USB Flash Memory Security

Hi Everyone,

I am looking for a solution to USB Flash Memory Security.

USB sticks are getting to be a nightmare with all our users requesting them or bringing their own. The easiest solution is to block USB flash, which was done previously, but that restriction has been removed against not just my advice, but many other colleagues in the IT Dept.

Currently we do not have a Data Leakage Prevention system in place and even if we did, the problem would still lie with the USB sticks as information would still reside on them.

I am looking for a solution that will allow:
1. Encryption of any USB stick
2. Require password authentication
3. Not require escalated priviliges

I have seen Truecrypt and while it is a great tool, I can foresee the users ignoring it as it would be too complex.

The types of USB sticks provided in my country are limited in variety. We don't have the encrypted USB sticks by Kingston and other vendors and would require to order them online.

I have seen the U3 sticks and think they somewhat meet the bare minimum requirement but due to the fact you can install applications on them, I am a bit weary.

If anyone can suggest a software solution or a way to block the installation of U3 apps on the stick, I would be grateful.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
There is a commercial product that does just what you are looking for - its called "securewave sanctuary"

from a central control console, you can define which devices on windows workstations can be seen at all, and, in the case of removable media (so usb drives/sticks/etc) can force encryption onto the device, which is transparent to the user - the user need do nothing to turn it on or off, the device is encrypted when sanctuary first sees it, works on any machine in the same domain (provided it also runs sanctuary of course) and is unreadable on any other machine; that isn't to say you can't access it outside of your domain - mobile nodes like laptops carry the unlock code with them, and there is a last-ditch password-access control system to make them readable on non-sanctuary machines - but for transparent DLP on removable media, I don't know anything that can beat it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohamed OsamaSenior IT ConsultantCommented:
I will second the suggestion for sanctuary , it is in use also in our organizasion & does exactly what you need in addition to more advanced features.
before deciding to go with it, you may also wish to evaluate GFI Endpoint security which is also an excellent solution.

Dave HoweSoftware and Hardware EngineerCommented:
There is also the checkpoint solution as well.

but I find the sanctuary product the best featured - if a little expensive.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.