IronKey

Mobile Data Security Blog

Home  »  Archive by category "Cybersecurity"

by

Will the World Cup Result in a Red Card for your Business?

 

With the ‘Hacktivist’ group Anonymous having announced they were preparing a full scale cyber-attack on the World Cup’s corporate sponsors during the tournament, and an influx in World Cup related malware, security threats are likely to be the topic of choice for all those looking to protect against potential breaches and attacks during the tournament.

IT managers will have been steeling themselves for a potential spike in lost corporate devices, such as USB’s, tablets and mobile devices, during the World Cup. Whether it be a flight to Brazil, a booze fuelled train journey home, or live streaming a match from your laptop, the potential for a security breach, and the resulting consequences, could be more excruciating than a bite from Luis Suarez!

Whilst the tournament might be coming to a close, the risks associated with remote workers and mobile devices are still an inherent danger to corporate data. Many of us undertake work while commuting, with little regard for the security of the information we are working on, so whether you are lucky enough to have flown out to watch a match, or simply travelling home after watching the game in the pub, the need to secure your devices is never more crucial.

With shrinking boundaries between work devices and work-enabled personal devices, the risk of corporate data falling into the wrong hands is a huge possibility. Employees dropping memory sticks, leaving files on trains, and laptops in bars, are all high probabilities, and inevitably, these devices will contain data not meant for prying eyes.

Failing to protect the vast volumes of information they carry and not equipping employees with the IT tools required to securely manage and handle information while travelling could result in a ‘red card’ for your business.

No computer or tablet not ‘locked down’ by IT should ever be connected to the corporate network, either from inside (fixed line or BYOD) or outside (VPN of VDI). Allocating employees a corporate computer for use inside the network and an IT secured USB device for outside would simplify security and avoid frustrations typically related with tight security policies such as these.

Whether your data is in transit or at rest, encryption is absolutely essential to safeguarding confidential company information. Whether you use strong authentication or hardware encryption will very much depend on your organisation, you need to be able to manage encrypted devices in order to ensure that if there are any concerns that data integrity has been compromised it is possible to remotely wipe the device.

Accidents will happen, but being vigilant in your security practices, and, educating and enabling your employees could be as easy as knocking England out of the Cup altogether.
redcard

by

When It Comes to the Cloud, What do Small Businesses Need to Think About?

 

The move towards hosting applications in the cloud shows no signs of petering out. More and more companies are keen to realise the operational benefits that a cloud-
based model has to offer; not to mention the possibility to reduce some CAPEX spend. While many emerging technologies can feel like they are exclusively for the ‘big
boys,’ the great thing about the cloud is that whether you are one person or several thousand, there is a platform out there to help you meet your requirements.

The one downside to being a small business however is that often you don’t have the in-house IT knowledge to understand what, if any, security issues you could be
opening up your business to by opting to store data in the cloud. Here are my top tips to helping you make the most of the cloud, while remaining secure:

* Most small businesses aren’t all that concerned about cloud security and are keen to tap into the benefits that the cloud has to offer. However, as a note of caution, think
carefully about your cloud strategy. While providers might proclaim their offering to be “secure enough”, SMBs shouldn’t accept this assertion at face value – especially if
you intend to store customer data in the cloud as there are strict laws that govern how data is stored, managed and protected.

* Many SMBs can be confused about the best way forward, but take a look at larger companies operating in your sector, what lessons can you learn from them? Are they
using public or private clouds to give employees access to shared data? In the context of your organisation what are the pros and cons of each?

* While it can be tempting to think that your cloud provider ‘has everything covered’ it pays to know what is happening ‘under the hood’ of your cloud security offering. For
example, if the cloud service is responsible for the encryption of data, there is a risk that your keys can be compromised either internally by an employee or by a hacker
who is able to breach the management system and retrieve the keys. To be as secure as possible SMBs, and not their provider, should own and control the encryption
keys.

* For the director of a SMB all this talk of encryption and keys might sound a bit daunting, but the key piece of advice here to mitigate the risk of cloud services is to ensure
that if you are storing data in the cloud that you encrypt the data before it reaches the cloud and apply an enhanced level of key management to avoid it being
compromised. And ensure that the data and the encryption keys aren’t stored together!

SMBs need to think carefully about their security strategy, how it can enable their business and if software encryption is right for them. “Good enough” security in today’s
rapidly evolving cyber security landscape will not protect your organisation – or your customers – from persistent and sophisticated attackers. Hopefully the above pointers
are a good starting point for ensuring that, when it comes to the cloud, you’ve got the right security measures in place.

by

Heartbleed – Don’t Be the Next Victim

 

Heartbleed, the recently uncovered security bug in the open-source OpenSSL cryptography library, is yet another example of a serious security weakness. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. When information is stored where it can be accessed publicly and the secret keys are compromised— as in this case— confidential information such as the names and passwords of website users and the actual content and information are easily revealed to hackers. Fortunately for users of IronKeyTM, our products have NEVER contained the vulnerable version of OpenSSL, so your data remains IronKey strong.

 

Security vulnerabilities, like Heartbleed, remind enterprises just how dangerous it is to trust storing critical information in a publicly accessible location. Passwords, encryption keys and data are all at risk in these systems. If data must be stored publicly, then it should be encrypted using a security key that is fully protected from unauthorized access. Using a hardware-based secure storage technology, such as a secure USB flash drive, to store the key and encrypt the data is the only way to be sure no outside hacker will gain access to your data. And with centralized device management, enterprises can further enhance their security measures by administering usage, password and encryption policies; even remotely destroying a compromised device erasing every block of data and initiating its self-destruct sequence, rendering it unusable.

 

IronKey makes the world’s strongest, most secure storage devices, used by the most demanding enterprises and government agencies to protect their data. Don’t become the next victim. Think IronKey.

 

by

Encryption and Management are the Keys to Securing the Mobile Workforce: Secure Mobility Face-off, Part 2

 

I’m perplexed. Why don’t more companies encrypt their employees’ sensitive data? There is no technology barrier and the cost is insignificant compared to the cost of a data breach.

In a world where a data breach can cause tens or hundreds of thousands of dollars in fines that are only magnified by negative publicity, why wouldn’t every organization simply enforce encryption on data at rest – in servers, on laptops, and on USB drives – as a basic standard for doing business?

The need for encryption everywhere is further magnified by BYOD. IT leaders are waking up to the opportunity to extend BYOD strategies to PCs using technology like Windows To Go to reduce costs and improve productivity.

With Windows To Go, users can now put their entire Windows 8.1 operating system with their applications on a certified Microsoft USB drive, e.g., your whole PC on a Stick. The drive should be encrypted and ideally hardware encrypted to protect your private files from both brute force and physical attacks.

Strong Mobile Device Security – Encryption + Management

But encryption only gets you so far. What if a formerly trusted employee walks off with their drive, or what if their password is compromised? As an IT customer at a university recently told us:

“An unmanaged USB is like a time bomb.”

Encryption and management go hand in hand. Management improves the user experience by automating authentication for lost passwords. Systems like IronKey Enterprise Management allow devices to be tracked whenever they are plugged into an Internet-connected PC, and even enable remote kill commands, so that a lost device can be completely disabled from afar.

This capability means that in a BYOD scenario, a hardware encrypted, IT managed Windows To Go PC on a Stick actually offers greater security than the typical PC deployment!

If you want to learn more, see our latest whitepaper for an in-depth look at how organizations can use Windows To Go to empower and secure their mobile workforce.

 

 

by

Secure Mobility Face-off: Windows To Go vs. Laptop and VDI

BYOD is a game changer for the mobile workforce, and IT leaders are waking up to the opportunity.

One case in point: State Tech reported that Fairfax County, VA is issuing Windows To Go drives to employees who work remotely, “improving productivity and reducing the number of employee-owned PCs that IT must support.”

“There’s nothing to install or configure. Employees simply plug the drives into their Windows 7– or Windows 8–compatible PCs or other devices, connect to the county network via a virtual private network, and work anytime, anywhere.”

Microsoft’s Windows To Go – an enterprise feature of Windows 8.1 – is a simple, cost effective way to liberate the corporate desktop from any single device by placing a full version of Windows 8.1, applications, security tools and policies onto a secure USB 3.0 stick. Employees and/or contractors now can work securely on most any laptop or tablet with a USB port.

Imation was an early proponent of the mobile USB workspace, so it’s gratifying to for us to see the growing excitement and adoption of Windows To Go among both enterprise and government organizations. As we meet forward-thinking IT leaders at seminars, trade shows, events around the world, it’s increasingly clear that Windows To Go represents an exciting and pragmatic new way to work for teleworkers, contractors and road warriors – and even students and teachers.

IT needs to keep evaluating new ways to increase security, manageability and flexibility for a mobile workforce while managing costs. In this context, we’re hearing from customers that Windows To Go delivers advantages over laptops in five key areas, as illustrated in our infographic, below:

  • Cost – The Windows To Go drive can be the D in the BYOD strategy, costing 1/5 to 1/10 what it would cost to deploy a laptop – a benefit for BYOD strategy and easing replacement costs for lost or stolen drives.
  • Security – The Ponemon Institute reports that only 31% of lost or stolen laptops were enabled for encryption. Standardizing on a Windows To Go certified, hardware encrypted USB 3.0 drive dramatically improves security from data breaches.
  • Manageability – Windows To Go lets you centrally manage the OS just as you do with laptops. In addition, innovations such as the IronKey Enterprise Service add the ability to track Windows To Go drives and do remote wipe or remote detonation if they are lost or stolen.
  • Deployment – Windows To Go drives are easy to deploy, lightweight to carry, and less costly to ship. And with provisioning tools, even hardware encrypted drives can be deployed centrally by the dozen.
  • Resilience – IDC report that 86% of organizations have had laptops lost or stolen, and more than half of those reported a security breach. A ruggedized, hardware encrypted drive like the IronKey Workspace W500 resists both physical damage and physical tampering, and is useless to a thief if lost or stolen.

Of course, you can’t use a Windows To Go drive without a laptop. But when the work environment is on the move and BYOD is changing the rules of the game, Windows To Go delivers for IT and employees across multiple fronts.

We plan go into each of these advantages in more detail on the IronKey blog over the next few weeks, so watch this space. Comment below to share your thoughts in the meantime.

And if you want to learn more, download our latest whitepaper, an in-depth look at how organizations can use Windows To Go to empower and secure the mobile workforce.

Infographic Image

by

Sochi Games and Windows To Go – BYOB — Bring Your Own Burner

With reporters just starting to show up at the Sochi Games, their horror stories are emerging on everything from yellow drinking water, poisoned dogs and roofless hotel rooms to a hacker heaven. Digital connectivity and security are going to be hot topics and major issues during the Games. The IronKey Workspace for Windows to Go, a PC on a Stick, is a great solution for anyone traveling to Russia. Here’s why:

Russia has LAWFUL interception of ALL communications. There is ONE network, completely government controlled. What this means is, if you want to be online — unless you are working on a highly classified government network from your country of origin — you WILL be monitored and almost certainly hacked.

Even if you have a VPN, the Russian network will own your PC, your credentials, your certificates, etc. So you’re toast.

But you have to be connected and get work done. What do you do?

Take three things on your trip:

  • IronKey Workspace W500 for Windows To Go, with your needed applications and public files. You can plug the Windows To Go drive into almost any computer, work solely from the USB stick and not leave a trace behind.
  • Laptop, with the hard drive either disabled or removed (just to be safe)
  • Burner cell phone – buy with cash.

The good news is you can be connected this way without digital harm. The bad news is that, while you’re in Russia, you’ll have to assume all of your communications are public and not secure.  But you can stay completely connected, be productive, and still be safe when you return home.

While in Russia, you can use Windows To Go in your laptop, do all your work with your regular applications and stay connected to home base. The Windows 8.1 operating system you load on Windows To Go must contain applications and files that are not sensitive, because once you log on to the network, you need to assume anyone can see them and know it’s you. Same thing with when you use your cell. Even burner cells can be traced and triangulated. Just ask the DEA.

Once you get home, have IT re-provision your Windows To Go device. Or do it yourself. Load up all your applications and files, including all the sensitive ones. Windows To Go can be used again, completely securely in other countries. You can use it with your regular laptop or the drive-less one you got for the trip. Destroy the cell just like in cop shows.

Bon voyage!

 

w500-sidebar

by

3 Tips For Enabling Data Security and Mobility at Government Agencies

October marks the end of the US federal government’s fiscal year, and Imation’s mobile security experts are very busy discussing the benefit of our solutions with IT staffs at various agencies. We typically see an increase in interest near the end of the fiscal year, but there are a couple of reasons why our IronKey secure USB solutions are more top-of mind this year than in the past.

There is an increased focus from government agencies on enabling computer mobility. Like many other sectors, government agencies understand that mobile devices make employees more productive, a fact which was backed up as recently as May in an 1105 Government Information Group report. IronKey secure USB data storage devices and IronKey Workspace Windows To Go solutions enable end user mobility, as government employees can take their data and desktop environments with them wherever they go securely.

Microsoft Windows 8 spotlights how USB devices can serve as a secure, mobile computing alternative for BYOD. Microsoft cites Windows To Go, which enables a fully functioning Windows desktop to be booted from a USB device, as a key enterprise feature of Windows 8. Government agencies are taking notice.

At the same time, government IT staffs are justifiably concerned about security. The same 1105 Government Information Group report cited earlier notes that agencies are providing their employees with agency-issued devices, primarily because they are worried about the lack of control. A government mobility policy in these situations shifts away from BYOD, since employees cannot bring their own devices.

Any solution involving mobile devices (whether through employee devices or agency-provided devices) must include policies and technology to protect against data leakage or misused data.

In general, we offer these tips as part of such policies:

1) Access control: Agencies must establish and enforce strict methods for granting device access.

2) Auditing: IT departments should schedule frequent audits to make sure that devices are in the right hands and are being used appropriately.

3) Remote kill: Government agencies should deploy mobile solutions that enable remote kill capabilities, so that devices can be erased or destroyed if they fall into the wrong hands.

by

Enabling BYOD with a Secure Windows To Go IronKey Workspace

We have now announced Microsoft certification and general availability of our IronKey Workspace W500. Microsoft’s certification process is a rigorous one, so we are extremely pleased to put this stamp of approval on our latest Windows To Go solution. And we’re excited to bring our secure PC on a Stick platform to the Windows To Go solution set.

According to Intel’s IT Manager survey on the current state of BYOD, one of the two largest barriers to BYOD adoption is that the devices used by employees cannot support security, encryption or remote wipe.  The IronKey Workspace W500 solves IT managers’ security concerns with its hardware based encryption, ability to issue ‘silver bullet’ commands to remote wipe the device, and centralized management.  The IronKey Workspace W500 is truly an IT provisioned, IT managed and IT secured device that fits into your network.

intel barriers snap

Source: Intel

Gartner predicts that half of companies will require BYOD in 2017, and as this trend spreads from mobile phones and smartphones to the PC, our Windows To Go workspace offerings position us strongly in this space. Strong market interest in our solutions backs up this trend – for example, we have initiated pilots large organizations that are interested in deploying thousands of devices. Use cases we are seeing include:

  • Executive travelers are seeking to bring a secure device to insecure countries, instead of a laptop.
  • Government agency looking to provide a way for employees to telework securely, using the workspace device on their home PCs.
  • A hospital is looking at providing secure workspaces to medical residents instead of providing PCs –a 10X cost savings.
  • Top universities are testing IronKey Workspaces for their students to use in computer labs, and then to allow them to bring their computing environment home.

Our new IronKey Workspace W500 represents a powerful, secure PC on a Stick offering for enterprise customers. This is a high-performance, ruggedized, high-security platform for organizations who see opportunity in using Windows To Go to support their BYOD initiatives.

You can learn more about the IronKey Workspace solutions at http://www.ironkey.com/en-US/secure-workspace/index.html.

by

California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.

by

The Thumb Drive Conundrum: Managed USB and Encrypted Flash Drives Attack the Insider Threat

The revelation that Edward Snowden absconded from NSA with secret files on a thumb drive has generated predictable gnashing of teeth about the use of portable USB drives in secure organizations. At the same time, government and business organizations are successfully implementing secure deployments of portable USB drives so that employees can transport data they need to be productive.

The technology issue is one of competing needs: To be productive, mobile employees need the mobility, offline storage and security afforded by USB drives. To secure data, IT needs control of how employees move information and what information is moved.

The fact is that today, IT can take control without blocking USB ports. We’re not sure what safeguards the NSA had in place, but there are technologies that could prevent or mitigate this kind of insider threat. For example, secure enterprise device management software can offer:

Device Location – with managed USB drives, software can show the locations of every managed device when they connect to the Internet on a map. This allows tracking of a device that has “gone rogue” and could aid in recovery.

The “Silver Bullet” – the ability to either password-disable or perform a remote kill to completely disable the device if it goes missing or someone is suspected of copying data they should not have on the drive.

Geofencing, IP Blocking – It is possible to add rule features so that unless the device meets certain conditions, the data is automatically wiped. For example, IT could enable “geofencing” so that if device is outside the country, the data is wiped – or if it is on an unapproved network, or outside a certain IP range.

Have a Consistent Data Security Policy

It’s really a matter of having a consistent policy for your data at rest.  Many organizations require their PCs and Macs to have full disk encryption enabled.  But that policy is not enforced when it comes to removable media like a USB drive.  By using a manageable and encrypted storage device you can maintain a secure policy for your data no matter where it goes.

If we look at the SANS Top 20 Security Controls, Critical Control #17 – Data Loss Prevention specifically addresses how best to handle sensitive data and prevent it from leaving your organization without permission.  The advice from SANS is to, “deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data,” and that “enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices.”

For workers who travel, teleworkers shifting between work and home, or contractors working with your data, a secure, managed USB thumb drive is more secure than online file sharing, and certainly better than unencrypted and unmanaged notebook computers, USB devices and smartphones. And management adds an extra layer of security against both external and insider threats.  IT can address a number of potential security threats by implementing policies that require uses to use encrypted flash drives.