IronKey

Mobile Data Security Blog

Home  »  Archive by category "Encryption"

by

Kingston Acquires USB Assets of IronKey

Our special guest blogger is Nate Steffens, VP commodity Flash, Kingston. 

We, at Kingston®, are excited about our purchase of the assets of IronKey™ from Imation.  We have admired the IronKey brand from a distance as it signifies outstanding, industry leading products. IronKey end users are loyal and confident their data is safe and secure.

Kingston entered the encrypted USB market in 2004 with the DataTraveler Elite, when capacities started at a whopping 256MB. We have continued to produce quality encrypted USB drives and cement our place in this market. The acquisition of the IronKey assets will offer our customers a more comprehensive encrypted product portfolio.

Kingston works with many of the same channel partners as IronKey, and we are striving for a smooth integration of their products into the Kingston portfolio. Our goal is to continue strong customer relationships with open communication throughout the integration process by providing our partners with the excellent level of service and product quality that they’ve come to expect.

Additionally, we are strengthening our relationship with DataLocker®. Our Management Ready encrypted USB drives are currently supported by DataLocker’s SafeConsole. Now, with DataLocker acquiring the management services of IronKey, our companies will expand our collaboration.

To keep the communication lines open during our transition over the next few weeks, we have created an email address for our channel partners and end users. If you have questions, please send them to ironkey@kingston.com.

 

by

Security vs. Flexibility – You Can’t Have One Without the Other

 

Remote working is rapidly becoming a customary practice within many organisations, and IT managers are being tasked with making the mobile working environment and corporate data more secure. The challenge however, is managing the security of data on the move, while maintaining the flexibility and productivity of employees working from a myriad of remote locations.

As new research from Imation and Vanson Bourne shows that most surveyed organisations now permit remote/mobile working and find it to be advantageous to their organisation, securing mobile workers is becoming even more challenging.

Around three in five organisations believe that remote working has increased employee motivation due to greater flexibility and increased productivity as employees can work from multiple locations. Traditionally, an organisation’s internal resources are accessed on-site. But the flexibility of remote working practices enables employees to work from numerous locations, with the most common methods of remote working being: home working, BYOD (Bring your own device) and VDI (Virtual desktop infrastructure). On top of this, around a third of respondents’ organisations have employees that are working from client sites.

As a result, organisations need to provide better portability while still providing comparable security in terms of confidentiality, integrity, and authentication of data. Organisations cannot allow flexibility without ensuring the necessary protection of corporate assets.

According to the survey, organisations are failing to keep track of what data employees take with them from the office – with employees still using potentially unsecure methods such as printing information out on paper and emailing files to themselves. This could have huge, detrimental ramifications for any organisation, particularly when taking into account that around four in 10? of respondents’ organisations do not currently have a remote working policy that covers IT security considerations . Not to mention only a small number of organisations enforce, or plan to enforce their remote working policy via IT processes.

Employees are also regularly breaking their organisation’s security rules in order to work remotely, and many organisations recognise that the data that leaves the office could be more adequately secured. Security must be top priority for organisations that permit remote working to prevent data breach and the financial and reputational implications that can result in one.

With this in mind, organisations need to find a balance that enables them to embrace mobile working and manage the security of data on the move. Anyone considering remote working as an option should prioritize protecting corporate data, the employees, and the organisations that own it and ensure there are policies in place for this protection. There should not be an option to choose between flexibility and security – you can’t have one without the other.

by

Death, Taxes, And Being Hacked

 

There are some things in life that are inevitable – death and taxes at the top of the list.  To this list, I’m adding another modern day inevitability – being hacked!

You can be phished, clickjacked, spied on or attacked by a worm – the list of deadly attacks goes on. The types of malware and new attack vectors are growing at a frightening pace and trying to fight them off has become a daily concern.

Defending against cyber attacks and repairing the damage caused by hackers who break into security systems costs UK businesses a whopping £34 billion a year, according to the Centre for Economics and Business Research.  Around £18 billion of this comes from lost revenues, whilst the IT department spends the remaining £16 billion on trying to shore up defenses.

Then there are the fines.  In 2014, for example, holiday firm Think W3 suffered a serious hack in which 1,163,996 credit and debit card records were stolen. The ICO described the incident as a “staggering lapse” and issued a fine of £150,000.

And earlier this year, Barclays had to compensate 2,000 customers when their personal details were discovered on a stolen USB device – highlighting that data.

There is no escaping it – data breaches are on the increase and fines are only going to get bigger under sweeping changes to EU legislation. But all it takes is some common sense and a robust security strategy to ensure you aren’t in the firing line.

 

Don’t leave the doors open

When it comes to securing devices, the obvious option is encrypting and password protecting data. IT needs to install tamper-proof encryption software at the endpoint so that all data on the devices is encrypted by default. Solid security policies, when paired with advanced device management features such as remote lock and remote wipe, go a long way in protecting sensitive business data from falling into the wrong hands.

 

Act now

The clear message is that businesses need to get their houses in order when it comes to security. When the EU data protection regulation comes into force next year, businesses will not only need to be confident in their file transfer policies, but they will also need to be able to show a very clear audit trail.

It is not if you are going to be hacked, but when. And unlike death and taxes, this is something you can actively work to avoid.

 

by

Introducing IronKey Workspace W200 – Affordable and Secure Windows To Go

 

W200 – The Basics

This morning we introduced the IronKey™ Workspace W200 – our most affordable Windows To Go device to date. The W200 is a USB 3.0 SuperSpeed Windows To Go device in a new lightweight ruggedized design. The device comes in black, includes the always present IronKey LED that signals when your device is running, and provides a loop so you can add to your keyring or a lanyard. Like all IronKey devices the W200 is waterproof, shockproof and meets MIL-STD-810G test specifications like its siblings. The W200 has excellent performance clocking Max Read speeds of 310MB/second and Max Write of 159MB/second.  I’ve compared this to my everyday W500 and don’t see any noticeable lag. Like all IronKey Windows To Go devices the W200 is Microsoft Certified and Windows 10 Ready and can be used with all IronKey deployment tools including our mass Provisioning Tool or scriptable Command Line Utility. The W200 allows for usage of Bitlocker To Go encryption so you make use of all your Microsoft skills in creating and protecting your mobile workforce.  The IronKey Workspace W200 devices are available now through our partners, starting at $96 for a 32GB device.

 

Top Use Cases

Where is the volume? The largest deployments of IronKey Windows To Go are coming from two types of customers. The first are those who have been saving money over deploying new hardware to employees and contractors. Telefónica Deutschland recently noted a savings of 2,500 Euros (USD approx. $2800) on hardware over a three-year period – and they’re not alone. We’re seen many organizations find they can buy 10-20 W200 devices for the price of a single laptop.

The second use case we’re seeing in volume is the “secure container” where IT is leveraging Windows To Go for consistency and security. Here how it works with VDI/VPN and Remote Workers – IT creates a Windows image that contains Windows OS, all the software to VPN in, the Citrix Receiver or VMWare Player and any security software they might need and hand those out to employees and contractors. Why? Well, the biggest answer is saving time and money for IT as it reduces support calls from users who have trouble and call in from home machines. In addition employees like it too – no longer are there the hassles of security scans and the perception of IT invading the home machine – just plug-in, boot and go.

 

What’s Next?

Keep an eye out on our website for some updates that I think you’ll really like.

IMN_IK_W200_FRT

 

by

Hillary’s Lawyer’s “Thumb Drive is Secure” – Really?

 

So says Politico and others about the thumb drive, that Hillary Clinton’s lawyer has, containing 30,000 files off of her private email server.

By “secure”, they probably mean encrypted. That and $4 buys a latte at Starbucks.

To be secure, the drive must not only be encrypted, but have signed firmware. Most encrypted drives don’t.

Why does it matter? Malware like that created by Equation Group and others, can enter via a USB port, take up residence in a laptop or PC and phone home anything of interest to whomever put it there – ISIS, Russia, China, Kim DotCom….pick your poison.

How to be sure it’s really secure? You don’t need to ask the FBI, like Senate Judiciary Committee Chairman Chuck Grassley (R-Iowa) is doing.

Just ask the simple question of the manufacturer: Is your firmware signed? If it’s an IronKey™ drive, it is. And if it’s signed, it’s secure. For most other manufacturers’ drives, they will not have signed firmware. But ask, a few will.

If the answer is no, then the information is as public as tweets from Kim Kardashian.

by

LATEST DATA BREACH: EVERY U.S. FEDERAL EMPLOYEE AFFECTED

 

Our special guest blogger is Tav Venia, an IronKey sales engineer, who is based in the Washington DC area and serves our Federal and Enterprise clients. 

Unfortunately, we’ve all heard about the hack on the personnel records and social security numbers for more than 4 Million+ Federal Employees at a U.S. Government Agency.  Data lost, stolen, or hacked:  it just represents another failure to protect our federal data.  For this, and many other reasons, now more than ever it’s imperative that all types of data is securely protected— federal, classified, FOUO (For Official Use Only), defense, employee, personal, etc.   Now is the time to get out in front of any and all possible threats and attacks to assure ourselves that our data is safe and secure from what can turn into “Tomorrow’s Headline”.

Government employees are more mobile— working in the office, in the field and from home— which increases the potential for even more data exposure risks.  The ability to securely store and transport data while on the move is a necessity.  As the Federal Team Sales Engineer, I see how our U.S. Government and Agency customers are using the IronKey™ line of hardware encrypted hard drives to securely store and protect their sensitive information, among many, many other reasons.  But with the release of our newest hard drive, the IronKey H350, government agencies can enjoy the speed and performance advantages of USB 3.0 technology while realizing the benefits of the world’s most secure USB devices including FIPS 140-2 Level 3 certification, AES-XTS 256-bit hardware encryption and centralized management.

Our customers can now save, backup and move data wherever they may be much more rapidly taking advantage of the USB 3.0 speeds.  As technology advances, data files are exponentially growing in size, the ability to securely store and move data quickly and efficiently from the field back to the government or agency office is of even greater importance.  Forgotten password?  No worries. On managed enterprise hard drives, IronKey provides the only secure password reset mechanism that allows users to recover data without erasing the contents on the drive or using a backdoor to reset the password.  Additionally, when data is not being access or used, the IronKey H350 can protect and secure Data At Rest (DAR), another use case of importance to our U.S. Government and Agency customers.

Personally, with my job, I am constantly on the move traveling from place to place.  I use the IronKey H350 to back up all of my laptop data because we have all been there when Windows crashes and/or becomes corrupted giving us the Blue Screen of Death (BSOD) rendering our data lost and unrecoverable.  This can be a result of a Windows error or a simple drop of your laptop which damages the hard drive.  I don’t ever want to be caught in a situation where I don’t have a backup of my data.  Thanks to my IronKey H350 USB 3.0 hard drive, it now takes less than an hour to back up all of my data, a process that used to take many hours using a USB 2.0 Hard Drive.

by

IronKey eUSB for ePO is Now McAfee SIA Certified

 

 

Recently I blogged about IronKey’s release of IronKey™ eUSB for McAfee ePolicy Orchestrator (ePO), an extension for ePO that provides administrators the ability to deploy and manage IronKey hardware encrypted devices. Well today we have even better news. The IronKey eUSB for McAfee ePO is now officially certified by McAfee Security Innovation Alliance (SIA). This in-depth certification process involves testing the product and reviewing the underlying code, which provides McAfee ePO managers the piece-of-mind of having a third party validate usability and compatibility for even the largest deployments.

Here at IronKey we are thrilled by this SIA Certification.   As noted by Intel Security Senior Vice President Tom Fountain, “The combination of ePolicy Orchestrator software and IronKey hardware-encrypted USB drives means our joint customers have what we believe is the best secure, managed data-transport solution available.”

So why should you be investing in hardware encrypted storage?  Today, having hardware encrypted devices is the best way to keep your data secure when roaming.  If the device is lost, misplaced or stolen, you have a double layer of security making your device impregnable – not to mention a centralized management control system that can actively destroy data when needed. Also, you can optionally run McAfee anti-virus to validate the fidelity of files stored on IronKey devices providing an additional layer of security.

Some wonder if it is worth the investment in having a hardware encrypted device that can run AV software. The answer is yes – the cost of a high security device easily outweighs the potential cost of a data breach. Ponemon Institute noted that the average cost of a data breach is $5.9M and the associated loss of business was $3.2M. Another recent survey published by SANS showed respondents ranking with the greatest exposure was malware, introduced by unmanaged devices at 13.6% and with unencrypted USB devices closely following at 8.9%.

Health and Human Services also had some shocking data points:

    • Blue Cross and Blue Shield of Tennessee lost 1M+ records due to unencrypted hard drives
    • Alaska Department of Health and Human Social Services paid a nearly $2M settlement due to data lost on an unencrypted USB flash drive
    • A company called Adult & Pediatric Dermatology lost 2,200 patient records due to an unencrypted USB flash drives

So if you’re an ePO administrator, there is good news for you. Don’t risk the cost of a data breach and use the newly certified IronKey eUSB for ePO by Intel Security. You will be thrilled in adding world class hardware encrypted storage devices and having the capability to manage them easily from your ePO console.

by

Keeping Patient and Hospital Information Safe

 

 

In September 2014, Forrester Research published a brief titled “Stolen and Lost Devices Are Putting Personal Healthcare Information at Risk”. Amongst the findings were two important trends:

Healthcare is becoming more mobile – approximately one-third of healthcare employees now work outside the office or clinic at least once a week.

Healthcare records are five times more likely to be lost due to device theft or accidental loss.

Today, personal healthcare information (PHI) records are more accessible than ever before. These PHI records contain important personal information such as social security numbers, medical history, and insurance information. Technological progression in the medical world is giving us advancements such as real time medical data on our smartphones and mobile messaging systems so hospital staff can get to patients faster. Although this progression is exciting, with all of this patient information floating around in technology, it makes it harder to keep our data safe.

With so much mobility, it’s not surprising that data protection has become a big problem. Mobile devices are simple to carry from one workplace to the next, but they can be easy to lose. To protect our data, we need a way to prevent unauthorized people from accessing the content of a lost or stolen device.

The solution is to use encrypted USB or external hard drives, such as the new IronKey™ S1000 3.0 USB. These secure storage devices combine encryption, which encodes data, making it unreadable to all but authorized users, with cloud-based management functionality that enables an organization to remotely wipe data from a device even if it is no longer in their possession.

Healthcare facilities need to address the realities of mobile work practices but they also need to protect the information in their care. The task is made a lot easier with a good device policy and the right tools.

by

Majority of Healthcare Breaches Are Due to Loss or Theft, Not Hackers

I just recently read an article about how a healthcare organization lost backup hard drives containing personal information on nearly 40,000 of its clients. To make matters worse, the article stated that there was “no mention of strong encryption being applied to the records, implying that they were stored relatively insecurely.” WHAT?  I shake my head in frustration because there is a simple solution. Why don’t more healthcare companies deploy secure USB?

You might be surprised to know that the majority of breaches come from lost or stolen devices, not hackers. In fact, sixty-eight percent of all healthcare breaches are from loss and theft. This leads me to conclude that most healthcare companies insecurely store, and therefore risk losing their clients protected health information (PHI) such as birth dates, medical records, and Social Security numbers.

Sadly, it looks like this trend won’t be ending anytime soon.  A recent healthcare data breach forecast predicted that employees (not hackers) will continue to be the greatest threat to securing healthcare data including PHI.  The forecast goes on to say that despite all signs pointing to employees as the largest threat to a company’s security, business leaders will continue to neglect the issue in favor of buying more “appealing” security technologies aimed at preventing intrusions from outsiders in 2015. (sigh)

So here’s the good news – there is a workable solution that’s easy for healthcare organizations to implement. One simple, affordable option is to store PHI and other confidential data on a portable, encrypted external hard drive or USB instead of storing data directly on the laptop.  There’s a class of readily available hardware encrypted devices that are virtually unhackable and can be remotely wiped should they be lost or stolen.  And, these drives deploy the highest standards of protection with AES-256 encryption.   These highly secure drives even protect data and applications from malware like BadUSB. And their rugged design makes them nearly indestructible.  They’ve even been known to survive an autoclave! 

IronKey™ offers the most secure storage solutions and mobile workspaces available.  So, don’t be tomorrow’s headline.  Check out our healthcare security solutions today.

by

Could You Pass a Privacy Audit? Healthcare and Australia’s Privacy Regulations

 

Our special guest blogger, Elizabeth Parsons, is based in Melbourne and is responsible for growing the Imation Mobile Security business in Australia and New Zealand.  

Last year the Australian Federal Government ushered in a new set of Australian Privacy Principles (APPs) and in the process, dramatically overhauled the obligations of organisations regarding the collection, use, storage and security of personal data.  The changes were expected to have a big impact on data handling within the healthcare industry, as the regulations particularly targeted all Australian Government agencies, businesses with a turnover of more than $3 million or trade in personal information, and private health service providers.

Twelve months on, it’s timely to consider how well your organisation has responded to the new requirements, and to ask yourself:  Would your organisation pass a privacy audit if one was held tomorrow?

The Basics

One of the first changes that should have been introduced by every facility or institution is an updated, accessible privacy policy. This should advise individuals of your obligations, the kind of personal information collected, how it is collected, the purpose for collection, how an individual can access that information, and how they can make a complaint about any breaches of the APPs.

Following on from this, every organisation should also now have an internal guide to privacy compliance.  The aim of this is to ensure that the staff will understand the legal requirements when dealing with personal data. It should also articulate the organisation’s own rules and processes relating to collection and storage of data.

The Problem of Security

One of the most critical obligations under the APPs is security.  The eleventh privacy principle states:

“If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:

(a) from misuse, interference and loss; and

(b) from unauthorised access, modification or disclosure.”

And it’s here that, even today, many healthcare organisations find their privacy efforts falling short, because keeping data safe from accidental loss or malicious activity such as viruses, worms and hackers isn’t always straightforward or easy.

While most organisations have measures in place to secure data on the network, the main area of vulnerability is mobile data.  When a clinician carries patient data on their laptop from their consulting rooms to the hospital, what happens if the laptop is stolen?  Or when a USB stick is used to send information from one facility to another, what is the outcome if the USB is dropped and lost?

No matter whether confidential information is breached due to theft, malware, spyware, or just a simple accidental loss, there are serious consequences. Since 2014, failure to comply with Australia’s new privacy laws can leave an organisation liable for a fine of up to $1.7 million.

Doing away with mobility is not the answer.  The efficiencies and improvements to health outcomes arising from a more mobile health force are too great to ignore. Therefore, it’s clear healthcare facilities have to find a way to keep mobile data safe.

A Two-pronged Response

The solution is to adopt a two-pronged approach to mobile data security by only using drives that offer encryption supported by data management.

Encryption involves coding data on the drive so it remains unreadable to anyone who doesn’t have the right “key”.  If the USB or hard drive is lost or stolen, the contents remain obscured and inaccessible. One of the most appealing aspects of encryption is there are no technology barriers to its adoption, and compared to the cost of a data breach, the investment required is relatively insignificant.

The second part of the approach is a management capability that brings control to the data on the device.  For example, at some stage an employee will forget their password, rendering them unable to access the corporate network. With the right management capabilities, IT can not only reset the password but when the user logs on, they can cross-reference the IP address of their machine against a map in order to ascertain if the person is indeed who they say they are. If IT has any suspicions, they can remotely wipe the hardware device that the employee is working from and kill all encrypted data.  Management functions also enable IT to force a device to be in read-only mode, remotely make password changes and re-commission devices that are no longer in use.

Together, encryption and management ensure confidential and private information on USB and external drives to remain protected, even if the drive is lost or stolen and lands in someone else’s hands.

The 2014 changes to Australia’s privacy regulations have put the data management practices of Australia’s government agencies and private sector organisations under the spotlight. For the healthcare industry, securing confidential patient data has never been more important with the increasing amount of records being transferred to electronic records. Achieving the necessary degree of security requires more than good intentions. It demands a comprehensive mobile security solution built around strong encryption, robust identity management, and policy-based data management.