack. The fourth phase can immediately inform responsible persons of possible initiation and course of the attack.
Put the redundant devices away
By preventing the usage of undesirable USB devices, you will prohibit the use of useless USB devices in the organization. Upon the understanding of the organization structure, it is possible to create an exact list of the approved USB devices, whereas their identification can be based on the type (e.g. keyboard, mouse, printers, etc.), certain sets (e.g. cameras) or a unique serial number of the device.
It will disallow the use of USB devices and other external memory media (CD/DVD, USB flash, USB external hard disc, etc.) outside the organization, allowing the transfer of documents, information and files only within the organization. At the same time, it can possibly prevent removal of the undesirable documents, information and data from this media in the computer network of the organization.
Who benefits from gaining the control of the use of USB devices in the organization?
management
- supports the adherence to the legislature on information protection
- took steps to decrease the corruptions stemming from carrying out, inserting or changing information in the organization files
- the incurred incidents stem from failure of an individual and not of a system
employees of the IT administration and safety
- can provide precise information on the stage of usage of a USB device, which is based not only on their presuppositions
- can submit precise evidence about the incident
- receive immediate information on any potential incident
loyal employees
- does not mean any change for them
- can start to use the USB device for their work
- insurance in case of their erroneous behavior (e.g. loss of the USB device)
saboteur employees
- fast discovery of their incorrect behavior
- unambiguous evidence showing their intentions
- end of free work with USB devices
