There has been a significant increase in the use of portable USB storage devices to store, backup, and transfer information between PCs and locations. Conventional methods for controlling the devices and applications that may be accessed from USB ports are insufficient to address the current and growing risk related to these devices and applications.
Individuals, corporations and government agencies are increasingly becoming uncomfortable with allowing employees and other authorized personnel to utilize portable USB storage devices to store or transfer sensitive data and information. However, current methods lack the ability to easily prevent or detect the use of USB storage devices and computer applications accessed from USB storage devices.
Current methods also lack the ability to allow an individual, a corporation or a government agency to effectively control types of other USB non-storage devices which may be utilized. These devices include printers, scanners, cameras, music players, and other devices which may or may not be authorized.
It is estimated that over 130 million portable USB storage devices will be sold worldwide in 2007. The majority of these devices are predicted to be “smart drives”, which will include executable computer programs. These portable USB storage devices and the applications executed from them may not be authorized by the security policy or PC user. Therefore, as a result of the potential exposure related to USB devices, these devices are often prohibited by many corporate and government security policies. Although the devices themselves are often prohibited by policy, it is difficult to prevent or detect their usage with current methods.
This invention addresses these issues through a method which detects the use of portable USB storage devices and the applications executed from these devices and limits the devices and applications based on user defined criteria. Consequently, the invention may also be used to prevent or detect the use of other USB devices such as printers, scanners, cameras, music players, and other devices that can be attached to a USB port on a protected PC.
As a result of the limitations related to current methods, portable USB storage devices are considered to be a significant cause of exposure related to the potential loss of confidential data and information Therefore, a need exists for ensuring that only authorized devices and applications are accessed from USB ports that addresses these shortcomings in the prior art.