removable media
What is removable media?
Removable media is any type of storage device that can be removed from a computer while the system is running. Removable media makes it easy for a user to move data from one computer to another.
Removable media typically includes storage components and a plug-in adapter, like a Universal Serial Bus (USB) port, that can be inserted into a laptop computer or other suitably equipped device. The device might include driver software to launch its functions. It might also link up to the computer's operating system (OS), which handles all data activities associated with the removable device. Some devices might also have communications features such as access to Wi-Fi networks and Global Positioning System (GPS) connectivity, in addition to their storage functions.
Costs per gigabyte (GB) of storage for devices, such as thumb drives using solid-state disk (SSD) or flash memory stick technology, have continued to decline, so that devices with 256 GB of storage typically cost under $25 today. They are a cost-effective and secure way to store information. Simply removing the device from its computer establishes an air gap between the data and any potential security breaches.
In addition to data, removable media can also store audio, video, image and game files. Other devices, such as smartphones, tablets and digital phones, while not true removable media, are also effective tools for data storage.
How does removable media work?
All necessary components for storing and transferring data via the removable device are built into the device's firmware. Connectors on the device provide the interface between the device and its host system. Once the device is connected, it begins an exchange of data with the host system, establishing a connection. A secure connection is ideal to prevent unauthorized access to the device. Once the device connects to its host, data transfer can commence. If the device is no longer needed for data storage, it can be simply removed and stored for later use.
Form factors for removable media differ based on the type of device, its manufacturer, and the standard(s) on which its design is based. For example, a typical thumb drive with a USB connector differs in form factor from a Secure Digital (SD) device. Connectors are different and each device's storage array and firmware might be different to support specific file access protocols and data transfer speeds.
As with any system dealing with sensitive information, the application to be addressed and the device(s) being used must be compatible. When using different kinds of systems, such as a Linux system or a Windows system, the types of removable media might also differ, and must be verified in advance before any storage devices are obtained.
Applications for removable media
Just about anybody who uses a computer system has probably used removable media at some point. Games are popular activities in which removable media play an important part. All game resources can be contained in the device; starting the game is as simple as plugging in the device.
All kinds of data, databases, systems, networking resources, video files, audio files, image files and other content can be stored on removable media. One important application is to use removable media to back up other storage devices, such as a hard disk drive (HDD). While the external hard drive might contain regularly used systems and files, some highly important items can also be backed up to a removable storage device.
Even items that are normally housed in a cloud storage service might benefit from emergency storage resources, like disaster recovery, provided by removable media. Depending on the sensitive data being backed up, removable media offer a cost-effective added layer of protection.
Types of removable media
As noted earlier, many different types of removable media are available with different storage capacities, data transfer speeds, physical connectors, and support for specific storage protocols.
Examples of removable media include the following:
- CD-ROMs.
- DVDs.
- Blu-ray discs.
- USB drives.
- SD cards.
- Floppy disks.
- Magnetic tape.
Devices with the storage media embedded inside the form factor are likely to be more resilient to physical handling than magnetic tape or floppy disks. For any type of media, it must be shielded from physical contact so as not to disturb its magnetic properties.
Advantages and disadvantages of removable media
In a storage context, the main advantage of removable media is that it can deliver fast data backup and recovery times associated with storage area networks. Removable storage media can also help organizations meet corporate backup and recovery requirements because it is portable. Additional benefits of removable media include the following:
- Storage capacity. Removable media can have a higher storage capacity than an HDD. Considering that 256 GB of storage can cost under $25, the investment is certainly worthwhile.
- Fast data transfer speeds. Removable media can support faster data transfer speeds because there are no internal cables connecting devices
- Lower cost per GB. Removable media are highly cost-effective, in addition to their portability and overall convenience.
- Easy to carry. Most portable storage devices are small and lightweight, making them easy to carry around, as opposed to HDDs or network attached storage (NAS) arrays.
- Simple and ready to use. Plug the device into the system where indicated, and the device is ready to use; just find the device in the computer's file system.
On the downside, several important issues must be addressed to maximize removable media, as follows:
- Device theft or loss. Devices are generally small and can be misplaced or lost; they can also be stolen while sitting on a table or while plugged into a device. Ensure that alternate backup arrangements are in place, especially when using removable media as a principal storage resource.
- Theft of data. Devices can be used to store data that has been exfiltrated, e.g., transferred without authorization, for subsequent use by hackers.
- Viruses contained in Autorun.in programs. These are executable programs that launch upon insertion into a host computer; viruses might be embedded in the Autorun.in software.
- Lack of device security. Removable storage devices might or might not contain native security measures, such as passwords and encryption; before using a new device, check it for malware and establish security measures, such as password protection.
- Ease of malware transportation. Portability is also one of the technology's main drawbacks. Ransomware attacks can be transferred from computer to computer by removable media such as a USB flash drive.
Security risk guidance for protecting removable media
In addition to storing media in secure locations when not in use, security for removable media is an essential consideration. Ensure that the host device has antivirus software that can scan the media for any malware. Anti-ransomware software is also recommended to minimize cybersecurity threats. Protect access to the storage device by using passwords and any other measures to prevent unauthorized access. Encrypt data stored on the device to further protect it from damage or theft.
Media that have an Autorun feature might also have an embedded virus or other malware. It might be necessary to disable the host computer's autoplay and autorun features.
Once the removable media device no longer needs to store mission-critical data, that data should be removed from the device. Ultimately, removable media might no longer be needed and should be repurposed or destroyed using techniques specified in the organization's data governance plan.
If a removable device is found, and no identification is visible, do not plug it in until it has been scanned for possible malware. Ideally, this can be done using an air-gapped computer not connected to any internal or external networks.
Ensure that the data governance policy covers removable media access and that it meets the following requirements:
- Identifies the different types of storage devices that have been approved for use by the IT department.
- Requires that passwords must be in place.
- Ensures that data is encrypted.
- Establishes an inventory of removable devices for tracking purposes.
- Prohibits the use of personal media devices unless the device has been authorized by IT.
- Calls for performing periodic scans of all hardware to identify possible rogue devices.
Removable media can pose security problems. But there are ways to control who has access to optical disks and USB drives in Windows' Active Directory. Learn how to disable removable media access with Group Policy.