IronKey

Mobile Data Security Blog

Home  »  Articles posted by Ken Kadet

by

Microsoft Interview: Windows To Go, Year One

When Microsoft launched Windows 8 in late October 2012, Windows To Go was immediately identified as a “hot” feature, designed for IT and perfect for BYOD.  The concept is both simple and powerful: your own fully manageable, corporate image installed on a bootable, certified USB drive.

As a key provider of certified drives for Windows To Go with our own IronKey Workspace solutions, we thought this would be the perfect time to ask our friends at Microsoft to reflect on the first year of Windows To Go.  The result: the following interview with Craig Ashley, Senior Product Manager at Microsoft for Windows  To Go.

Ashley_2x3

Microsoft’s Craig Ashley

How has the reaction been to Windows To Go since its introduction last year? Have there been any surprises?

I can honestly say it has been very positive. We developed Windows To Go with this idea that for customers that fall into a range of scenarios, from bring your own device to traveling light on the go, we could fit a full version of Windows on a USB drive and enable customers to have their own full version of a PC on a stick that fits in their pocket. This meant large enterprises with contingent staff or companies that had shared PCs or highly mobile staff could have a seamless PC experience regardless of the device they were on.

We have actually been surprised by how many customers are coming out with new and innovative scenarios. One of those was during the 2012 London Olympics.  Like most businesses last summer, the Imperial College Healthcare NHS Trust faced significant potential challenges to its ability to provide high quality care and services due to the Olympics pressure on transport networks in the city, which could prohibit staff from making it to work.  They originally thought the only solution was to provide staff new laptops.  However, Windows To Go provided a far more cost-effective and seamless solution that not only allowed their staff to successfully work remotely, but was simple to roll out.

Which vertical markets have really expressed an interest in Windows To Go?

We see interest across quite a few vertical markets. For example in healthcare and the public sector, Imperial College Health Care NHS Trust (which I previously mentioned) and the IT staff in Fairfax County, Va. see a good fit for teleworkers or remote workers who can boot Windows To Go on their own devices, as it allows them to use their device of choice and saving the companies the additional costs associated with managing a BYOD device. Another example is in manufacturing, where Boeing is currently piloting Windows To Go drives to sourced employees or contactors instead of a PC. One last example I’d like to share is in the airline industry, where Emirates, an international airline, distributed Windows To Go to use on their Windows 7 tablets for testing a new app at home before deploying the final version of the app on a Windows 8 tablet.

Other than government and regulated industries, are there any surprise industries that are testing Windows To Go?

We have seen interest across a wide range of industries. While the interest in Windows To Go is broad, the reasons for testing, piloting and deploying are similar: Windows To Go is just Windows 8.1, but on-the-go. By that I mean enterprises can manage it, deploy it, load applications on it, track it, and secure it just like they would their other Windows devices. For example, if customers use Windows To Go for contractors or remote workers, they can deploy using their existing processes.

Are you finding that most Windows To Go testers were already on the path to Windows 8 or are you finding that Windows To Go is a catalyst for Windows 8 adopters?

With Windows 8, we helped our business customers enable new scenarios for achieving everything from business efficiency to new forms of customer engagement. Some were already interested in great manageable Windows tablets. Some customers were excited by the security capabilities that Windows 8 offers. And some businesses are really seeing the value of Windows 8 through Windows To Go enabled scenarios.

With the launch of Windows 8.1, are more businesses familiar with the benefits and features of Windows To Go?

Absolutely. With any new feature or product there is always a learning curve associated with it. Windows To Go was first released last year with Windows 8, and since that time we have been continuously talking to customers, listening to feedback, and creating documentation necessary to educate users across a wide range of Windows To Go topics. One example and one that I am sure the IronKey team is very knowledgeable on is the fact that Microsoft only supports drives certified for Windows To Go. We have written blogposts and online documentation to be sure that customers understand this and many other Windows To Go requirements.

How long are prospects testing Windows To Go before they commit and what’s the size of the commitment (are they rolling it out slowly, just certain employees or across the board)?

Customer test plans and timelines vary by use case, industry, and the size of the Windows To Go deployment under consideration. Because Windows To Go is just Windows 8.1, customers are able to test and evaluate Windows To Go alongside their broader Windows 8.1 deployments.

Is Microsoft encouraging employees to adopt Windows To Go? What has your experience been like?

You bet. At Microsoft we always “dogfood” our own products. From the initial stages of launching Windows 8, Microsoft employees have had access to create Windows To Go drives. Our internal IT teams have created documentation that outlines the steps and processes for us to create and employees can use Windows To Go for a variety of reasons. I have two drives that I use on an ongoing basis, one for demoing Windows To Go and one for my day job. Many nights when I pack up to go home I simply grab my Windows To Go drive, my keys and head for the door. If I need to do work at home, I use the drive on my home office desktop, so there is no longer a need to carry my laptop and bag with me every time I leave now.

 

by

IronKey Workspace for Windows To Go Review

Now that it has been certified by Microsoft, I was very excited to get my hot little hands on the IronKey Workspace W500 — the new platform from Imation for Windows To Go — and try it out for myself.

Imation's IronKey Workspace

Windows To Go is an enterprise feature of Windows 8. The implementation on the IronKey drive essentially lets you create an IT provisioned and managed PC on a Stick(tm) for work. You can use it securely on the work PC, then lock it down, unplug it, and then use it securely at home. The cool part is that when you’re using Windows To Go on an IronKey Workspace drive, everything from a data stand point is happening on the IronKey Workspace — the hard drive in the host computer is locked away from your workspace-on-a-stick.

As you can see, the IronKey Workspace looks great… a slick, simple, iconic design. The hard metal case is designed to resist damage and water, and to prevent unwanted tampering. Inside, AES 256 hardware encryption makes the data unreadable without a password, and the IronKey Cryptochip makes the encryption keys unreachable by even sophisticated bad guys.

But enough about the specs.  How does this thing work? Let’s get started.

The IronKey Workspace W500 is based on the iconic IronKey design.

In your typical enterprise, IT would use Windows To Go to either provision the drive for users, or to allow individuals to make their own Windows To Go devices on certified drives. The result is a corporate OS image on each IronKey Workspace. For this review, the IronKey Workspace had already been provisioned with a trial copy of Windows 8.0.

To get started, I plugged the drive into the USB port and pressed the power button. We immediately see something new — a Windows 8 symbol on my laptop PC — which normally runs Windows 7. If my PC hadn’t already been configured to boot from USB, I would have needed to make a quick adjustment to the Boot Options by hitting F12 during the initial boot up process.

Booting up Windows To Go

The drive opened up a preboot environment and asked for an admin password.

Entering the IronKey Workspace's preboot environment.

The IronKey unlocker explained that the drive needs to reboot. This is a security feature for the hardware encrypted drive. It ensures that no one can get near Windows or the data on the drive until they have proved who they are to the Cryptochip.  The preboot process also ensures that the IronKey Workspace connects to and accounts for the hardware configuration on the host PC — network connection, camera, sound, and more.

The IronKey Workspace reboots for extra security in Windows To Go.

And, after about 2 minutes, it was up and running on Windows 8. I spent a minute or so in the Windows 8 control panel to align the PC screen and the monitor, and I was ready to go! By the way, the next time I booted up the IronKey Workspace, because the device had already profiled the hardware on this machine, the boot process took about half the time.

Windows To Go runs the OS from the IronKey USB stick, but it let's you take advantage of the PC's hardware.

Another first time process — Windows 8 noted necessary updates to the anti-spyware and anti-virus programs. These were handled seamlessly. It also asked for a product key; as a trial copy, we didn’t need to do this.

A quick Windows 8 software update.

Now let’s put this PC on a Stick through its paces. The camera worked….

Windows To Go working seamlessly.

…as did the speakers, and the network connection. Tip: If you’re in an office don’t forget to turn down the volume before clicking on the latest from Macklemore & Lewis!

That's "Can't Hold Us" by Macklemore & Lewis on Windows To Go.

One point to note: The Windows Store is not available on Windows To Go workspaces in Windows 8.0. The Store will be available on Windows To Go workspaces made with Windows 8.1 when it ships in a month or so.

Windows Store comes to Windows To Go in Windows 8.1.

Web conferencing was seamless.

Discussing our next trade show via web conference.

We don’t have Office on the Windows 8 trial, so I downloaded and installed Evernote for Windows onto the IronKey Workspace to write this review. Installation was as quick and easy as it would have been on the hard drive. In fact everything I did was fast.  Even though I was running off of the external IronKey Workspace drive, the PC performed every bit as well (and maybe even a little better) as it would if it had been running off the internal hard drive.

Working on Evernote for Windows on the IronKey Workspace for Windows To Go.

In Evernote, I was able to type at top speed with zero latency. This ability to work productively offline is a key advantage of Windows To Go over online-only solutions like VDI.

Conclusion:

Overall, as I wrote this review, checked email, participated in a web conference, listened to music and took pictures, it was easy to forget that I was running the OS and applications on a USB drive instead of the hard drive.

And for Windows To Go and the IronKey Workspace, that’s exactly what you want.

by

California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.