Remember 360K floppies?
I performed a security audit on a company in the mid ‘90s. I cheated. The bad guys cheat and I was looking to emulate them, not make my clients feel good about themselves.
Instead of going to the client meeting I was to attend, I walked around their facility. When I left the building the guards stopped to search my laptop case. Good security. Back in the parking lot I called into the meeting, declaring, “You failed.”
Upon receiving icy glares from my clients, I silently dumped a slew of floppies on the conference table. Then I explained that for a high security company they should really do a much better job of not letting sensitive government information leave the building.
What a difference a decade can make. We now cling to our USB thumb drives. Four gigabytes of storage in a one-ounce device that easily defies a cursory security scan or can be hidden in the most obscene places.
Blu-Ray disc technology is actively over the horizon with a storage capacity of 50GB of data. A piddling amount in the grand scheme of what you have to face in the near future of portable media storage.
The mother-of-all storage technologies — holographic — is ready for prime time. Holographic storage stores data inside of the newly developed light sensitive media. Two laser beams intersect and record data at light wavelengths like DVDs at 1Gbps.
They record the data throughout the inside of the media (versus just the surface) and at different angles, both of which dramatically increases the storage capacity. The 130mm (5.25 inch) disks have an estimated capacity of 100 TB; that’s 100,000 GB for the prefix-challenged.
So what does the security-aware and concerned company do? Decide to do something about portable data storage now rather than later.
Let your auditors and risk management staff know that 4GB dip sticks are here, and 1.6TB gel disks are around the corner.
If one doesn’t exist, add a portable media policy to your existing security policies. Should anything from the company ever be on a portable media device? Should you mandate biometric ID on them all? Should they be allowed on the road?
Train guards and security staff to recognize portable media devices and the danger they represent to corporate security and privacy.
Develop port controls for your desktop machines to prevent unauthorized use of USB ports, portable media devices and other sources of giga-to-tera-sized data leaks.