When Baptist Memorial Hospital-Memphis did a network audit in early 2005, the Tennessee hospital got a shock. Scores of corporate staff were downloading data to a wide variety of devices. After running an audit on 6,000 workstations, Baptist discovered that staff were connecting “thumb drives, iPods, PDAs, phones—all kinds of things to the network,” recalls Lenny Goodman, director of desktop management for Baptist Memorial Health Care’s 14 hospitals, including Baptist-Memphis. Some of the external drives were used for legitimate data backup purposes, says Goodman. But iPods?
The hospital itself was in part to blame. Prior to the audit, the facility had not provided workers with any external data backup devices, and not all data on local workstations was backed up on the network. As a result, some staff would copy data from their workstation to a device to work on at home or to present during a department meeting. “People would see a newspaper ad for a $29 one-gig flash drive at Target and say, ‘Here’s my back-up,’” Goodman recalls.
Since the audit, Baptist has kept a close watch on the use of external data storage devices. It mandated that any such device must be password protected and encrypted, deeming other devices off limits. Using network auditing software from Safend Ltd., it then disabled the data ports enterprisewide to prevent unauthorized devices from linking to the network. Users attempting to hook an unauthorized device to a workstation now get a warning message. And the Safend software will keep tabs on which users attempt to use unauthorized devices.
In addition, Baptist began issuing secure flash drives to staff with legitimate needs to tote data from a workstation. Upholding Baptist’s security policy, the flash drives from Kingston Technology are password protected and encrypted. Someone finding a lost drive could not access data on it. “If you reset the password, all the data on the drive is wiped out,” Goodman says. Initially, Baptist is deploying 100 of the secure flash drives to users in its corporate headquarters; in time, it will distribute an additional 400.
Baptist conducted a yearlong vendor search before settling on Fountain Valley, Calif.-based Kingston, considering some 10 vendors, Goodman says. The primary benefit to the Kingston drives is that they do not automatically install an interface to a local workstation. “Many devices install an interface on the host machine to work,” Goodman says. “That in itself is something to avoid.” —Gary Baldwin