Making the case for secure cloud vaults for information sharing, physical external storage devices (external Hard Drives, USB sticks, micro SD cards, external flash, etc) represent a security risk that’s easily remedied (in theory).
Just last week, IBM announced that it would change its policy towards the use of mobile / external storage devices. In a nutshell, IBM decided that for its 350,000 employees, the use of those devices is no longer going to be allowed. They're not the first firm to adopt this stance, and I'm sure many more will follow.
Quite frankly, I'm not sure why any business would allow those devices to be used on or off premise, as the information breach from lost, stolen, or corrupted external storage devices can be astronomical, and detrimental to both reputation and brand. Avoiding the use of these devices in the first place is such an easy fix to a more complex issue of securing company and client information.
While there's a certain amount of convenience involved (oh, let me just put that preso / xls / doc on a stick so I don't have to lug my laptop home and work on it from my home machine tonight), the downside exposure is not worth the risks involved. Prior to secure cloud based storage, there was a definitive play for these devices, but in an era of secure cloud vaults, that's no longer a viable argument.
While policing the policy may be a bit more difficult (although you can impose scripts that make off-boarding information more difficult), the first step is to think about the type of policy you should impose to suit your unique environment. From there, there are many ways to enforce, starting with Group Policies (GPO's are Group Policy Objects). But before you casn run, you must walk, so think about your external device policy first, and if you need help with that, give us a call.
Here's the LinkedIn link to this post: