Hi Stoic Joker,
Yes, principally they are worried about bugs jumping off the USB drives. I guess they would like to be protected against malicious intent nevertheless. No, not all users can be screened - they receive a training before using the machines, though. These machines do analytics as a service. Data do need to get transferred perhaps 10 time a day.
Simply disabling autoruns might be efficient, but taking some degree of paranoia into account, I do not believe this primitive solution would have a chance to be implemented.
Thanks a lot for the suggestions!