Next we considered employing the DLP endpoint agent to block USB drives, but we already knew about a bug that prevents the agent from differentiating between a USB drive and a second hard drive installed in the laptop. Our DLP vendor is working on a fix for that problem, but we don't have it yet.
We also investigated the use of Microsoft Group Policy Objects, and that may work for the long term, but that fix wouldn't be quick enough to meet our present needs. The quick-and-dirty option that we settled on to block the use of external storage devices was to change a policy configuration in our endpoint antivirus software. No one had to travel to the site, and we weren't disabling devices such as mice, keyboards and cameras. Critically important, we have a policy set up that makes it impossible for users to disable antivirus protection.
Now that we feel more secure about what is happening at the office of the offshore vendor, we will work with our legal and human resources departments to investigate the source code leakage in more detail. That vendor might not work for us much longer. I will also be advocating that we restrict the use of USB drives on all corporate devices used to process sensitive information.
Sign up for CIO Asia eNewsletters.