IronKey

Mobile Data Security Blog

Home  »  Archive by category "IronKey"

by

LATEST DATA BREACH: EVERY U.S. FEDERAL EMPLOYEE AFFECTED

 

Our special guest blogger is Tav Venia, an IronKey sales engineer, who is based in the Washington DC area and serves our Federal and Enterprise clients. 

Unfortunately, we’ve all heard about the hack on the personnel records and social security numbers for more than 4 Million+ Federal Employees at a U.S. Government Agency.  Data lost, stolen, or hacked:  it just represents another failure to protect our federal data.  For this, and many other reasons, now more than ever it’s imperative that all types of data is securely protected— federal, classified, FOUO (For Official Use Only), defense, employee, personal, etc.   Now is the time to get out in front of any and all possible threats and attacks to assure ourselves that our data is safe and secure from what can turn into “Tomorrow’s Headline”.   

Government employees are more mobile— working in the office, in the field and from home— which increases the potential for even more data exposure risks.  The ability to securely store and transport data while on the move is a necessity.  As the Federal Team Sales Engineer, I see how our U.S. Government and Agency customers are using the IronKey™ line of hardware encrypted hard drives to securely store and protect their sensitive information, among many, many other reasons.  But with the release of our newest hard drive, the IronKey H350, government agencies can enjoy the speed and performance advantages of USB 3.0 technology while realizing the benefits of the world’s most secure USB devices including FIPS 140-2 Level 3 certification, AES-XTS 256-bit hardware encryption and centralized management.    

Our customers can now save, backup and move data wherever they may be much more rapidly taking advantage of the USB 3.0 speeds.  As technology advances, data files are exponentially growing in size, the ability to securely store and move data quickly and efficiently from the field back to the government or agency office is of even greater importance.  Forgotten password?  No worries. On managed enterprise hard drives, IronKey provides the only secure password reset mechanism that allows users to recover data without erasing the contents on the drive or using a backdoor to reset the password.  Additionally, when data is not being access or used, the IronKey H350 can protect and secure Data At Rest (DAR), another use case of importance to our U.S. Government and Agency customers.  

Personally, with my job, I am constantly on the move traveling from place to place.  I use the IronKey H350 to back up all of my laptop data because we have all been there when Windows crashes and/or becomes corrupted giving us the Blue Screen of Death (BSOD) rendering our data lost and unrecoverable.  This can be a result of a Windows error or a simple drop of your laptop which damages the hard drive.  I don’t ever want to be caught in a situation where I don’t have a backup of my data.  Thanks to my IronKey H350 USB 3.0 hard drive, it now takes less than an hour to back up all of my data, a process that used to take many hours using a USB 2.0 Hard Drive.

by

IronKey eUSB for ePO is Now McAfee SIA Certified

Recently I blogged about IronKey’s release of IronKey™ eUSB for McAfee ePolicy Orchestrator (ePO), an extension for ePO that provides administrators the ability to deploy and manage IronKey hardware encrypted devices. Well today we have even better news. The IronKey eUSB for McAfee ePO is now officially certified by McAfee Security Innovation Alliance (SIA). This in-depth certification process involves testing the product and reviewing the underlying code, which provides McAfee ePO managers the piece-of-mind of having a third party validate usability and compatibility for even the largest deployments.

Here at IronKey we are thrilled by this SIA Certification.   As noted by Intel Security Senior Vice President Tom Fountain, “The combination of ePolicy Orchestrator software and IronKey hardware-encrypted USB drives means our joint customers have what we believe is the best secure, managed data-transport solution available.”

So why should you be investing in hardware encrypted storage?  Today, having hardware encrypted devices is the best way to keep your data secure when roaming.  If the device is lost, misplaced or stolen, you have a double layer of security making your device impregnable – not to mention a centralized management control system that can actively destroy data when needed. Also, you can optionally run McAfee anti-virus to validate the fidelity of files stored on IronKey devices providing an additional layer of security.

Some wonder if it is worth the investment in having a hardware encrypted device that can run AV software. The answer is yes – the cost of a high security device easily outweighs the potential cost of a data breach. Ponemon Institute noted that the average cost of a data breach is $5.9M and the associated loss of business was $3.2M. Another recent survey published by SANS showed respondents ranking with the greatest exposure was malware, introduced by unmanaged devices at 13.6% and with unencrypted USB devices closely following at 8.9%.

Health and Human Services also had some shocking data points:

    • Blue Cross and Blue Shield of Tennessee lost 1M+ records due to unencrypted hard drives
    • Alaska Department of Health and Human Social Services paid a nearly $2M settlement due to data lost on an unencrypted USB flash drive
    • A company called Adult & Pediatric Dermatology lost 2,200 patient records due to an unencrypted USB flash drives

So if you’re an ePO administrator, there is good news for you. Don’t risk the cost of a data breach and use the newly certified IronKey eUSB for ePO by Intel Security. You will be thrilled in adding world class hardware encrypted storage devices and having the capability to manage them easily from your ePO console.

by

Keeping Patient and Hospital Information Safe

In September 2014, Forrester Research published a brief titled “Stolen and Lost Devices Are Putting Personal Healthcare Information at Risk”. Amongst the findings were two important trends:

Healthcare is becoming more mobile – approximately one-third of healthcare employees now work outside the office or clinic at least once a week.

Healthcare records are five times more likely to be lost due to device theft or accidental loss.

Today, personal healthcare information (PHI) records are more accessible than ever before. These PHI records contain important personal information such as social security numbers, medical history, and insurance information. Technological progression in the medical world is giving us advancements such as real time medical data on our smartphones and mobile messaging systems so hospital staff can get to patients faster. Although this progression is exciting, with all of this patient information floating around in technology, it makes it harder to keep our data safe.

With so much mobility, it’s not surprising that data protection has become a big problem. Mobile devices are simple to carry from one workplace to the next, but they can be easy to lose. To protect our data, we need a way to prevent unauthorized people from accessing the content of a lost or stolen device.

The solution is to use encrypted USB or external hard drives, such as the new IronKey™ S1000 3.0 USB. These secure storage devices combine encryption, which encodes data, making it unreadable to all but authorized users, with cloud-based management functionality that enables an organization to remotely wipe data from a device even if it is no longer in their possession.

Healthcare facilities need to address the realities of mobile work practices but they also need to protect the information in their care. The task is made a lot easier with a good device policy and the right tools.

by

The Age of Hacking

In today’s digital age, teaching children to code seems like a fantastic idea. Children are already spending huge amounts of time using technology, whether it’s a laptop, smartphone or tablet device and these IT skills can be essential in their future careers. However, whilst we must help a new generation of competent workers prepare for the digital world, how can we make sure that children will use their coding and programming skills for good and not evil?

Over the past years we’ve seen a number of technological innovations aimed at equipping children with basic programming and coding skills – from the Raspberry Pi to the recently launched Hackaball, a programmable ball aimed towards 6-10 year-old children. This demographic has been a key target for the UK government who have dominated the primary computing curriculum since September 2014.

However, with these skills being so easily transferrable to illegal activities such as hacking and cybercrime, how can we ensure that the lure of mischief, malice and money won’t sway children to ‘the dark side’? In January of this year, a seven-year-old girl hacked a public Wi-Fi network in just over ten minutes by learning how to set up a rogue access point to activate what is known as a ‘man in the middle’ attack. We know that this is already happening – hackers as young as 16 years old have been arrested for cybercrime, and the Home Office has warned that young video game hackers could be the next generation of cybercriminals.

So how can we tackle this? When it comes to children and young adults, the first place to start is at school and at home. Responsible adults, teachers and parents have a duty to ensure that their children, or pupils, are not engaging in criminal activity, and this is no different in the cyber world.

However, the problem we encounter here is the massive gulf between adults and children when it comes to understanding technology. An Ofcom survey released in August last year found that younger people have a far more advanced understanding of technology devices than adults – with 6 year olds having the same level of knowledge as the average 45 year old. In fact, teenagers aged between 14-19 years old are the most digitally confident in the UK.

If teachers and parents are to monitor and guide young people’s use of technology and make sure they’re not becoming involved in cybercrime, they must first be able to understand the technology themselves.

Secondly, we must consider the types of devices and technology that young people are using and put appropriate security measures in place to limit the possibility of malicious use. Technology like the Windows To Go USB Flash Drive would give young coders a replica desktop, just like the one they have at school, that they can take home and use on any device, without affecting or accessing the data and operating system sitting on that device. With a Windows To Go device it’s very easy to manage activity. The school can control the transfer of information and wipe, delete, monitor actions on the device, this way, the youngsters can hone their coding skills without being able to get in trouble by conducting activities outside the school’s remit.

What is clear is that we must not discourage children from learning these skills – they are absolutely essential for future employment and also play an important role in their everyday socialising with their peers. We must also accept that we cannot stop this evolution. Children are already learning these skills, with or without your knowledge and input, so the best we can do is to help shape that knowledge and put them on a good path.

by

IronKey eUSB for McAfee ePolicy Orchestrator (ePO)

Supporting McAfee, MXI, Imation and IronKey F and H Hardware Encrypted USB Drives, and ePO 4.6 and ePO 5.1

IronKey has recently released IronKey eUSB for McAfee ePolicy Orchestrator (ePO), an extension for ePO that provides administrators the ability to deploy and manage IronKey hardware encrypted devices. This extension provides many features such as the ability to centrally manage the devices, set customized policies for authentication, initialization, revocation and backup, set password policies including complexity and retry, remotely wipe devices, and use self-recovery of passwords to reduce costs.

So what devices are supported? The better question is what brands. Today eUSB for McAfee ePO supports IronKey F200, F150 and F100 flash drives, and IronKey H200 and H100 hard drives. In addition, there is support for older MXI, Imation and even McAfee branded devices. How did we get here? The original version of the eUSB extension was released in late 2008 and was created through collaboration between McAfee and MXI Security (now part of IronKey). In 2011, following Imation’s acquisition of MXI Security, Encryptx and IronKey, McAfee dropped support of eUSB. Imation took over the support of the original code and did minor upgrades such as support for German and Japanese languages resulting in product versions under the Imation brand.

In 2014 with the continued growth of ePO and increasing demand for managed encrypted storage, IronKey re-started development of the eUSB software. This new release, licensed per device managed, supports both ePO versions 4.6 and 5.1, and includes language support for English, German, Japanese and French. This release will also be certified by McAfee’s SIA labs

IronKey continues to be excited about our expanding support of ePO. We’ve seen strong interest from many ePO administrators who have been looking for the ability to whitelist and manage hardware secure devices on their systems and IronKey looks forward to helping fulfill these requirements.

by

Majority of Healthcare Breaches Are Due to Loss or Theft, Not Hackers

I just recently read an article about how a healthcare organization lost backup hard drives containing personal information on nearly 40,000 of its clients. To make matters worse, the article stated that there was “no mention of strong encryption being applied to the records, implying that they were stored relatively insecurely.” WHAT?  I shake my head in frustration because there is a simple solution. Why don’t more healthcare companies deploy secure USB?

You might be surprised to know that the majority of breaches come from lost or stolen devices, not hackers. In fact, sixty-eight percent of all healthcare breaches are from loss and theft. This leads me to conclude that most healthcare companies insecurely store, and therefore risk losing their clients protected health information (PHI) such as birth dates, medical records, and Social Security numbers.

Sadly, it looks like this trend won’t be ending anytime soon.  A recent healthcare data breach forecast predicted that employees (not hackers) will continue to be the greatest threat to securing healthcare data including PHI.  The forecast goes on to say that despite all signs pointing to employees as the largest threat to a company’s security, business leaders will continue to neglect the issue in favor of buying more “appealing” security technologies aimed at preventing intrusions from outsiders in 2015. (sigh)

So here’s the good news – there is a workable solution that’s easy for healthcare organizations to implement. One simple, affordable option is to store PHI and other confidential data on a portable, encrypted external hard drive or USB instead of storing data directly on the laptop.  There’s a class of readily available hardware encrypted devices that are virtually unhackable and can be remotely wiped should they be lost or stolen.  And, these drives deploy the highest standards of protection with AES-256 encryption.   These highly secure drives even protect data and applications from malware like BadUSB. And their rugged design makes them nearly indestructible.  They’ve even been known to survive an autoclave! 

IronKey™ offers the most secure storage solutions and mobile workspaces available.  So, don’t be tomorrow’s headline.  Check out our healthcare security solutions today.

by

Introducing the Golden IronKey Program

The iconic IronKey flash drive is going GOLD to commemorate more than two million devices sold!

Leading enterprises and government agencies in more than 50 countries turn to IronKey to protect their invaluable data and secure their mobile workspaces.  To celebrate this milestone, we have launched the Golden IronKey Program to thank our largest and most loyal customers and channel champions.

The Golden IronKey drives are our new IronKey Basic S1000 USB 3.0 8GB high-performance, high-security drives encased in our traditional durable aluminum housing with an exclusive gold finish.  And we’ll be giving away 1,000 of these limited edition drives!

How can you get one of these Golden IronKey drives?

IronKey by Imation executives and employees will be giving these limited edition drives to select customers and partners.

IronKey customers can also receive a Golden IronKey by sharing your personal story about how our products are being used in your enterprise.   To go for the gold, all you need to do is answer the questions outlined in our submission criteria; which is really just the basics.  You can find the submission criteria on the Golden IronKey website page or download our submission guidelines.  Once completed, simply email your submission to goldenironkey@imation.com.

It’s rewarding to see customers around the world using IronKey to safeguard their mobile workforce and the data it depends on, no matter where it goes.

We invite you to join in on the conversation with #goldenironkey.

by

Introducing the IronKey S1000 USB 3.0 Storage Drive

 

Meet the newest addition to the IronKey™ secure storage family of flash drives:  The IronKey S1000.  Building upon IronKey’s history of providing the world’s most secure USB storage devices, users now have a choice between IronKey’s industry-leading USB 2.0 and 3.0 devices.  Check out some of the highlights of the IronKey S1000:

Blazing Fast USB 3.0 Performance

Realize read speeds of up to 400 MB/sec and write speeds up to 300MB/sec. That’s double the performance of competing hardware-encrypted USB 3.0 flash drives and up to 10x faster than a USB 2.0 drive. Storage size has doubled too, with capacity up to 128GB.

Strongest USB Security Available Today

The S1000 protects files with Federal Information Processing Standards (FIPS) 140-2 Level 3 and National Institute of Standards and Technology (NIST)-approved XTS-AES 256-bit encryption, ensuring compliance with the most stringent government and industry regulations while allowing workers to remain mobile.  As with our other products, the S1000 requires code signing for firmware updates  and protects against attacks such as BadUSB and now the most recent Equation Group hard drive attacks to which other USB vendors are vulnerable.

Additionally, the IronKey S1000 military-grade, ruggedized design resists physical tampering and will self-destruct if unauthorized attempts to physically obtain access to the data are made.

Backed by a Lifetime Warranty

Our products are built to last.  They can withstand being run over by a Land Rover and multiple cycles in the washing machine.   In an industry first, we are offering a lifetime warranty for our IronKey S1000 family.  

The IronKey S1000 is available in two versions for maximum flexibility:  IronKey Basic S1000 and the centrally managed IronKey Enterprise S1000. 

Which product should I use?

If you have a desktop, laptop or tablet with USB 2.0 ports, the IronKey S250 and D250 devices are a perfect fit.  But if you have a desktop, laptop or tablet with USB 3.0 ports, you’ll want to look to the IronKey S1000 to take advantage of the faster speeds, enhanced encryption and the lifetime warranty.   

by

Equation Group Attack on Hard Drives – What Can Your Organization Do?

 

This week Moscow-based Kaspersky Lab published a report that examines a group of hackers, the Equation group, and the depths they have gone to for many years to spy.  The report outlines the attacks in detail and highlights, “the group’s attack technologies exceed anything we have ever seen before.  This is the ability to infect the hard drive firmware.”

As you consider your options, keep in mind there are a number of approaches to prevent the Equation group’s attack against hard drives.  

 A fundamental feature that every enterprise bound hard drive should have is preventing its firmware from being altered by an unauthorized agent.  The best protection against this vulnerability is to use code signing for firmware updates. Such devices will not allow unsigned firmware to be loaded onto the device.  As a further level of protection if somehow unsigned firmware was present on the device, it simply will not operate.

For your external hard drives I suggest these be replaced as soon as possible with drives that support firmware signing.

Protecting your internal hard drives is more difficult.  These drives could be infected at any time by self-replicating code such as “Fanny”, physical media (e.g. CD-ROMS), USB devices susceptible to BadUSB, and Web-based exploits. Swapping out internal hard drives is an expensive and time consuming proposition.  One option is to immediately switch to a Windows To Go flash drive that supports firmware signing for all of your critical systems as a hard drive replacement. 

Windows To Go equips users with a portable Windows corporate image.  It uses the flash drive as the system disk, completely insulating the user from the risk of any hard drive infections on the onboard hard drive. This is significantly less costly than replacing the computer’s internal hard drive with a FIPS-approved hard drive and can be easily done in the field without having to pull apart the computer. And, as an added benefit, Windows To Go drives can be centrally managed enabling organizations to track the devices and disable them if lost or stolen.

IronKey™ secure USB hard drive, flash storage and Windows To Go devices are not vulnerable to the Equation group’s malware or the BadUSB attack. IronKey’s leadership in security, including its use of digital signatures in all controller firmware, makes its products immune to these threats.

 

 

by

SE Diaries: My Own Use Cases for Windows To Go

Our special guest blogger is Matt Drake, an IronKey sales engineer, who joined the company in 2013. 

As an IronKey™ sales engineer covering Asia Pac, I am always on the road constantly relying on my Windows To Go device. While my corporate laptop is my primary machine, I never leave home without my IronKey Workspace W500 64GB setup. This device allows me to utilize any Windows compatible PC as my corporate desktop. The separation of hardware and software components opens up a lot more flexibility for how people can consume IT.  My IronKey flash drive acts as my second work PC and personal crisis solution.

I have had the misfortune in the last six months with having two significant IT issues; both taking several days to resolve. Despite being a home-based worker who travels regularly (with no IT department at the end of the corridor to leap to my rescue), in both cases, my down time was minimal.

 A few months ago, I fired up my laptop and found it was unable to connect to any network, wired or wireless. So what did I do? I simply grabbed my W500 and booted my “broken” laptop into Windows To Go. Bingo. Everything worked as it should. This had the double advantage of proving the issue was software related, helping speed up the resolution, but more importantly, allowing me to carry on until our support team implemented a solution.

 Then, a few weeks later I had a laptop screen failure. Yes, this was fixed a day and a half later by the hardware vendor’s onsite support, but without my Windows To Go device as a backup, I would have been limited to using my laptop at home with a desktop monitor. Not great if you have to do customer visits. Instead I borrowed my wife’s MacBook and took that to the meeting, booting into my Corporate Windows desktop using my W500.

Fortunately IT failures are not regular events. They do happen, and often at the most inappropriate moments. Having a Windows To Go device in your pocket or brief case can save your bacon. I make sure I use mine fairly frequently so mail does not get too out of sync and Windows updates are not too far behind. I also use a real-time backup service on my primary laptop. The syncing of documents to either a cloud service or corporate file share not only provides a backup, but is also helpful for accessing data across multiple devices.  

Another key use of Workspace devices is to test software. When Microsoft released the Windows 10 Technical Preview, they stressed that it should not be used as a primary device. As a home based worker I have limited additional hardware to test software – no problem. I installed Windows 10 onto an IronKey W300 Windows To Go device. Adding Microsoft Office makes it a useable tool for most of my work, so I can happily explore this exciting new OS, safe in the knowledge my “real” corporate desktop is a quick reboot away.

 This is how I use Windows To Go to help me be more productive. What about you?