Roland Piquepaille's Technology Trends
How new technologies are modifying our way of life
Roland's weblog
Weblog Archives
Rate this Blog
Roland's website
 

Personal Memory Devices Will Proliferate and Must Be Managed by IT Organizations

[Note: This article arrived in my mailbox this morning. It has been written by Jack Gold, Jonathan Poe, Val Sribar, and Doug Laney, from the META Group, and is dated October 29, 2002. It is not available on the META Group Website yet -- unless you decide to go through a lengthy registration process. This story should be available without registration in about a month. Roland Piquepaille.]

Three years from now, a corporate VP arrives at a remote site to brief the staff on major changes in operations. He has no laptop -- not even a briefcase. In fact, his hands are completely free. In the meeting room, he takes a tiny memory device from his key chain and plugs it into a waiting computer. In a moment, he has not only his presentation, but also his entire desktop environment -- with all his software and data - available.

This scenario is not farfetched. Corporate executives are already carrying 2 GB or larger memory devices on key chains and entire miniature computers in high-end PDAs that are capable of tasks like projecting the slides of a presentation. Within a few years, those devices will grow to 10 GB or larger. Currently, 2 GB devices are priced so low that vendors give them away at conferences.

With the capacity of personal memory devices growing even as their price falls, and with flash technology enabling these devices to be made in numerous convenient shapes, usage of these devices is growing rapidly. Executives are already carrying both personal and corporate data, ranging from MP3 files to presentations, on these devices. The device can be plugged into an appropriate system (e.g., an MP3 player to listen to music while flying; a computer to add the latest figures to a spreadsheet or compose a memo; a projector to display slides while making a presentation). It is no longer necessary to carry 20 pounds of laptop computer -- just a tiny flash memory device.

Currently, however, users cannot always be confident that they will be able to access their files at the remote location. They need a computer that can read the memory device and has the appropriate software.

"The next step," says META Group analyst Jack Gold, "is to establish standards so that executives can be sure they will be able to read their data in the computer at their destination -- or enroute, in airport lounges, on airplanes, and in hotel rooms." Then, as the capacity of these tiny memory devices grows (we would not be surprised to see 10 GB devices within 18 months), users will be able to go beyond data to carry the entire contents of a laptop's hard drive on a device attached to a key ring.

This obviously creates potential problems as well as opportunities, and business and IT organizations need to work together to develop guidelines and rules for using these devices. First, however, they need to understand that they cannot forbid the use of these tiny, cheap memory devices. To do so -- or to create an onerous set of rules -- will simply drive their use underground and remove any control the business may hope to have over them.

These memory devices are vulnerable to theft, loss, and breakage. Therefore, the business needs to explain to users that they may not carry sensitive data (e.g., personally identifiable medical information) on these devices. It also needs to establish standards for backing up the data on these devices so that users do not lose the only copy of vital information if the item breaks or is lost.

These devices also present another kind of security risk -- the potential for corporate espionage by dishonest employees. This danger began with the floppy disk, but it is exacerbated with a tiny device with a capacity of 5 MB+ of storage that can easily be hidden. Dealing with this risk will be difficult because there is no direct way to intercept the device.

Mixing personal and business data on the same device also has the potential to create problems. Users should be made to understand that if they plug a memory device carrying financial or other personal information into a computer on the corporate network, they cannot presume that the personal data will remain confidential. It could easily be copied onto a server automatically as part of a backup or even end up in an e-mail or other public setting. Users must understand that they bear sole responsibility for the protection of their personal information.

USER ACTION: IT and business leaders should plan for the proliferation of tiny personal memory devices as well as increasingly powerful PDAs and other mobile devices. Such devices will become nearly universal in the next few years, and organizations cannot prevent their use to store and carry business and personal data. Already, any computer running any Windows OS, starting with Windows 2000, can automatically read any memory device that connects through a USB port, including CF and SD cards in readers attached to the USB and other devices with their own USB ports. An increasing number of companies already have executives carrying these devices, often without the knowledge of the IT organization. The help desk should be prepared to receive questions about them when they do not work, and the IT organization and the business must develop guidelines for their use. Ultimately, these devices cannot be locked out, so they must be accommodated and managed.

Click here to visit the Radio UserLand website.
Click to see the XML version of this web page.
Click here to send an email to the editor of this weblog.
© Copyright 2003 Roland Piquepaille.
Last update: 01/10/2003; 15:39:17.