Apr 09 2008

Drives Across the Enterprise

For wide use, USBs may require more oversight than you might think.

A USB drive seems like today’s ultimate commodity item: small, portable, fairly rugged and simple to use. And from the cheapest (at a few bucks) to the priciest (at a few hundred), it’s a relatively inexpensive item.

But when you plan to use flash drives across an enterprise the size of a large agency, there are both cost and technical considerations.

First, there is the purchase price. A low-end flash drive might retail for as little as $20, but a 2- to 4-gigabyte drive that’s FIPS-140.2-certified will typically ring up at three figures. 

Now, do a little math. If a large agency — the Defense Department, NASA or the Treasury Department, for example — buys these in-demand tools for enterprise use, the total investment could easily exceed a half-million dollars. That’s no longer just an ad hoc buy.

Then there are the technical considerations, say Dennis Chen, product marketing manager, and Sam Tran, field application engineer, for Kingston Technology. Typically, flash drives are plug and play, but when rolling out across a large organization, there are three potential hiccups that IT might encounter:

  • Port-access controls rebuff the devices: In an enterprise setting where the IT team has deployed a product that limits port access, some drives will conflict with the perimeter security applications. Often, IT will be able to reset the control application’s rules and solve the problem, but some devices won’t work with some of these applications, Tran says.
  • An automatically assigned drive letter conflicts with a network drive letter: Microsoft Windows XP automatically assigns a drive letter to a flash drive, but if a network share already uses that drive, there’s a mapping crash. The user can’t see the drive, says Tran. This requires an administrator to reset the assignments on each machine, he says.
  • Locked-down registry files prevent users from moving files on and off the drives: An administrator will need to reset the blocks on the registry files, Tran says. In a Windows environment, these are typically Group Policy settings.

Finally, an agency planning to buy several thousand drives will want to look at the preset options for password controls and default-access attempts and decide which ones it might like to have the vendor customize before purchase.