Just about every merger winds up having some unexpected consequences and the acquisition of McAfee by Intel is no exception. In this case the unintended consequence is a decision by McAfee to exit the USB security device market. The business is now being transferred back to Imation, which developed the technology that McAfee licensed.
According to Lawrence Reusing, general manager of Imation’s mobile security unit, even though the USB security market is growing McAfee told Imation they would have the time needed to effectively service that market given competing priorities. Reusing says Imation intends to vigorously compete in space that is in many ways just coming into its own as IT organizations increasing become concerned about mobile security.
USB security devices work by making sure that a mobile computing device can only work with a particular type of USB device. The USB security devices are centrally managed by the IT organization that applies the IT policies to these devices using tools such as McAfee’s ePolicy Orchestrator software. Unfortunately, a recent study conducted by The Ponemon Institute found that most USB devices are rarely centrally managed. However, as awareness of security issues continues to rise, an opportunity to manage those devices starts to emerge for the channel.
As USB drives have become more popular hackers and other digital miscreants have begun to use them to transport all manner of malware. One of their favorite ploys is to leave USB drives somewhere that their intended target can easily discover them. Once that device is inserted into a machine connected to network all manner of chaos can suddenly be injected via a trusted system. In fact, it’s suspected that that infamous Stuxnet worm might have been introduced into systems at Iranian nuclear facilities using just such a method.
The challenge with USB security from a channel perspective is that it’s difficult to convince people to pay a premium for secure USB drives when every company on the planet gives them away for free as part of their marketing promotion efforts. Given the relatively thin margin on the devices themselves, the real money is obviously in setting up the centralized security management systems needed to manage them. The good news is that given the rise of the bring your own device (BYOD) to work phenomenon this is a conversation more customers are willing to have.
In fact, BYOD and other forms of the so-called “consumerization of IT” are really forms of rebellion against strict command and control mechanisms that many IT organizations have out in place because of security concerns. Now they need to revisit those policies and practices because so many end users are now routinely using mobile computing devices and software-as-a-service (SaaS) applications to end run the IT organization.
In short, the security issues associated with USB drives is nothing less than a symptom of a larger problem facing IT organizations, many of which are now looking to their IT services companies for ways to manage all these devices in the most unobtrusive way possible.