Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

Ban USB Flash Drives

Our IT dept are pushing towards a complete ban of the use of USB flash drives to drag data off servers/PC's - regardless of whether the device is encrypted or not. There is now a corporate citrix access gateway solution where users can access data offsite from anywhere with an internet connection. I am trying to think of scenarios whereby they may still be required. Have you ever tried to enforce such a ban? Was there any valid busienss cases whereby they were still required. Can you share valid business cases or is a ban highly practical? What issues could arise from completely banning such devices through group policy/security suites
ASKER CERTIFIED SOLUTION
Avatar of jgerbasi
jgerbasi
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

>>This was much easier to get across to users as some do recieve flash drives from clients with files that need to be accessed

Is there no other way for them to get this data to you?
We have some stubborn clients who will not use other means we have provided them, whether it be a secured portal or encrypted emails. They like encrypted flash drives.
Avatar of Pau Lo

ASKER

Sounds familiar
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo

ASKER

And presumably no issues in enforcing this, i.e. it didnt affect any genuine requirements for USB? How do they get to their files offsite/from home?
no, it locked down the USB storage devices completly, so there is no way of getting the data off, however we have had the need to get data off the USB drives, so we just put it into one of the servers then moved the file onto a shared location on the server they could access. as for any other USB devices (keyboards and mouse etc) these were unaffected as it was only the storage devices that were locked down.

For users to get data from one place to another we have a secure FTP site and outlook web mail along with other remote access VIA VPNs, so if they are at home they can log into the FTP site and put data on there and take it down. the VPNs are used only with the CEOs and upper management so they can control thier PCs from home.

The USB lockdown for us was more about people bringing in files that had viruses on and causing system downtime. we have blocked many sites and locked down other browser such as chrome from by passing this simply for security reasons, but if certain users need access we can grant exceptions through ISA.