Colleges Balance Security with Portable Storage
IT managers at colleges and universities are grappling with the problem of finding ways to better secure removable storage media in an environment that encourages information sharing.
Jason Pufahl, information security team lead for IT services at the University of Connecticut, said that the needs of students and faculty prevent universities from implementing mandates that prohibit the use of unapproved portable storage media.
Such mandates may be common in the corporate world, but "we don't have the flexibility to simply say all inbound traffic is locked down or we're going to allow outbound traffic on only specific ports," Pufahl said. "We just can't do that. We have to try to provide security when leaving things open, which is really difficult."
UConn has had success scanning network traffic for viruses and malware using Fortigate-5000 technology from Sunnyvale, Calif.-based Fortinet Inc., though Pufahl acknowledges that it has proven ineffective against devices such as USB drives, iPods or iPhones.
In recent months, some universities have been hit by incidents of lost or stolen flash memory and storage devices.
The university is currently examining password- and encryption-protected USB drives from SanDisk Corp. and Kingston Technology Co., said John Klein, associate director of academic services at the Allendale, Mich., school.
Klein said schools must educate students about the dangers of using unprotected storage devices and the associated risks of losing confidential data.
"It's not their home network anymore, where they are safe and cozy and warm," he said. "It's a campus network, where virtually any computer via a hacker is viewable and can be attacked."
The university is currently engaged in an encryption project designed to safeguard computers across campus, said a spokeswoman. "Policies are being looked at again to see what else we could be doing," she added. "These portable storage devices are just so convenient."