IronKey

Mobile Data Security Blog

Home  »  Archive by category "BYOD"

by

OMG – eWaste?!

 

The guys in engineering hired some contractors in India and were ready to send them a few laptops :“Stop!” I said.

“Contractors are a perfect use case for Windows to Go. Load up everything your contractors need on a secure PC-on-a-Stick™, including our IT-secured OS, applications, data, and VPN,  and then just mail them the devices – simple and quick. They can run from any computer they want. When they are done, you can remotely disable the device in case they “forget” to return them.”

“Naw, we’ve got a couple of older laptops sitting around and that’s the way we’ve always done it,” replied our head engineer.

“Well, do you what you want but remember I recommended that you switch to this cool, new technology.” I warned.

Two weeks later I checked with the guys and the computers were still hung up in customs. They had shipped them together and thought the total value had crossed some threshold that required more paperwork.

Another week passed and what do you know, the engineers were in my office.

One of the engineers asked, “can you put together a couple of WTG drives for us?”

“Sure can, will just take a few minutes. What happened to the laptops stuck in customs?” I inquired.

They stared at their shoes and looked a bit sheepish. Finally, one spoke up.

“Well, India has instituted a new regulation and they considered those laptops eWaste so they sent them both back to us”.

“E-Waste?!”  I laughed out loud. “So now you want to take my advice and send your contractors WTG devices – glad to see you have smartened up. And by the way, when those older “e-Waste” laptops get back here, they’ll run way faster with your WTG devices so don’t even think about asking for replacements. WTG adds years to a computer’s useful lifetime.” I said matter-of-factly.  E-Waste – ha!

by

Thwarting the Insider Threat

 

Autumn is returning, reluctantly we’re turning our back on summer, and we are looking forward to the Holiday season. Undoubtedly, this comes with increased people taking vacations, working remotely, and the unlucky few taking their laptops on holidays. For many organizations, this is pretty risky business because the sensitive corporate information is now travelling along with their employees. Although many organizations rarely expect their loyal employees to steal company data, many are prepared for security attacks.

Following the Edward Snowden revelations in 2013, IT departments are now tasked with monitoring potential insider threats. Snowden’s work with US intelligence agencies put him in the position of a highly trusted employee, providing him with everything he needed to accomplish what he set out to do. There were no measures in place to prevent what was possibly the biggest information leak in the history of the US.

The risks come from those who intentionally misuse their access to data to cause a detrimental impact on the confidentiality and integrity of sensitive information.

Although there are a number of routes to secure intellectual property, if the authorities, from whom Snowden was stealing from, had a manageable and encrypted flash drive, such as an IronKey™ Windows To Go drive, they could have tracked the information from anywhere. Any activity on the drive could have been monitored from an on-premise or cloud-based management service. This would have ensured them the ability to restrict where the device could be used, or resort to remotely locking it down, so no one could access the data.

If data isn’t encrypted, its integrity can easily and quickly be compromised, and therefore it is essential to know where, and who, is accessing information. This can be difficult across a fragmented IT environment, however, companies need to be confident that if a device is considered to be compromised, they can remotely lock it down, wipe it, or initiate a self-destruct sequence to remove the data, to protect themselves and their stakeholders.

Protecting intellectual property should be a priority for all organizations. Disabling outdated user accounts when employees exit an organization, implementing policies with privileged account passwords, updating them regularly and limiting access to corporate systems, are all crucial to keeping data secure. That’s where the Windows to Go Drive comes in:  a secure, IT-managed, Microsoft certified USB drive that contains a fully functional corporate Windows desktop. Employees insert the Microsoft certified USB drives into their home computers, hot desks, or tablets that feature USB ports, and receive a secure desktop  as well as secure access to all applications they use in an office setting.

Unlike a virtualized or online remote access solution, this portable workspace offers full host computer isolation, which means documents cannot be saved to the host machine, but are saved to the USB drive.

This way, all data will remain secure without the threat of a potential data breach ensuring safety for all!

 

IronKey Workspace W700

by

The Problem With BYOD (Computers)

Sure, everybody is excited about BYOD. You can use your personal phone to make business calls and read your corporate email. But the real cost savings for BYOD is “bring your own computer- BYOC”. There is no need to purchase, maintain, and upgrade computers; we just let the employees do that.

But wait; there are two BIG issues with Bring Your Own Computer.  The first is an IT issue. The IT team has to install applications, security tools, and management software onto each employee’s laptop. That means IT has to support a range of computer types (including Macs) and OS versions, and deal with incompatible applications running on the employee’s personal device.

The second issue is all about end-user satisfaction. I can hear the screaming now.  “What do you mean you are going to install monitoring software, file scanning, corporate applications, and Internet proxies on MY PERSONAL COMPUTER??   How much space is that going to take? Does this mean Corporate can see my personal files?” My users will rebel.

Good news for IT and the end user –  both of these issues can be easily addressed with Windows To Go.  Let them use their personal hardware – Macs, PC laptops, tablets – but have them run their corporate workspace from an IronKey ”PC-on-a-Stick”  Windows To Go USB flash drive. They run IT’s corporate Windows image with locked-down security controls and policies, applications, and data, but IT never touches their personal hard drive. Complete isolation between work and personal environments!

If you want happy employees, let them use their personal PC, but have them use an IronKey Windows To Go drive and don’t touch their personal system.  This is truly win-win. IT saves a boatload of money and users have a portable corporate workspace they can plug into their personal laptop, a home computer, or a computer they borrow at work.  When was the last time you rolled out a major cost savings initiative and got happy users at the same time! BYOC – bring it on!

by

Travel Light and Secure

 

Hi, I’m Peter. I’m a Senior IT guy working for a big, growing enterprise.  I set the strategy and I’m responsible for the execution of IT infrastructure in my organization.   I need to worry about cost, security, and keeping my customers happy. We have pretty solid IT processes leveraging Microsoft tools, so I’m not about to set my IT team on some wild new solution that requires years to integrate. Recently, after a big meeting with the execs on cutting costs, I came across Windows to Go from Microsoft. Here is a solution that is secure, can save tons of money, make my customers happy, and fits into my IT workflow – Freakin’ SWEET!  My CISO stood up and applauded when I presented this to senior MGMT.  Needless to say I’ve become a big fan. In fact, they call me Windows To Go Guy around here. There are so many ways to apply this technology across my organization. I don’t get a commission on this stuff – I just love cool technology that makes sense. Here’s my blog entry:

Disclaimer: This blog is based on real Windows To Go ® use cases.  The character is fictitious to protect the names of our customers.  Any resemblance to actual customers is coincidental and not intentional.

I’m a Windows to Go guy. I carry my workspace around with me in my pocket, wherever I go. I don’t have to worry about hiding a laptop under the car seat. I don’t have to worry about it sliding off the seat during a sudden stop and I don’t need to try fit it under my coat during a sudden downpour.

One evening after work I had promised to stop at the local store to pick up some groceries. In line ahead of me were some military personnel dressed in camo. I noticed one person was carrying her laptop.
“Hey folks, I really appreciate what you guys do for our Country, but tell me, what’s with the laptop in the grocery store-are you expecting an email from the president?” I joked.

The corporal replied, “Military rules- laptops can’t leave our side. We even take them into the bathroom”.

“That stinks,” I replied.  “Let me show you something,” I replied. I whipped out my IronKey Workspace W500™, my PC on a Stick™ and explained that this was my laptop, FIPS secured against the worst imaginable attacker. It is virtually indestructible too, and I intentionally dropped it onto the hard tile floor to make my point.

“I have got to get my hands on one of those” she said.

“You are right about that, we can make your next bathroom or grocery stop a much more pleasant experience.” I replied.

by

Will the World Cup Result in a Red Card for your Business?

 

With the ‘Hacktivist’ group Anonymous having announced they were preparing a full scale cyber-attack on the World Cup’s corporate sponsors during the tournament, and an influx in World Cup related malware, security threats are likely to be the topic of choice for all those looking to protect against potential breaches and attacks during the tournament.

IT managers will have been steeling themselves for a potential spike in lost corporate devices, such as USB’s, tablets and mobile devices, during the World Cup. Whether it be a flight to Brazil, a booze fuelled train journey home, or live streaming a match from your laptop, the potential for a security breach, and the resulting consequences, could be more excruciating than a bite from Luis Suarez!

Whilst the tournament might be coming to a close, the risks associated with remote workers and mobile devices are still an inherent danger to corporate data. Many of us undertake work while commuting, with little regard for the security of the information we are working on, so whether you are lucky enough to have flown out to watch a match, or simply travelling home after watching the game in the pub, the need to secure your devices is never more crucial.

With shrinking boundaries between work devices and work-enabled personal devices, the risk of corporate data falling into the wrong hands is a huge possibility. Employees dropping memory sticks, leaving files on trains, and laptops in bars, are all high probabilities, and inevitably, these devices will contain data not meant for prying eyes.

Failing to protect the vast volumes of information they carry and not equipping employees with the IT tools required to securely manage and handle information while travelling could result in a ‘red card’ for your business.

No computer or tablet not ‘locked down’ by IT should ever be connected to the corporate network, either from inside (fixed line or BYOD) or outside (VPN of VDI). Allocating employees a corporate computer for use inside the network and an IT secured USB device for outside would simplify security and avoid frustrations typically related with tight security policies such as these.

Whether your data is in transit or at rest, encryption is absolutely essential to safeguarding confidential company information. Whether you use strong authentication or hardware encryption will very much depend on your organisation, you need to be able to manage encrypted devices in order to ensure that if there are any concerns that data integrity has been compromised it is possible to remotely wipe the device.

Accidents will happen, but being vigilant in your security practices, and, educating and enabling your employees could be as easy as knocking England out of the Cup altogether.
redcard

by

IronKey Workspace W700 Drives with FIPS 140-2 L3 Set New Standard in Mobile Workspaces

 

Great news for government and other highly-regulated enterprises that require a FIPS 140-2 Level 3 Windows To Go drive— IronKey Workspace W700 ™ drives are now available!   Our W700 PC on a Stick™ drives are the first Microsoft-certified Windows To Go devices to be FIPS 140-2 Level 3 validated. Now you can enjoy all the benefits of Windows To Go while meeting strict data security mandates.

Why is this Significant for Government Agencies?

If your agency is looking to provide mobile workspaces for your contractors, field workers, employees who want to BYOD or telework, this solution is a “no brainer”.  The Windows To Go approach is up to 90 percent more cost effective and more secure than issuing a new laptop or using VDI.  Visit our use case section to learn how agencies are using Windows To Go today (link to Use Case section).

What is Windows To Go?

Windows to Go is an enterprise feature of Windows 8.1 that lets people be productive from almost any location they choose to work by inserting the Windows To Go USB drive into any compatible PC of their choice. An organization’s corporate image, operating system, applications and data are all contained on the Microsoft-certified IronKey Workspace USB drive. The host PC boots completely off the Windows To Go drive using local resources such as monitors, CPUs and network connections.  The Windows To Go drive can be centrally managed and offers remote wipe features to protect against loss and theft. The Windows To Go solution is ideal for mobile workers, teleworkers and contractors, fueling secure “Bring Your Own Device” (BYOD) strategies that allow employees to use their home PCs for work.

IronKey Workspace W700

by

Securely Working from Home – Freakin’ SWEET!

 

Hi, I’m Peter. I’m a Senior IT guy working for a big, growing enterprise.  I set the strategy and I’m responsible for the execution of IT infrastructure in my organization.   I need to worry about cost, security, and keeping my customers happy. We have pretty solid IT processes leveraging Microsoft tools, so I’m not about to set my IT team on some wild new solution that requires years to integrate. Recently, after a big meeting with the execs on cutting costs, I came across Windows to Go from Microsoft. Here is a solution that is secure, can save tons of money, make my customers happy, and fits into my IT workflow – Freakin’ SWEET!  My CISO stood up and applauded when I presented this to senior MGMT.  Needless to say I’ve become a big fan. In fact, they call me Windows To Go Guy around here. There are so many ways to apply this technology across my organization. I don’t get a commission on this stuff – I just love cool technology that makes sense. Here’s my blog entry:

Disclaimer: This blog is based on real Windows To Go ® use cases.  The character is fictitious to protect the names of our customers.  Any resemblance to actual customers is coincidental and not intentional.

Perhaps I’m a bit of a workaholic, but I don’t think I’m alone. After the kids go to bed, I read email, work on reports, look at presentations, and study excel spreadsheets. I’ve tried webmail  and VPN access to file shares from my home computer, but it is just not the same as having your own workspace at home with you. For the past 20 years, I’ve had to lug my laptop between work and home. But laptop screens are tiny when you are looking at a 50-column spreadsheet or comparing two documents side by side.  My home computer on the other hand, has a 27” monitor, surround sound, and fast direct Ethernet connect. In addition, we just bought a new Mac – sweet! I’ve wanted to use my home set-up for work and I’ve waited patiently, for 20 years to solve this problem.

Enter Microsoft Windows to Go. Six months ago, I loaded my entire workspace onto a tiny IronKey Workspace W500 ™ USB 3.0 flash drive with the works: OS, apps, AV scanners, and data.. With 128Gbyte, there is plenty of space. When I’m at work, I plug this device into my work computer and run my workspace from the drive. Because it is flash, it runs much faster than my spinning hard drive in the host computer. When it is time to leave the office, I simply unplug the USB drive, stick it in my pocket, and head for home for dinner with the kids.

Later in the evening, I retire to my man-cave, slide the IronKey Workspace W500 flash drive into my mega machine, and my workspace magically appears before me. I settle back into my deep cushion chair, turn down the lights, fire up some hard rock, and slip back into my working world in the comfort of my home. Now that’s productive work at home!

by

Encryption and Management are the Keys to Securing the Mobile Workforce: Secure Mobility Face-off, Part 2

 

I’m perplexed. Why don’t more companies encrypt their employees’ sensitive data? There is no technology barrier and the cost is insignificant compared to the cost of a data breach.

In a world where a data breach can cause tens or hundreds of thousands of dollars in fines that are only magnified by negative publicity, why wouldn’t every organization simply enforce encryption on data at rest – in servers, on laptops, and on USB drives – as a basic standard for doing business?

The need for encryption everywhere is further magnified by BYOD. IT leaders are waking up to the opportunity to extend BYOD strategies to PCs using technology like Windows To Go to reduce costs and improve productivity.

With Windows To Go, users can now put their entire Windows 8.1 operating system with their applications on a certified Microsoft USB drive, e.g., your whole PC on a Stick ™. The drive should be encrypted and ideally hardware encrypted to protect your private files from both brute force and physical attacks.

Strong Mobile Device Security – Encryption + Management

But encryption only gets you so far. What if a formerly trusted employee walks off with their drive, or what if their password is compromised? As an IT customer at a university recently told us:

“An unmanaged USB is like a time bomb.”

Encryption and management go hand in hand. Management improves the user experience by automating authentication for lost passwords. Systems like IronKey Enterprise Management ™ allow devices to be tracked whenever they are plugged into an Internet-connected PC, and even enable remote kill commands, so that a lost device can be completely disabled from afar.

This capability means that in a BYOD scenario, a hardware encrypted, IT managed Windows To Go PC on a Stick actually offers greater security than the typical PC deployment!

If you want to learn more, see our latest whitepaper for an in-depth look at how organizations can use Windows To Go to empower and secure their mobile workforce.

 

 

by

Secure Mobility Face-off: Windows To Go vs. Laptop and VDI

BYOD is a game changer for the mobile workforce, and IT leaders are waking up to the opportunity.

One case in point: State Tech reported that Fairfax County, VA is issuing Windows To Go drives to employees who work remotely, “improving productivity and reducing the number of employee-owned PCs that IT must support.”

“There’s nothing to install or configure. Employees simply plug the drives into their Windows 7– or Windows 8–compatible PCs or other devices, connect to the county network via a virtual private network, and work anytime, anywhere.”

Microsoft’s Windows To Go – an enterprise feature of Windows 8.1 – is a simple, cost effective way to liberate the corporate desktop from any single device by placing a full version of Windows 8.1, applications, security tools and policies onto a secure USB 3.0 stick. Employees and/or contractors now can work securely on most any laptop or tablet with a USB port.

Imation™ was an early proponent of the mobile USB workspace, so it’s gratifying to for us to see the growing excitement and adoption of Windows To Go among both enterprise and government organizations. As we meet forward-thinking IT leaders at seminars, trade shows, events around the world, it’s increasingly clear that Windows To Go represents an exciting and pragmatic new way to work for teleworkers, contractors and road warriors – and even students and teachers.

IT needs to keep evaluating new ways to increase security, manageability and flexibility for a mobile workforce while managing costs. In this context, we’re hearing from customers that Windows To Go delivers advantages over laptops in five key areas, as illustrated in our infographic, below:

  • Cost – The Windows To Go drive can be the D in the BYOD strategy, costing 1/5 to 1/10 what it would cost to deploy a laptop – a benefit for BYOD strategy and easing replacement costs for lost or stolen drives.
  • Security – The Ponemon Institute reports that only 31% of lost or stolen laptops were enabled for encryption. Standardizing on a Windows To Go certified, hardware encrypted USB 3.0 drive dramatically improves security from data breaches.
  • Manageability – Windows To Go lets you centrally manage the OS just as you do with laptops. In addition, innovations such as the IronKey Enterprise Service add the ability to track Windows To Go drives and do remote wipe or remote detonation if they are lost or stolen.
  • Deployment – Windows To Go drives are easy to deploy, lightweight to carry, and less costly to ship. And with provisioning tools, even hardware encrypted drives can be deployed centrally by the dozen.
  • Resilience – IDC report that 86% of organizations have had laptops lost or stolen, and more than half of those reported a security breach. A ruggedized, hardware encrypted drive like the IronKey Workspace W500™ resists both physical damage and physical tampering, and is useless to a thief if lost or stolen.

Of course, you can’t use a Windows To Go drive without a laptop. But when the work environment is on the move and BYOD is changing the rules of the game, Windows To Go delivers for IT and employees across multiple fronts.

We plan go into each of these advantages in more detail on the IronKey blog over the next few weeks, so watch this space. Comment below to share your thoughts in the meantime.

And if you want to learn more, download our latest whitepaper, an in-depth look at how organizations can use Windows To Go to empower and secure the mobile workforce.

Infographic Image

by

Sochi Games and Windows To Go – BYOB — Bring Your Own Burner

With reporters just starting to show up at the Sochi Games, their horror stories are emerging on everything from yellow drinking water, poisoned dogs and roofless hotel rooms to a hacker heaven. Digital connectivity and security are going to be hot topics and major issues during the Games. The IronKey Workspace™ for Windows to Go, a PC on a Stick™, is a great solution for anyone traveling to Russia. Here’s why:

Russia has LAWFUL interception of ALL communications. There is ONE network, completely government controlled. What this means is, if you want to be online — unless you are working on a highly classified government network from your country of origin — you WILL be monitored and almost certainly hacked.

Even if you have a VPN, the Russian network will own your PC, your credentials, your certificates, etc. So you’re toast.

But you have to be connected and get work done. What do you do?

Take three things on your trip:

  • IronKey Workspace W500™ for Windows To Go, with your needed applications and public files. You can plug the Windows To Go drive into almost any computer, work solely from the USB stick and not leave a trace behind.
  • Laptop, with the hard drive either disabled or removed (just to be safe)
  • Burner cell phone – buy with cash.

The good news is you can be connected this way without digital harm. The bad news is that, while you’re in Russia, you’ll have to assume all of your communications are public and not secure.  But you can stay completely connected, be productive, and still be safe when you return home.

While in Russia, you can use Windows To Go in your laptop, do all your work with your regular applications and stay connected to home base. The Windows 8.1 operating system you load on Windows To Go must contain applications and files that are not sensitive, because once you log on to the network, you need to assume anyone can see them and know it’s you. Same thing with when you use your cell. Even burner cells can be traced and triangulated. Just ask the DEA.

Once you get home, have IT re-provision your Windows To Go device. Or do it yourself. Load up all your applications and files, including all the sensitive ones. Windows To Go can be used again, completely securely in other countries. You can use it with your regular laptop or the drive-less one you got for the trip. Destroy the cell just like in cop shows.

Bon voyage!

 

w500-sidebar