Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Warning MP3s Could Seriously Damage Your Reputation

So you're in love with your MP3, you go jogging with it, you sleep with it and you listen to it on the way to work! This year the workplace has become flooded with them as the cheapest MP3s are now sold for as little as £20 storing around 256MB of data. At the top end of the market, digital jukeboxes with storage of 20GB start at under £150 while a 60GB Apple iPod Video player can be had for just £300. That is the same storage capacity as a lot of corporate notebooks.

What makes this market a little dangerous for companies and dangerous for your health, is the fact that there has never been so many sold with such large capacities, creating a real headache as to how you can manage them within the workplace.

While these devices are aimed at a consumer market, there has already been an increase in their use within the corporate environment and this is set to increase as more people recognise that they are ideal for listening to corporate presentations on the move. Others might use them to listen to audio books or even watch training courses. In meetings, the MP3 player has already replaced the mini tape recorder due to battery life, capacity, ease of file storage/sharing and cost.

Consumers want to use these devices on their corporate networks today to download content. While there are figures showing that some of this content is illegal, there has been a big move towards legal content. One of the drivers of this has been the strengthening of the audio book market. Whereas, just a few years ago it was novels or self-help books that dominated the audio space, now there is a huge array of general business books on the market. This market is also being targeted by educational publishers who are moving their existing content into a new market. For these publishers, getting users to play "skills enhancement" books on MP3 players is as much a B2B as a B2C play.

Then there is the big emerging market of the year – Podcasting. In the same way that the DVD recorder and Sky+ box have revolutionised the way we handle the time-shifted world of television, Podcasting is doing the same for audio and it seems everyone is doing it. In the UK, the most popular Podcast is the BBC Radio 1 breakfast show. Unsurprisingly, it is most often downloaded during the day, probably by people who missed it while travelling into work.

It is not just audio that is driving the Podcasting market. The BBC and several other channels have committed to putting their TV programs out via broadband. They are also allowing them to be downloaded from websites. As this requires a reasonable bandwidth to get several programs, it is not unreasonable to expect that this will often be done at work.

The mobile video market has no doubt been helped substantially by the entrance of Apple with a video iPod. However, there are numerous other vendors, such as Archos, that have had high capacity video jukebox players for a number of years now. The storage in these devices is set to soar with the introduction of new perpendicular disk drives. We are already seeing the first 160GB disk drives and they will only get bigger.

While this is ideal for very high quality video it also poses a massive and significant risk to corporate data. The capacities at this high end equate to a laptop drive. This means that vast amounts of corporate data can be removed on a small consumer device that sits in the pocket.

Introducing measures to prevent such devices from connecting to corporate resources are failing. As fast as vendors bring out software to identify and block the devices, device manufacturers and software companies are releasing utilities to hide the devices from network administrators. A common approach now is to just report them as removable CD players. This allows them to avoid many of the restrictive practices introduced by the network administrators.

The goal, then, is not to exhaust resources trying to ban the devices, but find a way to encompass their existence within the corporate data security policy.

One of the first problems is that devices are likely to have content put on them at different locations. There are no anti-virus, anti-spyware programs for the majority of these devices although software to protect Smartphone's is beginning to appear. With multiple connection points for the mobile device, corporate desktops and laptops MUST be updated with the relevant software.

As the capacities increase, another measure, if these devices are to be tolerated, is to introduce transfer quotas. These allow you to restrict the amount of data that can be moved to an individual device. While this will not prevent data being taken out of the building it will restrict the quantity that can be taken at any one time.

A major problem with consumer devices is that they are not looked after carefully and attract thieves. This is where companies can take a very positive step to protect data. There are products that insist on encrypting data as it is being moved onto portable devices.

One advantage of this approach is that should the device be stolen, the data is protected. Another is that the larger capacity devices can be utilised as pseudo backup devices for mobile workers while keeping the data secure.

So, if you want to make sure that this New Year you keep your staff happy and the company safe and secure be sure to look at investing in strong encryption on all devices that enter and leave your office. Make encryption mandatory and educate your users so that they are aware of the risks to themselves and to your company if they lose one. That way you'll ensure you've done a great job which will guarantee a great big fat bonus to enjoy for yourself next Christmas.

The author is managing director of Pointsec Mobile Technologies

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.