This article can also be found in the Premium Editorial Download "Storage magazine: Upgrade path bumpy for major backup app."
Download it now to read this article plus other related content.
IT managers who support home users, branch offices or employees who frequently travel may be tempted to equip them with new portable storage devices that are easy to set up and use, and may also increase the chances that users will actually back up their systems. At the same time, these devices can introduce major security holes and could even prevent files from being backed up to an organization's centralized backup systems.
Portable storage devices are smaller and have more capacity than ever. They run the gamut from tiny, inexpensive flash drives that store as much as 8GB and USB disk drives that fit inside a shirt pocket, to shoebox-sized NAS devices that provide file and print services for less than $1,000.
There are countless examples of these devices. Pexagon Technology's Store-It Drive is typical of small drives; it comes in both 2.5-inch and 3.5-inch models, and attaches via USB 2.0. Olixir Technologies' Mobile DataVault 3DX can connect via USB 2.0, FireWire, an external SATA connector or it can be installed in a docking bay. Western Digital's WD NetCenter is a more full-featured NAS device; it has a 10/100 Ethernet connection and dual-USB ports that can be used to add more capacity or connect to a printer.
Most portable storage devices come with software that provides one-button backup or automatic file synchronization between two or more computers. Sometimes the software can even store OS and application configuration settings, allowing
By and large, the most prevalent backup package bundled with portable drives is EMC Retrospect (formerly EMC Dantz Retrospect), which features a one-button wizard and can be configured to support incremental backups. However Retrospect isn't intended to integrate with larger enterprise backup software packages. Of course, if the portable drive is used only as an additional disk drive and not as a backup target, then enterprise backup software can be configured to back it up; however, you'll need to educate users to ensure that the drives are connected to their PCs when the backups are scheduled to take place.
Because of these "gotchas," it may make more sense to configure portable storage drives to simply synchronize with internal drives rather than to provide additional storage. That way, backups are less of an issue because only those changes made since the last synchronization are at risk if the drive isn't connected during a scheduled backup.
To address the potential security holes introduced by portable storage devices, IT admins might also consider encryption or password-protection schemes. One option is Migo Software's Migo mobile computing software, which password-protects storage and saves settings for regularly used apps such as e-mail programs, browsers, VPNs or Microsoft Word personal dictionaries. These settings and files are stored on a USB device and can replicate the user's corporate desktop on any computer while on the road. At the end of the session, Migo will clean up after itself so that sensitive data isn't left behind on the temporary host computer. Finally, if the storage device is lost or stolen, access to the device is password-protected.
If password protection isn't enough, encrypting the data on a drive is another option. Several firms offer encryption software for mobile devices. Most recently, Longmont, CO-based encryptX announced its SecurFlash for USB offering, which provides users with a drag-and-drop interface for placing encrypted files on their USB drives. But enforcing encryption policies can be difficult. To that end, DeviceWall and SecureWave both supply software that can enforce encryption policies or control what data may be saved to external devices.
Given all of these potential pitfalls, some administrators may wish to simply block users from writing to portable storage devices. Methods to prevent users from writing data to portable storage devices range from brute-force tactics like putting epoxy in the USB ports, to using DeviceWall or SecureWave to deny access to ports. But given that external drives can be connected not only via USB but also FireWire, external SATA or Ethernet, blocking every conceivable portable storage device may require IT administrators to inventory and block all possible ports--a major investment in both time and resources that still may not be successful in the end.
--Logan G. Harbaugh
This was first published in September 2006