IronKey

Mobile Data Security Blog

Home  »  Archive by category "Encryption" (Page 2)

by

Encryption and Management are the Keys to Securing the Mobile Workforce: Secure Mobility Face-off, Part 2

 

I’m perplexed. Why don’t more companies encrypt their employees’ sensitive data? There is no technology barrier and the cost is insignificant compared to the cost of a data breach.

In a world where a data breach can cause tens or hundreds of thousands of dollars in fines that are only magnified by negative publicity, why wouldn’t every organization simply enforce encryption on data at rest – in servers, on laptops, and on USB drives – as a basic standard for doing business?

The need for encryption everywhere is further magnified by BYOD. IT leaders are waking up to the opportunity to extend BYOD strategies to PCs using technology like Windows To Go to reduce costs and improve productivity.

With Windows To Go, users can now put their entire Windows 8.1 operating system with their applications on a certified Microsoft USB drive, e.g., your whole PC on a Stick ™. The drive should be encrypted and ideally hardware encrypted to protect your private files from both brute force and physical attacks.

Strong Mobile Device Security – Encryption + Management

But encryption only gets you so far. What if a formerly trusted employee walks off with their drive, or what if their password is compromised? As an IT customer at a university recently told us:

“An unmanaged USB is like a time bomb.”

Encryption and management go hand in hand. Management improves the user experience by automating authentication for lost passwords. Systems like IronKey Enterprise Management ™ allow devices to be tracked whenever they are plugged into an Internet-connected PC, and even enable remote kill commands, so that a lost device can be completely disabled from afar.

This capability means that in a BYOD scenario, a hardware encrypted, IT managed Windows To Go PC on a Stick actually offers greater security than the typical PC deployment!

If you want to learn more, see our latest whitepaper for an in-depth look at how organizations can use Windows To Go to empower and secure their mobile workforce.

 

 

by

Secure Mobility Face-off: Windows To Go vs. Laptop and VDI

BYOD is a game changer for the mobile workforce, and IT leaders are waking up to the opportunity.

One case in point: State Tech reported that Fairfax County, VA is issuing Windows To Go drives to employees who work remotely, “improving productivity and reducing the number of employee-owned PCs that IT must support.”

“There’s nothing to install or configure. Employees simply plug the drives into their Windows 7– or Windows 8–compatible PCs or other devices, connect to the county network via a virtual private network, and work anytime, anywhere.”

Microsoft’s Windows To Go – an enterprise feature of Windows 8.1 – is a simple, cost effective way to liberate the corporate desktop from any single device by placing a full version of Windows 8.1, applications, security tools and policies onto a secure USB 3.0 stick. Employees and/or contractors now can work securely on most any laptop or tablet with a USB port.

Imation™ was an early proponent of the mobile USB workspace, so it’s gratifying to for us to see the growing excitement and adoption of Windows To Go among both enterprise and government organizations. As we meet forward-thinking IT leaders at seminars, trade shows, events around the world, it’s increasingly clear that Windows To Go represents an exciting and pragmatic new way to work for teleworkers, contractors and road warriors – and even students and teachers.

IT needs to keep evaluating new ways to increase security, manageability and flexibility for a mobile workforce while managing costs. In this context, we’re hearing from customers that Windows To Go delivers advantages over laptops in five key areas, as illustrated in our infographic, below:

  • Cost – The Windows To Go drive can be the D in the BYOD strategy, costing 1/5 to 1/10 what it would cost to deploy a laptop – a benefit for BYOD strategy and easing replacement costs for lost or stolen drives.
  • Security – The Ponemon Institute reports that only 31% of lost or stolen laptops were enabled for encryption. Standardizing on a Windows To Go certified, hardware encrypted USB 3.0 drive dramatically improves security from data breaches.
  • Manageability – Windows To Go lets you centrally manage the OS just as you do with laptops. In addition, innovations such as the IronKey Enterprise Service add the ability to track Windows To Go drives and do remote wipe or remote detonation if they are lost or stolen.
  • Deployment – Windows To Go drives are easy to deploy, lightweight to carry, and less costly to ship. And with provisioning tools, even hardware encrypted drives can be deployed centrally by the dozen.
  • Resilience – IDC report that 86% of organizations have had laptops lost or stolen, and more than half of those reported a security breach. A ruggedized, hardware encrypted drive like the IronKey Workspace W500™ resists both physical damage and physical tampering, and is useless to a thief if lost or stolen.

Of course, you can’t use a Windows To Go drive without a laptop. But when the work environment is on the move and BYOD is changing the rules of the game, Windows To Go delivers for IT and employees across multiple fronts.

We plan go into each of these advantages in more detail on the IronKey blog over the next few weeks, so watch this space. Comment below to share your thoughts in the meantime.

And if you want to learn more, download our latest whitepaper, an in-depth look at how organizations can use Windows To Go to empower and secure the mobile workforce.

Infographic Image

by

Sochi Games and Windows To Go – BYOB — Bring Your Own Burner

With reporters just starting to show up at the Sochi Games, their horror stories are emerging on everything from yellow drinking water, poisoned dogs and roofless hotel rooms to a hacker heaven. Digital connectivity and security are going to be hot topics and major issues during the Games. The IronKey Workspace™ for Windows to Go, a PC on a Stick™, is a great solution for anyone traveling to Russia. Here’s why:

Russia has LAWFUL interception of ALL communications. There is ONE network, completely government controlled. What this means is, if you want to be online — unless you are working on a highly classified government network from your country of origin — you WILL be monitored and almost certainly hacked.

Even if you have a VPN, the Russian network will own your PC, your credentials, your certificates, etc. So you’re toast.

But you have to be connected and get work done. What do you do?

Take three things on your trip:

  • IronKey Workspace W500™ for Windows To Go, with your needed applications and public files. You can plug the Windows To Go drive into almost any computer, work solely from the USB stick and not leave a trace behind.
  • Laptop, with the hard drive either disabled or removed (just to be safe)
  • Burner cell phone – buy with cash.

The good news is you can be connected this way without digital harm. The bad news is that, while you’re in Russia, you’ll have to assume all of your communications are public and not secure.  But you can stay completely connected, be productive, and still be safe when you return home.

While in Russia, you can use Windows To Go in your laptop, do all your work with your regular applications and stay connected to home base. The Windows 8.1 operating system you load on Windows To Go must contain applications and files that are not sensitive, because once you log on to the network, you need to assume anyone can see them and know it’s you. Same thing with when you use your cell. Even burner cells can be traced and triangulated. Just ask the DEA.

Once you get home, have IT re-provision your Windows To Go device. Or do it yourself. Load up all your applications and files, including all the sensitive ones. Windows To Go can be used again, completely securely in other countries. You can use it with your regular laptop or the drive-less one you got for the trip. Destroy the cell just like in cop shows.

Bon voyage!

 

w500-sidebar

by

3 Tips For Enabling Data Security and Mobility at Government Agencies

October marks the end of the US federal government’s fiscal year, and Imation’s mobile security experts are very busy discussing the benefit of our solutions with IT staffs at various agencies. We typically see an increase in interest near the end of the fiscal year, but there are a couple of reasons why our IronKey secure USB solutions are more top-of mind this year than in the past.

There is an increased focus from government agencies on enabling computer mobility. Like many other sectors, government agencies understand that mobile devices make employees more productive, a fact which was backed up as recently as May in an 1105 Government Information Group report. IronKey secure USB data storage devices and IronKey Workspace Windows To Go solutions enable end user mobility, as government employees can take their data and desktop environments with them wherever they go securely.

Microsoft Windows 8 spotlights how USB devices can serve as a secure, mobile computing alternative for BYOD. Microsoft cites Windows To Go, which enables a fully functioning Windows desktop to be booted from a USB device, as a key enterprise feature of Windows 8. Government agencies are taking notice.

At the same time, government IT staffs are justifiably concerned about security. The same 1105 Government Information Group report cited earlier notes that agencies are providing their employees with agency-issued devices, primarily because they are worried about the lack of control. A government mobility policy in these situations shifts away from BYOD, since employees cannot bring their own devices.

Any solution involving mobile devices (whether through employee devices or agency-provided devices) must include policies and technology to protect against data leakage or misused data.

In general, we offer these tips as part of such policies:

1) Access control: Agencies must establish and enforce strict methods for granting device access.

2) Auditing: IT departments should schedule frequent audits to make sure that devices are in the right hands and are being used appropriately.

3) Remote kill: Government agencies should deploy mobile solutions that enable remote kill capabilities, so that devices can be erased or destroyed if they fall into the wrong hands.

by

Enabling BYOD with a Secure Windows To Go IronKey Workspace

We have now announced Microsoft certification and general availability of our IronKey Workspace W500. Microsoft’s certification process is a rigorous one, so we are extremely pleased to put this stamp of approval on our latest Windows To Go solution. And we’re excited to bring our secure PC on a Stick platform to the Windows To Go solution set.

According to Intel’s IT Manager survey on the current state of BYOD, one of the two largest barriers to BYOD adoption is that the devices used by employees cannot support security, encryption or remote wipe.  The IronKey Workspace W500 solves IT managers’ security concerns with its hardware based encryption, ability to issue ‘silver bullet’ commands to remote wipe the device, and centralized management.  The IronKey Workspace W500 is truly an IT provisioned, IT managed and IT secured device that fits into your network.

intel barriers snap

Source: Intel

Gartner predicts that half of companies will require BYOD in 2017, and as this trend spreads from mobile phones and smartphones to the PC, our Windows To Go workspace offerings position us strongly in this space. Strong market interest in our solutions backs up this trend – for example, we have initiated pilots large organizations that are interested in deploying thousands of devices. Use cases we are seeing include:

  • Executive travelers are seeking to bring a secure device to insecure countries, instead of a laptop.
  • Government agency looking to provide a way for employees to telework securely, using the workspace device on their home PCs.
  • A hospital is looking at providing secure workspaces to medical residents instead of providing PCs –a 10X cost savings.
  • Top universities are testing IronKey Workspaces for their students to use in computer labs, and then to allow them to bring their computing environment home.

Our new IronKey Workspace W500 represents a powerful, secure PC on a Stick offering for enterprise customers. This is a high-performance, ruggedized, high-security platform for organizations who see opportunity in using Windows To Go to support their BYOD initiatives.

You can learn more about the IronKey Workspace solutions at http://www.ironkey.com/en-US/secure-workspace/index.html.

by

California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.

by

The Thumb Drive Conundrum: Managed USB and Encrypted Flash Drives Attack the Insider Threat

The revelation that Edward Snowden absconded from NSA with secret files on a thumb drive has generated predictable gnashing of teeth about the use of portable USB drives in secure organizations. At the same time, government and business organizations are successfully implementing secure deployments of portable USB drives so that employees can transport data they need to be productive.

The technology issue is one of competing needs: To be productive, mobile employees need the mobility, offline storage and security afforded by USB drives. To secure data, IT needs control of how employees move information and what information is moved.

The fact is that today, IT can take control without blocking USB ports. We’re not sure what safeguards the NSA had in place, but there are technologies that could prevent or mitigate this kind of insider threat. For example, secure enterprise device management software can offer:

Device Location – with managed USB drives, software can show the locations of every managed device when they connect to the Internet on a map. This allows tracking of a device that has “gone rogue” and could aid in recovery.

The “Silver Bullet” – the ability to either password-disable or perform a remote kill to completely disable the device if it goes missing or someone is suspected of copying data they should not have on the drive.

Geofencing, IP Blocking – It is possible to add rule features so that unless the device meets certain conditions, the data is automatically wiped. For example, IT could enable “geofencing” so that if device is outside the country, the data is wiped – or if it is on an unapproved network, or outside a certain IP range.

Have a Consistent Data Security Policy

It’s really a matter of having a consistent policy for your data at rest.  Many organizations require their PCs and Macs to have full disk encryption enabled.  But that policy is not enforced when it comes to removable media like a USB drive.  By using a manageable and encrypted storage device you can maintain a secure policy for your data no matter where it goes.

If we look at the SANS Top 20 Security Controls, Critical Control #17 – Data Loss Prevention specifically addresses how best to handle sensitive data and prevent it from leaving your organization without permission.  The advice from SANS is to, “deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data,” and that “enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices.”

For workers who travel, teleworkers shifting between work and home, or contractors working with your data, a secure, managed USB thumb drive is more secure than online file sharing, and certainly better than unencrypted and unmanaged notebook computers, USB devices and smartphones. And management adds an extra layer of security against both external and insider threats.  IT can address a number of potential security threats by implementing policies that require uses to use encrypted flash drives.

by

Obama’s Executive Order and Critical Infrastructure Protection

The big news this week in cybersecurity was the Executive Order from President Obama regarding our nation’s critical infrastructure, a catch-all term that includes power plants, water treatment plants and a lot of other utilities and services that, if impeded, could impact our lives in significant ways.

Reading through the text, the Order mainly allows for information exchange between government entities tracking nefarious interests and the private organizations running the critical infrastructure those nefarious interests would aim to sabotage. Certainly, this sharing of data can only help. By learning what the government is hearing, the companies will no doubt be better armed to know where an attack might be coming from.

Perhaps the biggest positive result of the President’s move is that the spotlight is now on the issue of critical infrastructure protection, at least for the time being. And I think it’s easy for anyone to conclude that the executive order does not go nearly far enough in providing guidance or dictating rules so that the infrastructure can be best protected.

Critical infrastructure protection is a complicated beast, made ever the more complicated because of the changing nature of the workplace. As an example, we live in a world that is more and more mobile. Even the U.S. government is encouraging its agencies to support mobile work environments. But a mobile world introduces new attack vectors for those who wish to do harm, let alone the vectors that already exist in our interconnected computing environments.

It can be a daunting challenge to secure these environments. Organizations are being targeted through remote attacks and their employees are also being targeted as travelers so they bring back malicious threats into the organization. As we’ve seen on more than one occasion, employees at many organizations have inadvertently carried malware and other malicious software into their work areas and have accidentally installed that software onto IT infrastructure.

The security industry needs to give organizations an advantage over malicious software.  A comprehensive approach to cybersecurity will address these and other scenarios.

One place to start is where our IronKey solutions sit– providing secure, mobile workspaces that are centrally managed. This allows employees at any company, let alone those operating our critical infrastructure, to work in any environment without risking a security compromise.

Solutions that involve hardware encryption, encryption key management, and strong administrative and access management controls should be incorporated into any government-driven requirements for critical infrastructure IT systems.

by

The Mobile Worker – A Look Back and a Look Ahead

In 2011, there were approximately 1.3 billion mobile workers and this number is expected to grow to 1.6 billion by 2015, according to IDC.  And as the breadth of our mobile workforce expands, the opportunity for targeted data breaches is increasing exponentially as well.

The rise of the teleworker is a boon to business and government organizations. At the same time, the expanding mobile workforce is fueling the evolving threat landscape — Symantec’s 2012 Norton Cybercrime Report notes that cybercriminals targeting mobile devices and mobile vulnerabilities doubled from 2010 to 2011.  IT departments must find new ways to protect corporate data at risk of malicious penetration from the outside, and malicious or careless insiders as well.

So what does this mean for the IT department? A new generation of mobile workers needs secure, portable workspace environments, and secure mobile device control systems.

Here’s another look at our advice for IT departments managing a worker-on-the-go:

  • Staff need to be educated on the responsibilities of handling mobile devices and the data security risks
    Proper training has to be a major part of educating staff on how to use mobile technology in order to do their jobs without risking a data breach.
  • Implement secure computing solutions that allow employees secure access to what they need
    Teleworkers need to be able to conduct their daily business from any location and must therefore be equipped with hardware encrypted solutions with strong user authentication.
  • Provide a secure platform that locks down the host-computer
    As organizations continue to accept that mobile workspaces are extremely convenient and flexible, advanced centralized deployment and management are key elements of maintaining and controlling a secure environment.
  • Make it easy and convenient enough to avoid workarounds
    Mobile devices must act like the desktop an employee has left at their office otherwise users will inevitably break security protocols.

Employees and IT organizations should learn from the security-related mistakes of the past. Technological advancements to the ways in which we work will continue to evolve and while it is not something that we want to stop but we must leverage the lessons learned and be smarter about mobile safety.

by

Secure Working can’t be Optional

Data Security Holes Shown In Global IT

Recently Imation released the results of a study which reveal some important home truths about the current attitude of workforces across Europe towards remote working. The survey, conducted across the UK, France and Germany, also highlighted worrying shortcomings in Europe’s major IT markets around secure remote working in terms of both technology and policy.
Read More