You can take your iPod with you to the mall, the gym, maybe even the library. Just dont take it to work (or into the barracks if youre a soldier in the U.K.). iPods, the ridiculously popular digital music players from Apple (a company once known for its computers, remember?), have been getting some bad press lately in security circles anyway. Three weeks ago Gartner released a report, How to Tackle the Threat of Portable Storage Devices, which warned companies about the risks posed by iPods, keychain drives and other small gadgets with large storage capacity that connect to computers via USB or FireWire ports. A week later, Britains Ministry of Defense announced that many of those same devices would henceforth be banned from most military areas. What gives?The technological problem here is not new. Portable media, going back to the original floppy disks, have always presented a security problem because they allow a user to easily record and distribute potentially sensitive information. If theres a difference now, its that these devices are small enough to be concealed in someones pocket and large enough to hold hundreds of megabytes or even gigabytes of data. If youre employees are trustworthy, this may not be a problem worth investigating. If your employees are not trustworthy, then maybe these devices arent your biggest security concern. But compromising data is not the only risk posed by these so-called unauthorized devices. Gartner also warns that these devices could introduce viruses to the corporate network (again, nothing that couldnt be done already with a floppy or CD). Gartner advises companies to develop a policy for portable storage devices (which includes awareness training for employees) and manage access of USB and FireWire ports. Once again security executives are presented with a tradeoff: the convenience of portable media such as keychain drives versus the risks of network exposure. Does your company regulate portable storage devices? Should you start regulating them now? Tell us what you think. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe