IBM, developers of the first hard drive, has declared that henceforth, all employees are banned from using removable storage of any kind, including CDs, DVDs, USB sticks, and portable hard drives. Presumably Zip drives, Jazz drives, 1.44-inch floppies, and portable tape recorders are also banned, though the company neglected to mention these by name.
According to IBM chief information security officer Shamla Naidoo, the ban is intended to shove users towards using IBM’s cloud services for file distribution and collaboration. The Register quotes Naidoo as justifying the move because “the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimized.”
Indeed. It’s absolutely true that USB sticks and other forms of portable media can be a security challenge. We’ve written before about various types of malware that can live on a USB drive waiting for an unsuspecting user to find them and slip them into a system. In extreme cases, such drives can be used to destroy a machine at the hardware level. From a security perspective, this policy makes some sense.
But if you’ve ever done any kind of IT work, you know that real life adores these kinds of rigid policies, precisely so it can fling you curveballs that suddenly become problems. I had to hang on to a 1.44-inch floppy drive long after they’d stopped shipping in new PCs, for example. First, Windows XP (the dominant OS of the time) didn’t support loading storage drivers off anything but a floppy, unless they were slipstreamed into the OS image on the CD. Second, BIOS updates of the day couldn’t be run off anything but floppy disks, either. This eventually improved, but it wasn’t unusual to have a BIOS flash utility that was only compatible with FAT16 or FAT32 devices, while you had an NTFS partition on the primary drive. How often did I use that floppy drive? Almost never. Most of the time, there were ways to get around driver issues. Most motherboards didn’t need a flash. But it’s the “almost” in “almost never” that made me keep the stupid thing around, long after it should’ve outlived its usefulness. Hell, I think I’ve still got one sitting in the garage.
Of course, it’s possible IBM has perfectly programmed its systems, built the perfect cloud sync system, conceived of every possible circumstance in which its employees might need to access said system, and taken every step to make certain nobody on a service call winds up not being able to access necessary files due to network permissions or firewalls.
But you know, I kind of doubt it. Despite the enormous differences between mainframes and conventional x86 hardware, some things don’t change. Systems still need to be reconfigured on occasion. Not every customer setup is going to be configured for prompt cloud access. We’ll probably never hear about it, but some poor engineer somewhere is going to wind up wanting to yank out their hair over this, at least every so often.