Security Watch | Matt Hines » IT pros fear iPod data theft

July 26, 2007 | Comments: (0)

IT pros fear iPod data theft

TAGS: Security

A quick look around the commuter bus or office space will give you a pretty good idea of just how ubiquitous Apple's iPod media players have become among the professional set, but the devices are also increasingly being viewed by many IT workers as a potential threat for data loss.

In a new study published by Credant, which specializes in tools used to encrypt or block data being saved onto mobile devices, the company found that 67 percent of the 323 IT workers it surveyed consider the iPod to be a potential data security risk.

However, short of some sort of major disaster that links the Apple devices to data leakage, 49 percent of those surveyed said they likely wouldn't do anything new to protect against misuse of the gadgets.

Some 46 percent said that their companies have already established policies dictating acceptable use of the media players.

Truthfully, the Credant survey highlights the continued disregard among companies in dictating the use of USB-capable storage devices in general, of which the iPod is clearly just one of the most popular.

When asked to rank which USB devices they considered to be most dangerous in terms of potential corporate data loss, a vast majority (86 percent) of respondents still ranked traditional handheld storage drives, and SD-card carrying smartphones (13 percent) ahead of the iPod (10 percent).

The fact that most commonly-used handheld USB storage drives max out at around 2GB of memory, and that the iPod can carry up to 80 GB, however, does make the devices ripe for use by those looking to carry out insider data theft schemes of some sort. But there are other less-popular multimedia devices that also offer similar storage capabilities.

(For those unaware of all the storage features of their iPods, try out a drag-and-drop document save exercise on your device, it works just as any other USB drive might.)

While the research probably isn't the type of marketing promotion that Apple had in mind for iPod, the Credant report also shines a light on just how plentiful the gizmos are in the workplace.

Of those surveyed, some 61 percent said that they use their iPod while traveling for business or at work.

Among people ages 18-40, get this, the number of iPod users jumped to 92 percent of those interviewed. Wow. That's a lot of iPods if you guess that the percentage extrapolates outside of those surveyed, although maybe IT pros are just more likely to be early adopters. (I own one too.)

Overall, 7 percent of those interviewed said they already use their iPod for storing corporate information.

Interestingly, despite the fact that 67 percent view the media player as a potential data threat, only 61 percent said that they had actually heard of "iPod slurping," or the practice of using the devices to secretly store sensitive data.

In general, some 40 percent of those surveyed by Credant said that they have no protection in place to stop the use of USB drives such as iPods to store business information at all.

That's the heart of the problem, less than anything related to the iPod itself, said Chris Burchett, chief technology officer and founder of Credant.

"Organizations and IT professionals are not taking the risk involved with allowing use of these USB storage devices as seriously as they should when it comes to the potential for data loss," said Burchett. "They want to allow them for appropriate use, but they don't have the controls in place to ensure that there isn't misuse."

Burchett suspects that many companies will avoid the problem until they are forced to address the USB security issue via compliance regulations or after a major security incident that illustrates the potential for abuse.

"It's just not intuitive to some people that the iPod is just another storage device, that it works outside of iTunes, music and video," he said. "I think that until we see an event such as the VA laptop theft or the TJX break-in that involves an iPod or portable media player specifically, many people will still fail to understand the related risks."

Posted by Matt Hines on July 26, 2007 12:22 PM

RATE THIS ARTICLE: