So, the problem is that people can attach removable storage devices and copy data to them?
Seems to me like a simple solution would be:
1. Lock down local hard drives; only allow users to store data on network servers.
2. Lock down settings so that workstations automatically lock or log out after a timeout; enforce a policy of locking/logging-out-of workstations.
Then it wouldn't matter if a thief took the whole machine, there's nothing on it and no way to get it without breaking some other, supposedly secure, component.
If an attacker can run an arbitrary program on your desktop, you are already toast.
You can also make it harder to compromise the local machine by only allowing hard-drive boots and setting a bios password. On some machines bios passwords are stored in NVRAM (IBM thinkpads) so even taking out the bios battery won't clear the password. For the truly paranoid, install case-open detecting hardware.
This is just the same old physical security problem we've always had, except that iPods can hold as much as Johnny Mnemonic now. But in the old days, copying files to floppies, or network-transferring them to another computer, or installing keyloggers... all these things are old news, really.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds