Introducing Physical Security 399
When talking about hard drives, we need to cover flash drives as well. Flash drives have
proven to be both a blessing and a curse as they allow for the carrying of large amounts of
data, but at the same time they are small and easily lost. To thwart this, companies need
to consider encryption as an option. Unfortunately, many of the commercially available
drives do not offer encryption services, and the ones that do are relatively expensive by
comparison. However, you must weigh the cost against how dangerous and problematic it
would be if one of these devices was lost and fell into the wrong hands.
Additionally, both portable hard drives and flash drives suffer from another issue with
their size and the amount of data they can carry. These devices, especially flash drives, are
extremely portable and easy to hide, so they represent a huge security risk. It is easy for an
attacker to carry a flash drive into an organization and plug it in to steal information or to
execute a piece of malware. To prevent this in your organization, you should restrict the use
of flash drives and portable hard drives as well as consider encryption and usage policies to
control or bar their use.
The term pod slurping was invented to describe the act of using a portable
storage device such as an iPod or other mechanism to steal large amounts of
data quickly.In addition to encryption for hard drives and mobile storage, consider how to thwart
actions such as dumpster diving against media. Companies generate a tremendous
amount of information on everything from CDs, DVDs, and other formats, including
the occasional floppy disk. Develop procedures for the storage, handling, and proper
Pros and Cons of Drive Encryption
Drive encryption is becoming an increasingly common option in all sorts of devices, from
laptops and mobile devices to the drives in some printers. Encryption at this level is often
required for legal as well as security reasons, but in many cases you need to consider
performance impacts.
There is always a price to pay to get something in return and encryption is no different.
Due to the complexity of the process and the large amounts of data involved, the
penalty in system performance may be noticeable. This becomes a bigger concern with
mobile systems where performance is at a premium and the need for encryption is
higher.
As a professional, you will have to choose which is more important to you: performance
or security. Performance may suffer, but the need for data security may be of higher
importance as well as being legally required.