Flash drives are small solid-state memory sticks that are about the size of a highlighter pen and can hold anywhere from 1MB to 1GB of data. They're incredibly light weight, very portable and they are compatible with any PC equipped with a USB port running Windows 2000/XP, Mac OS 9-10X or Linux 2.4.17. Windows 9x PC's require a one-time driver installation.

USB Flash Drives have fast transfer rates (1Mb/sec), no moving parts, and they don't require a separate power source or batteries. Just stick the flash drive into the USB port of your PC and Windows Plug and Play will immediately recognize it as an additional drive. You may then copy the files you need to take with you, unplug the device from the PC and you're ready to go. Flash drives hold more data than a floppy, are more portable than ZIP drives and other remote storage devices, and more convenient to tote (and less fragile) than CD-RW disks.

However wonderful these new devices are, they have a dark side like any other technology. You don't have to be an administrator to install one of these devices under Windows 2000/XP, and you can't manage USB devices via Group Policy. Short of disabling all of the USB ports, they are impossible to defend against.

In the past, floppy disks were used to spread viruses and to add or remove data from your environment. Flash drives open an all-new avenue to seed environments. With their large capacities, imagine the amount of infections that can be carried into your environment and possibly released on your network.

Adding to this point, with additional capacity comes unauthorized or illegal software and/or copyrighted materials into your organization. People now have a virtually undetectable medium to introduce applications, audio, video, pornography and any number of things that violate security policies and applicable laws.

Users not only have a high speed/high capacity device to bring data into your environment, they also have the same benefits when removing data. Corporate espionage is a largely underreported problem in the United States and Europe. Attackers, corporate spies and disgruntled employees steal data everyday and in many cases these are crimes of opportunity.

With a Flash Drive, any unattended and unlocked PC with an enabled USB port becomes an opportunity. A little social engineering can give an attacker physical access to a corporate PC long enough to steal data or plant spyware. Disgruntled employees can take home sensitive data in a few minutes. Exactly how fast? At 1/Mb per second, a user can copy a 60Mb file to a flash drive in 60 seconds.