IronKey

Mobile Data Security Blog

Home  »  Articles posted by Lawrence Reusing

by

The 4 Benefits of USB 3.0—Are You Ready For This?

The USB flash drive is back. Often an afterthought in the buzz about BYOD, USB flash drives is once again becoming increasingly indispensable tools for the mobile worker.

What’s driving the resurgence of the USB stick?

  1. Windows To Go – Windows 8 Enterprise features Windows To Go, which lets you create a bootable, full featured Windows 8 desktop that runs securely from a certified USB drive. The solution is ideal for teleworkers and contractors who might want to use their own compatible computer setup but in a secure corporate environment. 
  2. Speed – Compared to the 12 Mbps speed of USB 1.1 and the 450 Mbps of USB 2.0, the “SuperSpeed” interface of USB 3.0 tries to live up to its name with a theoretical 5.0 Gbps (5,120Mbps) of bandwidth.
  3. Power – With a constantly expanding list of accessories and portable devices, bus-powered hardware has been pushing the limits of what USB 2.0 could handle. First, the 3.0 specification allows up to 80% more power consumption for devices running at “SuperSpeed.” Second, USB 3.0 includes an enhanced version of the USB-B connector called Powered-B, which allows USB accessories to draw power from peripheral devices, as well as hosts.
  4. Crossover Connection – In trying to establish a more robust ecosystem of USB devices, new features are implemented in the USB 3.0 to allow for cross-communication between hardware. USB 3.0 includes an established method of host-to-host communication through a crossover USB A to USB A cable. Additionally, USB 3.0 builds on the “USB On-The-Go” principles of allowing portable devices, such as smartphones, to act as either a USB device or a USB host, increasing their feature set and usability with existing USB devices.

It is this speed and power that make USB 3.0 drives the platform for USB drives certified for Windows To Go. Using USB 3.0 drives like our IronKey Workspace deliver a seamless experience booting and running Windows and productivity applications from a USB drive rather than the internal hard drive. This next iteration of the USB is really exciting as increased speeds, power and connection will prove beneficial to the mobile workforce.

by

Obama’s Executive Order and Critical Infrastructure Protection

The big news this week in cybersecurity was the Executive Order from President Obama regarding our nation’s critical infrastructure, a catch-all term that includes power plants, water treatment plants and a lot of other utilities and services that, if impeded, could impact our lives in significant ways.

Reading through the text, the Order mainly allows for information exchange between government entities tracking nefarious interests and the private organizations running the critical infrastructure those nefarious interests would aim to sabotage. Certainly, this sharing of data can only help. By learning what the government is hearing, the companies will no doubt be better armed to know where an attack might be coming from.

Perhaps the biggest positive result of the President’s move is that the spotlight is now on the issue of critical infrastructure protection, at least for the time being. And I think it’s easy for anyone to conclude that the executive order does not go nearly far enough in providing guidance or dictating rules so that the infrastructure can be best protected.

Critical infrastructure protection is a complicated beast, made ever the more complicated because of the changing nature of the workplace. As an example, we live in a world that is more and more mobile. Even the U.S. government is encouraging its agencies to support mobile work environments. But a mobile world introduces new attack vectors for those who wish to do harm, let alone the vectors that already exist in our interconnected computing environments.

It can be a daunting challenge to secure these environments. Organizations are being targeted through remote attacks and their employees are also being targeted as travelers so they bring back malicious threats into the organization. As we’ve seen on more than one occasion, employees at many organizations have inadvertently carried malware and other malicious software into their work areas and have accidentally installed that software onto IT infrastructure.

The security industry needs to give organizations an advantage over malicious software.  A comprehensive approach to cybersecurity will address these and other scenarios.

One place to start is where our IronKey solutions sit– providing secure, mobile workspaces that are centrally managed. This allows employees at any company, let alone those operating our critical infrastructure, to work in any environment without risking a security compromise.

Solutions that involve hardware encryption, encryption key management, and strong administrative and access management controls should be incorporated into any government-driven requirements for critical infrastructure IT systems.

by

The Mobile Worker – A Look Back and a Look Ahead

In 2011, there were approximately 1.3 billion mobile workers and this number is expected to grow to 1.6 billion by 2015, according to IDC.  And as the breadth of our mobile workforce expands, the opportunity for targeted data breaches is increasing exponentially as well.

The rise of the teleworker is a boon to business and government organizations. At the same time, the expanding mobile workforce is fueling the evolving threat landscape — Symantec’s 2012 Norton Cybercrime Report notes that cybercriminals targeting mobile devices and mobile vulnerabilities doubled from 2010 to 2011.  IT departments must find new ways to protect corporate data at risk of malicious penetration from the outside, and malicious or careless insiders as well.

So what does this mean for the IT department? A new generation of mobile workers needs secure, portable workspace environments, and secure mobile device control systems.

Here’s another look at our advice for IT departments managing a worker-on-the-go:

  • Staff need to be educated on the responsibilities of handling mobile devices and the data security risks
    Proper training has to be a major part of educating staff on how to use mobile technology in order to do their jobs without risking a data breach.
  • Implement secure computing solutions that allow employees secure access to what they need
    Teleworkers need to be able to conduct their daily business from any location and must therefore be equipped with hardware encrypted solutions with strong user authentication.
  • Provide a secure platform that locks down the host-computer
    As organizations continue to accept that mobile workspaces are extremely convenient and flexible, advanced centralized deployment and management are key elements of maintaining and controlling a secure environment.
  • Make it easy and convenient enough to avoid workarounds
    Mobile devices must act like the desktop an employee has left at their office otherwise users will inevitably break security protocols.

Employees and IT organizations should learn from the security-related mistakes of the past. Technological advancements to the ways in which we work will continue to evolve and while it is not something that we want to stop but we must leverage the lessons learned and be smarter about mobile safety.

by

Secure Working can’t be Optional

Data Security Holes Shown In Global IT

Recently Imation released the results of a study which reveal some important home truths about the current attitude of workforces across Europe towards remote working. The survey, conducted across the UK, France and Germany, also highlighted worrying shortcomings in Europe’s major IT markets around secure remote working in terms of both technology and policy.
Read More

by

How to Meet the Data Security Challenge of Employees

The Biggest Cause of Data Breaches is People

In June of this year, the United Kingdom’s Brighton and Sussex University Hospitals’ NHS Trust failed to ensure that hard drives containing highly sensitive patient information were erased completely before they were handed over to a contractor. The hard drives ended up being sold on eBay, earning the Trust a £325,000 fine from the UK’s Information Commissioner’s Office (ICO); the largest fine of its type ever issued.

Like so many other companies that are issued with these hefty ICO fines, the Brighton and Sussex University Hospitals’ breach was not caused by a faulty database or internal network problems but, simply, human error.
Read More

by

Data Breach Response Plans Should be Developed Now

Data Breach Response Plans Should be Developed Now.

In my previous post, “Data Privacy Brech Protection Laws Heat Map,” I highlighted the myriad US state regulations that govern what you need to do to comply in the event that your company experiences a data privacy breach.  What would you do if this happens? The time to decide is before it happens.

With federal enforcement, noncompliance could have serious ramifications, and the FTC is known for not shying away from levying penalties whenever it considers them appropriate.
Read More

by

Using Telework to Keep Government Open

Secure mobile solutions, telework, and BYOD support government and business continuity

In February 2010, relentless blizzards, later termed “Snowmageddon,” forced government agencies in and around the DC area to shut their doors for a record-breaking five days. The price tag for the closings: roughly $71 million a day, according to OPM (Office of Personnel Management) Director John Berry.
Read More

by

Data Breach Highlights Need to Encrypt Personal Information

Last week, Yahoo! announced a customer data breach, again illustrating the vulnerability of user identities on widely used services.  As reported by GovInfoSecurity, among others, a hacking group called D33Ds posted more than 400,000 usernames and passwords online.

The passwords were apparently stored in plain text and not encrypted, which highlights the need for service providers to implement stronger security practices and better protect user names and passwords.

While we continue to advise users on the ways they can strengthen the security of their personal information, companies storing that information must meet a minimum standard to help them do that. Network security won’t stop every attack, so encryption of personal information should be seen as the first wall of defense.

Comments? Email imsblog@imation.com