Lessons From IBM: Why Businesses Should Ditch Removable Storage To Keep Data Secure

Recent Posts

It is in the best interest of any modern organization to develop and document specific rules for its employees regarding the use of personal devices to access or store work-related information. This not only applies to the use of personal smartphones, tablets or laptops to access company files, as stringent policies regarding removable storage devices are making an appearance in larger enterprises. Banning removable storage devices (USB sticks, SD cards and flash drives) completely in a strengthened effort to keep data secure could soon become the new norm.

IBM announced earlier this month that it is disallowing the use of portable storage drives, effective immediately, for all of its employees. The policy was enacted as a means to tighten security in an increasingly complex environment that is vulnerable to threats. As part of its regular procedures, IBM continuously reviews its security practices and amends them as necessary to keep data secure. Banning removable storage for all of its 350,000+ employees may have been devised as a reaction or result of a specific known threat, but regardless, many organizations would be wise to consider such a policy within their enterprise.

This ban isn’t only relevant and applicable to major tech corporations. Consider the recent breach of private patient records that rattled the healthcare industry and heightened the urgent need to tighten security practices and adopt HIPAA compliant storage solutions for secure file sharing for work. Whether your organization falls in the tech sector, healthcare industry or other fields, including marketingmedia or education, establishing a clear line between personal devices and approved business data storage software should be reviewed and implemented as systematically as any other policy valued by your organization.

Consider the fact that sensitive internal information stored on a portable device can become compromised at any moment. If an employee drops his or her device, or a bag containing the removable storage drive becomes stolen or lost during travel, all sensitive data can now be exposed to the public and should be considered breached. If this internal data is only stored on the external drive and is not backed up elsewhere in the cloud, not only is security a major concern, operations could be hindered by the loss of documents, files, records or any data required to conduct business and protect customer information.

As IBM’s Global Chief Information Security Officer Shamla Naidoo stated, “The possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimized.” In an age when the general population craves convenience and quick access to information anywhere, it also makes good sense to restrict the use of clumsy physical devices in favor of a sleek, efficient solution for secure file sharing for work. There are numerous alternatives to storing internal files to keep data secure, but a modern FTP platform is a proven method to ensure files are encrypted and cannot be easily accessed by unauthorized parties.

There is some concern that banning portable storage drives at work could result in employees turning to their own preferred file-storage system, such as their personal Google Drive or Dropbox accounts. According to research firm Clutch, almost half of employees do not formally acknowledge their company’s cybersecurity policy, with 59% claiming they only receive security training in the workplace once per year. Not only is a written cybersecurity policy crucial for any employer to keep data secure, also having regular trainings, necessary amendments to the policy, risk assessments and incident response plans enacted can mitigate potential resistance or apathy related to the procedure. The policy should include clear guidelines about how and where company files are to be stored, shared and accessed.

One solution is to document a rule that all employees and related business associates must use the same authorized FTP storage solution for uploading, sharing and accessing any work-related file. A platform like BrickFTP is specifically designed with businesses in mind to keep all internal data stored in one place. The software also offers ongoing logs of who is uploading what files when and customizable security settings that can be created for specific files, folders or users.

Human error or unforeseen malicious intent is often unavoidable for any firm, and this can have disastrous consequences for the security and reputation of the business. However, taking steps to safeguard work-related data and keep it in a centralized location is key. Banning removable storage devices across the organization may be perceived as a quick fix or temporary solution to a much larger problem, but consider it a step in a broader plan for your business’ unique security policy. Placing controls on your internal company data is essential so no matter where this information is accessed, it still maintains layers of protection that keep it out of the wrong hands.

BrickFTP offers specific capabilities to ensure secure file sharing for work for a vast number of industries. Flexible permissions, brute-force protection, in-transit and at-rest encryption, activity notifications and compliance with regulatory data sharing or storage requirements are among the features included to keep your business and its data safe.

Questions? Need help?

Please let us know how we can assist you. We’re here and glad to help. Please contact us by email, chat (in your web interface when logged in), or phone (1-800-286-8372 ext. 2).

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2024 Files.com. All right reserved


  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact



(800) 286-8372


9am–8pm Eastern