IronKey

Mobile Data Security Blog

Home  »  Archive by category "IronKey"

by

The Problem With BYOD (Computers)

Sure, everybody is excited about BYOD. You can use your personal phone to make business calls and read your corporate email. But the real cost savings for BYOD is “bring your own computer- BYOC”. There is no need to purchase, maintain, and upgrade computers; we just let the employees do that.

But wait; there are two BIG issues with Bring Your Own Computer.  The first is an IT issue. The IT team has to install applications, security tools, and management software onto each employee’s laptop. That means IT has to support a range of computer types (including Macs) and OS versions, and deal with incompatible applications running on the employee’s personal device.

The second issue is all about end-user satisfaction. I can hear the screaming now.  “What do you mean you are going to install monitoring software, file scanning, corporate applications, and Internet proxies on MY PERSONAL COMPUTER??   How much space is that going to take? Does this mean Corporate can see my personal files?” My users will rebel.

Good news for IT and the end user –  both of these issues can be easily addressed with Windows To Go.  Let them use their personal hardware – Macs, PC laptops, tablets – but have them run their corporate workspace from an IronKey ”PC-on-a-Stick”  Windows To Go USB flash drive. They run IT’s corporate Windows image with locked-down security controls and policies, applications, and data, but IT never touches their personal hard drive. Complete isolation between work and personal environments!

If you want happy employees, let them use their personal PC, but have them use an IronKey Windows To Go drive and don’t touch their personal system.  This is truly win-win. IT saves a boatload of money and users have a portable corporate workspace they can plug into their personal laptop, a home computer, or a computer they borrow at work.  When was the last time you rolled out a major cost savings initiative and got happy users at the same time! BYOC – bring it on!

by

Savvy Security Users: IronKey USB 3.0 Hard Drives Now Available!

 

New IronKey™ USB 3.0 SuperSpeed Hard Drive – First to Offer Cloud Management

To all you savvy security users, here’s some great news! The IronKey Enterprise H300 USB 3.0 SuperSpeed external hard drives are now availableThese new devices can be managed in the cloud or on-premise with the same console used to manage IronKey Enterprise S/D 250 flash drives and IronKey Workspace W700/W500 devices for Windows To Go.

What does this mean for existing customers?

This product lets you enjoy the high-performance benefits of USB 3.0 while safeguarding up to 1TB of data on a USB hard drive.  If you want management capabilities, and are already using the IronKey Enterprise Management Console for IronKey Enterprise flash drives or our secure workspace devices, then all you need to do is add this device. Quick and easy! 

What does this mean for new customers?

Looking for an affordable, high-security external hard drive in today’s market? Look no further! New customers can select from two versions of the latest from IronKey: the IronKey Enterprise H300 and the IronKey Basic H300.  Both feature hardware encryption and a Section 508 compliant control panel available in eight languages, but with the IronKey Enterprise H300 hard drive, you’ll also get cloud-based, or on-premise, centralized management capabilities.

What platform is used to manage the IronKey Enterprise H300 drives?

The IronKey Enterprise H300 drives can be managed with the IronKey Enterprise Management Service or Server to establish a secure storage command center for administering the use of IronKey encrypted drives.  Both include advanced management features such as Active Malware Defense and the IronKey Silver Bullet Service so IT professionals can centrally administer policies, re-commission devices that are no longer in use and even remotely wipe, or disable, lost or stolen drives.  All you have to decide is whether you want your management capabilities in the cloud or housed internally. 

And if you happen to lose your password, don’t sweat it! The IronKey Enterprise H300 is the only drive on the market to offer secure password reset when a password is forgotten, without erasing all the content on the drive.

Where can I get an IronKey H300 hard drive?

The IronKey H300 hard drives are immediately available through Imation Mobile Security channel partners. The IronKey Basic H300 can also be purchased on our estore. Pricing is competitive, starting at $199 for 500GB and $249 for 1TB. Enterprise management licensing fees are additional for IronKey Enterprise H300 and start at $24 per year per user for management in the cloud.

What does this mean for you?

IronKey H300 hard drives offer the best value in the market today; enabling you to enjoy the high-performance benefits of USB 3.0 technology, cloud and server management capabilities, and of course, the highest security available.

 IronKey H300_LFT

by

Travel Light and Secure

 

Hi, I’m Peter. I’m a Senior IT guy working for a big, growing enterprise.  I set the strategy and I’m responsible for the execution of IT infrastructure in my organization.   I need to worry about cost, security, and keeping my customers happy. We have pretty solid IT processes leveraging Microsoft tools, so I’m not about to set my IT team on some wild new solution that requires years to integrate. Recently, after a big meeting with the execs on cutting costs, I came across Windows to Go from Microsoft. Here is a solution that is secure, can save tons of money, make my customers happy, and fits into my IT workflow – Freakin’ SWEET!  My CISO stood up and applauded when I presented this to senior MGMT.  Needless to say I’ve become a big fan. In fact, they call me Windows To Go Guy around here. There are so many ways to apply this technology across my organization. I don’t get a commission on this stuff – I just love cool technology that makes sense. Here’s my blog entry:

Disclaimer: This blog is based on real Windows To Go ® use cases.  The character is fictitious to protect the names of our customers.  Any resemblance to actual customers is coincidental and not intentional.

I’m a Windows to Go guy. I carry my workspace around with me in my pocket, wherever I go. I don’t have to worry about hiding a laptop under the car seat. I don’t have to worry about it sliding off the seat during a sudden stop and I don’t need to try fit it under my coat during a sudden downpour.

One evening after work I had promised to stop at the local store to pick up some groceries. In line ahead of me were some military personnel dressed in camo. I noticed one person was carrying her laptop.
“Hey folks, I really appreciate what you guys do for our Country, but tell me, what’s with the laptop in the grocery store-are you expecting an email from the president?” I joked.

The corporal replied, “Military rules- laptops can’t leave our side. We even take them into the bathroom”.

“That stinks,” I replied.  “Let me show you something,” I replied. I whipped out my IronKey Workspace W500™, my PC on a Stick™ and explained that this was my laptop, FIPS secured against the worst imaginable attacker. It is virtually indestructible too, and I intentionally dropped it onto the hard tile floor to make my point.

“I have got to get my hands on one of those” she said.

“You are right about that, we can make your next bathroom or grocery stop a much more pleasant experience.” I replied.

by

Standing Room Only: BadUSB at Black Hat

 

Our special guest blogger is Chris Louie, an IronKey sales engineer, who joined the company in 2011. 

As I took my seat in the packed Black Hat ballroom, I could sense the level of concern as everyone anxiously awaited the findings on BadUSB. Attacks against USB flash drives are nothing new, but they’ve always centered on the data being compromised or leaked.  Now we’re about to learn about a radically different type of attack. Suddenly the lights dim and the session title flashes across the screen: “BadUSB – On accessories that turn evil” presented by the authors of the malware.

Immediately, things looked bleak for security-minded professionals everywhere. A new type of threat has emerged! Malware is no longer relegated to only files stored on USB flash drives, but can now reside in the controller firmware inside the USB flash drive. And to make matters worse, it doesn’t just affect USB flash drives, but any USB device that has the ability to update its firmware, such as Android-based phones and tablets. BadUSB also has the ability to trick the computer into thinking a flash drive is a mouse or keyboard. Once a computer is infected, it will attempt to infect every USB device that connects to it in the future.

Now if that’s not enough to keep CIOs and CISOs awake at night, the malware authors state that there is currently no mechanism to detect or remove BadUSB from affected devices and computers. It acts as a launch pad to attack computers with the malware author’s attack of choice. Installation of Remote Access Trojans, key loggers, DNS cache poisoning, botnet creation and ransomeware are just a few of the cyber-criminal tools that can be deployed with the help of BadUSB.

Fortunately, not all is lost! BadUSB takes advantage of a commonly found practice in the flash drive industry: the vast majority of USB devices do not require digitally signed code in order to do a firmware update. Since day one, every IronKey device has followed the best practice of requiring digitally signed code for firmware updates to protect against this exact type of attack vector.

During the Q&A session with the malware authors, someone asked if requiring digitally signed code for firmware updates would protect a USB device from this attack.  The audience were assured that those devices are not vulnerable to this attack.

So get rid of that potentially dangerous flash drive and upgrade to a secure flash drive that cannot get infected with BadUSB.

 

 

by

New IronKey Channel Program Debuts at Microsoft Worldwide Partner Conference

 

Interested in capitalizing on the emerging opportunities available with Windows To Go?   The IronKey Partner Program unveiled at this week’s Microsoft Worldwide Partner Conference in Washington DC.  Designed to make our partners successful, the new program, consisting of Platinum, Gold and Silver levels, enables security resellers and Microsoft Certified Partners to more easily and profitably sell the family of IronKey Workspace PC on a Stick™ products for Windows To Go.   If you’re at the show, stop by our booth #621 to learn more.

Our new IronKey Channel Program elements include:

* A deal registration program offering generous margins and recurring revenue from license and maintenance renewals.

* Training via a variety of formats including new online courses.

* An enhanced partner portal for lead tracking, sales and marketing support programs and technical resources.

We’re hearing great things from our partners about the reception to Windows To Go as organizations look to meet the needs of an evolving mobile workforce.   But don’t take my word for it; here’s what our partners had to say:

Ed McNamara, Director of Communications and Marketing at SHI International Corp

“The BYOD trend has been a closely watched topic as the demands of a more mobile workforce clash with IT’s need to keep corporate data and the network secure. We’re looking forward to providing customized Windows To Go solutions for trusted IT-managed workstations.”

Ted Murphy, President of Matrix Mobile Security Solutions

“The healthcare industry is notoriously slow in adopting new technologies because of stringent regulations and compliance requirements for protecting patient health information (PHI). Together, Windows To Go and IronKey’s secure PC on a Stick are a breakthrough in supporting a more mobile healthcare workforce while ensuring security.”

Larry Hall, Vice President of Purchasing and Partner Development at Paragon Micro

“New mandates are requiring a certain percentage of federal employees to be teleworkers. Federal agencies are struggling to meet these mandates due to security concerns that unauthorized devices could access government networks. Based on the early success we’ve had with a large federal agency, we see great value in being an Imation partner selling the IronKey secure mobile workplace solution.”

Click here to learn more about the partner program.

by

IronKey Workspace W700 Drives with FIPS 140-2 L3 Set New Standard in Mobile Workspaces

 

Great news for government and other highly-regulated enterprises that require a FIPS 140-2 Level 3 Windows To Go drive— IronKey Workspace W700 ™ drives are now available!   Our W700 PC on a Stick™ drives are the first Microsoft-certified Windows To Go devices to be FIPS 140-2 Level 3 validated. Now you can enjoy all the benefits of Windows To Go while meeting strict data security mandates.

Why is this Significant for Government Agencies?

If your agency is looking to provide mobile workspaces for your contractors, field workers, employees who want to BYOD or telework, this solution is a “no brainer”.  The Windows To Go approach is up to 90 percent more cost effective and more secure than issuing a new laptop or using VDI.  Visit our use case section to learn how agencies are using Windows To Go today (link to Use Case section).

What is Windows To Go?

Windows to Go is an enterprise feature of Windows 8.1 that lets people be productive from almost any location they choose to work by inserting the Windows To Go USB drive into any compatible PC of their choice. An organization’s corporate image, operating system, applications and data are all contained on the Microsoft-certified IronKey Workspace USB drive. The host PC boots completely off the Windows To Go drive using local resources such as monitors, CPUs and network connections.  The Windows To Go drive can be centrally managed and offers remote wipe features to protect against loss and theft. The Windows To Go solution is ideal for mobile workers, teleworkers and contractors, fueling secure “Bring Your Own Device” (BYOD) strategies that allow employees to use their home PCs for work.

IronKey Workspace W700

by

Securely Working from Home – Freakin’ SWEET!

 

Hi, I’m Peter. I’m a Senior IT guy working for a big, growing enterprise.  I set the strategy and I’m responsible for the execution of IT infrastructure in my organization.   I need to worry about cost, security, and keeping my customers happy. We have pretty solid IT processes leveraging Microsoft tools, so I’m not about to set my IT team on some wild new solution that requires years to integrate. Recently, after a big meeting with the execs on cutting costs, I came across Windows to Go from Microsoft. Here is a solution that is secure, can save tons of money, make my customers happy, and fits into my IT workflow – Freakin’ SWEET!  My CISO stood up and applauded when I presented this to senior MGMT.  Needless to say I’ve become a big fan. In fact, they call me Windows To Go Guy around here. There are so many ways to apply this technology across my organization. I don’t get a commission on this stuff – I just love cool technology that makes sense. Here’s my blog entry:

Disclaimer: This blog is based on real Windows To Go ® use cases.  The character is fictitious to protect the names of our customers.  Any resemblance to actual customers is coincidental and not intentional.

Perhaps I’m a bit of a workaholic, but I don’t think I’m alone. After the kids go to bed, I read email, work on reports, look at presentations, and study excel spreadsheets. I’ve tried webmail  and VPN access to file shares from my home computer, but it is just not the same as having your own workspace at home with you. For the past 20 years, I’ve had to lug my laptop between work and home. But laptop screens are tiny when you are looking at a 50-column spreadsheet or comparing two documents side by side.  My home computer on the other hand, has a 27” monitor, surround sound, and fast direct Ethernet connect. In addition, we just bought a new Mac – sweet! I’ve wanted to use my home set-up for work and I’ve waited patiently, for 20 years to solve this problem.

Enter Microsoft Windows to Go. Six months ago, I loaded my entire workspace onto a tiny IronKey Workspace W500 ™ USB 3.0 flash drive with the works: OS, apps, AV scanners, and data.. With 128Gbyte, there is plenty of space. When I’m at work, I plug this device into my work computer and run my workspace from the drive. Because it is flash, it runs much faster than my spinning hard drive in the host computer. When it is time to leave the office, I simply unplug the USB drive, stick it in my pocket, and head for home for dinner with the kids.

Later in the evening, I retire to my man-cave, slide the IronKey Workspace W500 flash drive into my mega machine, and my workspace magically appears before me. I settle back into my deep cushion chair, turn down the lights, fire up some hard rock, and slip back into my working world in the comfort of my home. Now that’s productive work at home!

by

Security Policies – The Importance of Getting It Right

 

Last month I was chatting with a journalist and he asked me what my top three security tips for an organisation would be. I started answering his question by saying that companies had to look beyond ‘good enough’ security, consider whether passwords in their current format were really secure, and just as I was about to deliver my third tip, I realised that these were all superseded by the need for a comprehensive security policy, which if approached correctly would address these points.

By comprehensive I don’t mean that companies need to create an enormous document with sub sections of sub sections. What I do mean is that any security policy needs to take into account new developments, disruptive technologies and the ongoing evolving, sophisticated nature of cyber attacks. A security policy cannot be a static document and yet all too often it is. Security is a constantly changing market and, as such, companies cannot afford to be complacent/fall behind.

Not sure? Well just think about the IT environment just five years ago. How we work, the devices we use and where we store content has all changed. Previously companies could be confident that sensitive data was stored only on PCs, but now that information sits on smartphones, laptops, tablets and cloud. The associated security risk is wide ranging. That’s why your security policy needs to be continually evolving – taking changes in working practices, not just the security landscape, into account.

Here are my top five tips for ensuring you create a robust security policy that, rather than gathering dust, provides tangible value to your business:

1. First of all, you need to ensure that you understand your business’s operating environment so that the policy effectively mitigates the threats and risks you face, as well as looking after the assets that you’re seeking to protect. Could lives be lost or just corporate data? Are you subject to the risk of corporate espionage and insider threats on top of cyber attacks? This might seem like an obvious point, but is often overlooked by companies. There is no one size fits all approach when it comes to formulating a security policy – it should be as unique as your business.

2. It’s unlikely that without the aid of metal detectors and full body searches you’ll be able to completely ban or prevent the use of portable storage devices within your organisation. Especially as more and more employees work from increasingly disparate and varying locations. Therefore, a key element of any security policy should seek to protect the data on those devices and state that only password protected USB devices should ever be used to store corporate data.

3. No computer or tablet that’s not ‘locked down’ by IT should ever be connected to the corporate network – either from inside (fixed line or wireless) or outside (VPN or VDI). Equally though, your security policy needs to actually enable your business. So, in order to ensure you can accomplish this without causing a lot of user frustration, consider allocating employees with a corporate computer for use inside the network and an IT secured USB device for outside.

4. Encrypt your data. Whether your data is in transit or at rest, encryption is absolutely critical to safeguarding confidential company information. Whether you use strong authentication or hardware encryption will very much depend on your organisation, but don’t make the mistake of thinking that encryption is a silver bullet. You need to be able to manage encrypted devices in order to ensure that if there are any concerns that data integrity has been compromised, it is possible to remotely wipe the device.

5. Human error is a huge potential vulnerability when it comes to security and your policy should seek to mitigate the risks associated with human nature. Passwords in their current format are inherently insecure, so don’t rely on them alone. Use multi-factor authentication such a voice, retina or biometrics – something unique to the individual. This might all sound a bit ‘Minority Report’ now, but in five years’ time, such implementations will be commonplace.

Does your organization have a comprehensive security policy in place?

by

Heartbleed – Don’t Be the Next Victim

 

Heartbleed, the recently uncovered security bug in the open-source OpenSSL cryptography library, is yet another example of a serious security weakness. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. When information is stored where it can be accessed publicly and the secret keys are compromised— as in this case— confidential information such as the names and passwords of website users and the actual content and information are easily revealed to hackers. Fortunately for users of IronKey™, our products have NEVER contained the vulnerable version of OpenSSL, so your data remains IronKey strong.

 

Security vulnerabilities, like Heartbleed, remind enterprises just how dangerous it is to trust storing critical information in a publicly accessible location. Passwords, encryption keys and data are all at risk in these systems. If data must be stored publicly, then it should be encrypted using a security key that is fully protected from unauthorized access. Using a hardware-based secure storage technology, such as a secure USB flash drive, to store the key and encrypt the data is the only way to be sure no outside hacker will gain access to your data. And with centralized device management, enterprises can further enhance their security measures by administering usage, password and encryption policies; even remotely destroying a compromised device erasing every block of data and initiating its self-destruct sequence, rendering it unusable.

 

IronKey makes the world’s strongest, most secure storage devices, used by the most demanding enterprises and government agencies to protect their data. Don’t become the next victim. Think IronKey.

 

by

Encryption and Management are the Keys to Securing the Mobile Workforce: Secure Mobility Face-off, Part 2

 

I’m perplexed. Why don’t more companies encrypt their employees’ sensitive data? There is no technology barrier and the cost is insignificant compared to the cost of a data breach.

In a world where a data breach can cause tens or hundreds of thousands of dollars in fines that are only magnified by negative publicity, why wouldn’t every organization simply enforce encryption on data at rest – in servers, on laptops, and on USB drives – as a basic standard for doing business?

The need for encryption everywhere is further magnified by BYOD. IT leaders are waking up to the opportunity to extend BYOD strategies to PCs using technology like Windows To Go to reduce costs and improve productivity.

With Windows To Go, users can now put their entire Windows 8.1 operating system with their applications on a certified Microsoft USB drive, e.g., your whole PC on a Stick ™. The drive should be encrypted and ideally hardware encrypted to protect your private files from both brute force and physical attacks.

Strong Mobile Device Security – Encryption + Management

But encryption only gets you so far. What if a formerly trusted employee walks off with their drive, or what if their password is compromised? As an IT customer at a university recently told us:

“An unmanaged USB is like a time bomb.”

Encryption and management go hand in hand. Management improves the user experience by automating authentication for lost passwords. Systems like IronKey Enterprise Management ™ allow devices to be tracked whenever they are plugged into an Internet-connected PC, and even enable remote kill commands, so that a lost device can be completely disabled from afar.

This capability means that in a BYOD scenario, a hardware encrypted, IT managed Windows To Go PC on a Stick actually offers greater security than the typical PC deployment!

If you want to learn more, see our latest whitepaper for an in-depth look at how organizations can use Windows To Go to empower and secure their mobile workforce.