The iPod may be popular, but it also poses a major security risk for businesses, according to a study by research firm Gartner. The risk is so great that enterprises should seriously consider banning the iPod and other portable storage devices, Gartner says.
The devices, using a USB or FireWire port, present risks to businesses on several fronts, from introducing malicious code into a corporate network to being used to steal corporate data, the research company says in its report "How to Tackle the Threat From Portable Storage Devices."
The report points to a variety of devices, including pocket-sized portable FireWire hard drives, like those from LaCie Group or Toshiba, or USB hard drives or keychain drives, such as the DiskOnKey from M-Systems Flash Disk Pioneers.
Gartner also names disk-based MP3 players, like Apple Computer's iPod, as a security risk as well as digital cameras with smart media cards, memory sticks, and compact flash.
Gartner advises companies to forbid employees and external contractors with direct access to corporate networks from using these privately owned devices with corporate PCs. Companies should also consider a "desktop lockdown policy", disabling universal plug and play functions after installing desired drivers, to permit the use of only authorised devices.
The report concedes that the devices themselves can be quite useful within corporations, making it "unpractical and counterproductive" to introduce an outright ban.
Companies should take a multi-pronged approach to portable storage devices, Gartner says, including using personal firewalls to limit what can be done on USB ports. The use of products for selectively controlling ports and encrypting data should also be considered, the company says.
Additionally, digital rights management technology should also be used by enterprises that want to protect intellectual property, Gartner says.