RESEARCH TRIANGLE PARK – Employees at IBM have been told they no longer can use USB sticks or other portable memory devices, including flash drives and SD cards.
That’s according to The Register, an international tech publication based in the U.K., which covers IBM in close detail.
“IBM bans all removable storage, for all staff, everywhere,” the website reported early Thursday.
“Risk of ‘financial and reputational damage’ is too high, says CISO [chief information security officer].”
Shamla Naidoo told employees via an advisory that the international tech giant “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).”
The move company-wide expands a policy that had been in place across “some pockets of IBM,” The Register reported.
The BBC noted the decision comes just two weeks ahead of new data security requirements known as GDPR taking effect in the European Union.
An IBM spokeswoman told the BBC: “We regularly review and enhance our security standards and practices to protect both IBM and our clients in an increasingly complex threat environment.”
IBM operates one of its largest corporate campuses in Research Triangle Park and employs several thousand people across North Carolina.
“Big Blue’s doing this because ‘the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimized,'” reported Simon Sharwood.
Big Blue workers were told that a “synch ‘n’ share” service is the “preferred choice” for data mobility.
IBMers are advised to use Big Blue’s preferred sync ‘n’ share service to move data around.
But the advisory also admitted that the move may be “disruptive for some.”
According to security expert Kevin Beaumont, the decision is “a brave move by IBM, as USB devices do present a real risk – often it is very easy to extract data from a company via these devices, and introduce malicious software.” But he also told the BBC that challenges remain.
“Technically it is quite easy to control access to USB memory sticks, along with controlling what data can be copied to them,” said Mr Beaumont.
“Realistically it can be problematic as you will find staff who use them for legitimate business purposes – this will require staff members to change workplace habits,” he explained.
Also, Sumir Karayi, chief executive of security company 1E, in an interview with the BBC, warned: “Stopping USB is not going to prevent people from stealing data,” he said. “As for loss, a laptop, a NAS device or credentials to an FTP server are just as easily lost.”
