IBM Bans All Removable Storage, for All Staff, Everywhere

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
In order to minimize “financial and reputational damage from misplaced, lost, or misused removable portable storage devices,” IBM has opted to ban all staff from using flash drives and similar forms of storage. Employees will have to use the company’s sync ‘n’ share service to move data around.

But the advisory also admitted that the move may be “disruptive for some.” She’s not wrong: The Register understands that frontline IBM staff sometimes need to download patches so they can be installed on devices they manage for clients and that bootable USB drives are one means of installing those patches.
 
Seriously? We've had this banned for years at the bank. Things like patches should have a download service.
 
  • Like
Reactions: erexx
like this
I can under stand banning removable drives at a bank or other secure location, but for anyone doing technical work it would make the job much more difficult.
 
I used to work in IT for a large bank. Years ago. Removable storage was banned. IT could still use it, but there were some pretty tough hurdles to do so.

For one the drives had to be clean wiped then 100% encrypted. Each pc had the client to read/write the encrypted drives.

The only group that had an exemption on that were the people actually imaging machines. That was normally done over network, but sometimes needed on site work
 
So does ibm not have a single computer isolated from the network?
 
D7002036E5C377D8C899039637CA0150DE6A442F.png
 
Since they are a renowned tech company I hope they are not naïve about this. I mean do they also ban any other piece of technology that can hold data?
Smartphones, mp3 players, smartwatches,...
 
Just simply too easy to "leak" things. USB drives are also really great vectors for bringing in malware. I'm surprised that IBM hadn't already done this years ago. Most large tech companies worth their salt have already switched to encrypted storage for both internal and external media. Apricorn drives for external USB/removable drives have become the norm at lots of places I've been to.
 
Supercharged_Z06 said:
Apricorn drives for external USB/removable drives have become the norm at lots of places I've been to.
Click to expand...

As much as I hate how this works now, the mega bank I work at really got this. The physical PCs we order these days, no USB ports and in time we're moving to all virtual
 
Last edited:
Hey heatlesssun, erexx didn't say that... Fake quote, fake quote! :)

Yup, those innocent years of the USB thumb drive are pretty much over aside from home/family use.


Master_shake_ said:
so dropbox then?
Click to expand...

Nope - access to sites like that are pretty much completely blocked by corporate IT (At least where I work.)

If you are working in the banking or defense industry, thumb drives are those novelty items you used to be able to use 10 years ago...
 
Well, this is NOT going to bode well for us in the field service division. Booting off USB keys is a daily practice after replacement of system boards to load the VPD and firmware. Guess they better give us a part number for a 100 pack of CD-R's for us to burn to load code for the various manufacturers that we support. (We have engaged in a LOT of outsourcing to provide service for other companies, due to our own shrinking hardware footprint)
 
There is most certainly no other way to transport data from a computer to external storage other than a direct USB connection.
Most certainly.
They've completely obliterated all methods with this one masterful stroke.
Well done, IBM. You've saved the internet.
 
Meeho said:
Never seen more than one on new MBOs, but OEM could be different.
Click to expand...
They have splitters that allow 2 devices to plug into 1 port. Granted most newer systems cant do it from what I understand but was common on old systems.
 
glutto said:
There is most certainly no other way to transport data from a computer to external storage other than a direct USB connection.
Most certainly.
They've completely obliterated all methods with this one masterful stroke.
Well done, IBM. You've saved the internet.
Click to expand...

No, you are incorrect. Nothing has been obliterated, its just positive control over what goes where and how it is stored. There are secure USB thumb drive options on the market. And it's not that USB ports that are turned off, rather the OS is configured by corporate IT policy to reject and not work with any "non-approved" USB memory storage device. They can be configured to only accept certain approved secure USB memory devices like the Apricorn thumb drive for example and reject those that are not approved for use. So if your job relies on using thumb drives or external drives, there is a very easy solution.

Examples:
www.amazon.com/dp/B01N4U7GNA/
www.amazon.com/Apricorn-Hardware-Encrypted-Portable-A25-3PL256-1000/dp/B007JGB0EI/

What has been shut down is wanton use of just any unsecured USB memory device, where info is sitting on an external device in an unsecured fashion and anyone can just simply pick it up and access the stored info. (Especially if the drive is lost or stolen.) If you shouldn't be lifting data and transporting it or taking it home on a thumb drive and/or you aren't on an preapproved list to use an issued secure USB drive, then yes, you are screwed. But that's the whole point. They want to lock down/protect information and keep it within approved company owned devices and computers. Stop it from being so damn easy to pilfer by Chinese nationalist/other nefarious agents that currently have this way too easy way of conducting corporate espionage.
 
Last edited:
As an Amazon Associate, HardForum may earn from qualifying purchases.
My company simplifies the USB life by disabling all front USB ports on desktops. This guarantees only the smart will ever be able to make a mistake and connect an unapproved USB device.

Very important in a world of untrusted USB devices.

https://nakedsecurity.sophos.com/2014/10/06/badusb-now-with-do-it-yourself-instructions/

They only allow approved flash drives that use encryption on our network. But for the most part the IT masters at my company prefer good-old DVDs whenever possible, because there's no drive controller firmware to hack.
 
Last edited:
mord said:
I used to work in IT for a large bank. Years ago. Removable storage was banned. IT could still use it, but there were some pretty tough hurdles to do so.

For one the drives had to be clean wiped then 100% encrypted. Each pc had the client to read/write the encrypted drives.

The only group that had an exemption on that were the people actually imaging machines. That was normally done over network, but sometimes needed on site work
Click to expand...

Exactly. This isn't all that strange for those of us who have recently or currently work in high security institutions such as banks.
 
You must log in or register to reply here.
Back
Top