IronKey

Mobile Data Security Blog

Home  »  Archive by category "IronKey" (Page 2)

by

Encryption and Management are the Keys to Securing the Mobile Workforce: Secure Mobility Face-off, Part 2

 

I’m perplexed. Why don’t more companies encrypt their employees’ sensitive data? There is no technology barrier and the cost is insignificant compared to the cost of a data breach.

In a world where a data breach can cause tens or hundreds of thousands of dollars in fines that are only magnified by negative publicity, why wouldn’t every organization simply enforce encryption on data at rest – in servers, on laptops, and on USB drives – as a basic standard for doing business?

The need for encryption everywhere is further magnified by BYOD. IT leaders are waking up to the opportunity to extend BYOD strategies to PCs using technology like Windows To Go to reduce costs and improve productivity.

With Windows To Go, users can now put their entire Windows 8.1 operating system with their applications on a certified Microsoft USB drive, e.g., your whole PC on a Stick ™. The drive should be encrypted and ideally hardware encrypted to protect your private files from both brute force and physical attacks.

Strong Mobile Device Security – Encryption + Management

But encryption only gets you so far. What if a formerly trusted employee walks off with their drive, or what if their password is compromised? As an IT customer at a university recently told us:

“An unmanaged USB is like a time bomb.”

Encryption and management go hand in hand. Management improves the user experience by automating authentication for lost passwords. Systems like IronKey Enterprise Management ™ allow devices to be tracked whenever they are plugged into an Internet-connected PC, and even enable remote kill commands, so that a lost device can be completely disabled from afar.

This capability means that in a BYOD scenario, a hardware encrypted, IT managed Windows To Go PC on a Stick actually offers greater security than the typical PC deployment!

If you want to learn more, see our latest whitepaper for an in-depth look at how organizations can use Windows To Go to empower and secure their mobile workforce.

 

 

by

Secure Mobility Face-off: Windows To Go vs. Laptop and VDI

BYOD is a game changer for the mobile workforce, and IT leaders are waking up to the opportunity.

One case in point: State Tech reported that Fairfax County, VA is issuing Windows To Go drives to employees who work remotely, “improving productivity and reducing the number of employee-owned PCs that IT must support.”

“There’s nothing to install or configure. Employees simply plug the drives into their Windows 7– or Windows 8–compatible PCs or other devices, connect to the county network via a virtual private network, and work anytime, anywhere.”

Microsoft’s Windows To Go – an enterprise feature of Windows 8.1 – is a simple, cost effective way to liberate the corporate desktop from any single device by placing a full version of Windows 8.1, applications, security tools and policies onto a secure USB 3.0 stick. Employees and/or contractors now can work securely on most any laptop or tablet with a USB port.

Imation™ was an early proponent of the mobile USB workspace, so it’s gratifying to for us to see the growing excitement and adoption of Windows To Go among both enterprise and government organizations. As we meet forward-thinking IT leaders at seminars, trade shows, events around the world, it’s increasingly clear that Windows To Go represents an exciting and pragmatic new way to work for teleworkers, contractors and road warriors – and even students and teachers.

IT needs to keep evaluating new ways to increase security, manageability and flexibility for a mobile workforce while managing costs. In this context, we’re hearing from customers that Windows To Go delivers advantages over laptops in five key areas, as illustrated in our infographic, below:

  • Cost – The Windows To Go drive can be the D in the BYOD strategy, costing 1/5 to 1/10 what it would cost to deploy a laptop – a benefit for BYOD strategy and easing replacement costs for lost or stolen drives.
  • Security – The Ponemon Institute reports that only 31% of lost or stolen laptops were enabled for encryption. Standardizing on a Windows To Go certified, hardware encrypted USB 3.0 drive dramatically improves security from data breaches.
  • Manageability – Windows To Go lets you centrally manage the OS just as you do with laptops. In addition, innovations such as the IronKey Enterprise Service add the ability to track Windows To Go drives and do remote wipe or remote detonation if they are lost or stolen.
  • Deployment – Windows To Go drives are easy to deploy, lightweight to carry, and less costly to ship. And with provisioning tools, even hardware encrypted drives can be deployed centrally by the dozen.
  • Resilience – IDC report that 86% of organizations have had laptops lost or stolen, and more than half of those reported a security breach. A ruggedized, hardware encrypted drive like the IronKey Workspace W500™ resists both physical damage and physical tampering, and is useless to a thief if lost or stolen.

Of course, you can’t use a Windows To Go drive without a laptop. But when the work environment is on the move and BYOD is changing the rules of the game, Windows To Go delivers for IT and employees across multiple fronts.

We plan go into each of these advantages in more detail on the IronKey blog over the next few weeks, so watch this space. Comment below to share your thoughts in the meantime.

And if you want to learn more, download our latest whitepaper, an in-depth look at how organizations can use Windows To Go to empower and secure the mobile workforce.

Infographic Image

by

Sochi Games and Windows To Go – BYOB — Bring Your Own Burner

With reporters just starting to show up at the Sochi Games, their horror stories are emerging on everything from yellow drinking water, poisoned dogs and roofless hotel rooms to a hacker heaven. Digital connectivity and security are going to be hot topics and major issues during the Games. The IronKey Workspace™ for Windows to Go, a PC on a Stick™, is a great solution for anyone traveling to Russia. Here’s why:

Russia has LAWFUL interception of ALL communications. There is ONE network, completely government controlled. What this means is, if you want to be online — unless you are working on a highly classified government network from your country of origin — you WILL be monitored and almost certainly hacked.

Even if you have a VPN, the Russian network will own your PC, your credentials, your certificates, etc. So you’re toast.

But you have to be connected and get work done. What do you do?

Take three things on your trip:

  • IronKey Workspace W500™ for Windows To Go, with your needed applications and public files. You can plug the Windows To Go drive into almost any computer, work solely from the USB stick and not leave a trace behind.
  • Laptop, with the hard drive either disabled or removed (just to be safe)
  • Burner cell phone – buy with cash.

The good news is you can be connected this way without digital harm. The bad news is that, while you’re in Russia, you’ll have to assume all of your communications are public and not secure.  But you can stay completely connected, be productive, and still be safe when you return home.

While in Russia, you can use Windows To Go in your laptop, do all your work with your regular applications and stay connected to home base. The Windows 8.1 operating system you load on Windows To Go must contain applications and files that are not sensitive, because once you log on to the network, you need to assume anyone can see them and know it’s you. Same thing with when you use your cell. Even burner cells can be traced and triangulated. Just ask the DEA.

Once you get home, have IT re-provision your Windows To Go device. Or do it yourself. Load up all your applications and files, including all the sensitive ones. Windows To Go can be used again, completely securely in other countries. You can use it with your regular laptop or the drive-less one you got for the trip. Destroy the cell just like in cop shows.

Bon voyage!

 

w500-sidebar

by

Microsoft Interview: Windows To Go, Year One

When Microsoft launched Windows 8 in late October 2012, Windows To Go was immediately identified as a “hot” feature, designed for IT and perfect for BYOD.  The concept is both simple and powerful: your own fully manageable, corporate image installed on a bootable, certified USB drive.

As a key provider of certified drives for Windows To Go with our own IronKey Workspace solutions, we thought this would be the perfect time to ask our friends at Microsoft to reflect on the first year of Windows To Go.  The result: the following interview with Craig Ashley, Senior Product Manager at Microsoft for Windows  To Go.

Ashley_2x3

Microsoft’s Craig Ashley

How has the reaction been to Windows To Go since its introduction last year? Have there been any surprises?

I can honestly say it has been very positive. We developed Windows To Go with this idea that for customers that fall into a range of scenarios, from bring your own device to traveling light on the go, we could fit a full version of Windows on a USB drive and enable customers to have their own full version of a PC on a stick that fits in their pocket. This meant large enterprises with contingent staff or companies that had shared PCs or highly mobile staff could have a seamless PC experience regardless of the device they were on.

We have actually been surprised by how many customers are coming out with new and innovative scenarios. One of those was during the 2012 London Olympics.  Like most businesses last summer, the Imperial College Healthcare NHS Trust faced significant potential challenges to its ability to provide high quality care and services due to the Olympics pressure on transport networks in the city, which could prohibit staff from making it to work.  They originally thought the only solution was to provide staff new laptops.  However, Windows To Go provided a far more cost-effective and seamless solution that not only allowed their staff to successfully work remotely, but was simple to roll out.

Which vertical markets have really expressed an interest in Windows To Go?

We see interest across quite a few vertical markets. For example in healthcare and the public sector, Imperial College Health Care NHS Trust (which I previously mentioned) and the IT staff in Fairfax County, Va. see a good fit for teleworkers or remote workers who can boot Windows To Go on their own devices, as it allows them to use their device of choice and saving the companies the additional costs associated with managing a BYOD device. Another example is in manufacturing, where Boeing is currently piloting Windows To Go drives to sourced employees or contactors instead of a PC. One last example I’d like to share is in the airline industry, where Emirates, an international airline, distributed Windows To Go to use on their Windows 7 tablets for testing a new app at home before deploying the final version of the app on a Windows 8 tablet.

Other than government and regulated industries, are there any surprise industries that are testing Windows To Go?

We have seen interest across a wide range of industries. While the interest in Windows To Go is broad, the reasons for testing, piloting and deploying are similar: Windows To Go is just Windows 8.1, but on-the-go. By that I mean enterprises can manage it, deploy it, load applications on it, track it, and secure it just like they would their other Windows devices. For example, if customers use Windows To Go for contractors or remote workers, they can deploy using their existing processes.

Are you finding that most Windows To Go testers were already on the path to Windows 8 or are you finding that Windows To Go is a catalyst for Windows 8 adopters?

With Windows 8, we helped our business customers enable new scenarios for achieving everything from business efficiency to new forms of customer engagement. Some were already interested in great manageable Windows tablets. Some customers were excited by the security capabilities that Windows 8 offers. And some businesses are really seeing the value of Windows 8 through Windows To Go enabled scenarios.

With the launch of Windows 8.1, are more businesses familiar with the benefits and features of Windows To Go?

Absolutely. With any new feature or product there is always a learning curve associated with it. Windows To Go was first released last year with Windows 8, and since that time we have been continuously talking to customers, listening to feedback, and creating documentation necessary to educate users across a wide range of Windows To Go topics. One example and one that I am sure the IronKey team is very knowledgeable on is the fact that Microsoft only supports drives certified for Windows To Go. We have written blogposts and online documentation to be sure that customers understand this and many other Windows To Go requirements.

How long are prospects testing Windows To Go before they commit and what’s the size of the commitment (are they rolling it out slowly, just certain employees or across the board)?

Customer test plans and timelines vary by use case, industry, and the size of the Windows To Go deployment under consideration. Because Windows To Go is just Windows 8.1, customers are able to test and evaluate Windows To Go alongside their broader Windows 8.1 deployments.

Is Microsoft encouraging employees to adopt Windows To Go? What has your experience been like?

You bet. At Microsoft we always “dogfood” our own products. From the initial stages of launching Windows 8, Microsoft employees have had access to create Windows To Go drives. Our internal IT teams have created documentation that outlines the steps and processes for us to create and employees can use Windows To Go for a variety of reasons. I have two drives that I use on an ongoing basis, one for demoing Windows To Go and one for my day job. Many nights when I pack up to go home I simply grab my Windows To Go drive, my keys and head for the door. If I need to do work at home, I use the drive on my home office desktop, so there is no longer a need to carry my laptop and bag with me every time I leave now.

 

by

IronKey Workspace for Windows To Go Review

Now that it has been certified by Microsoft, I was very excited to get my hot little hands on the IronKey Workspace W500 — the new platform from Imation for Windows To Go — and try it out for myself.

Imation's IronKey Workspace

Windows To Go is an enterprise feature of Windows 8. The implementation on the IronKey drive essentially lets you create an IT provisioned and managed PC on a Stick(tm) for work. You can use it securely on the work PC, then lock it down, unplug it, and then use it securely at home. The cool part is that when you’re using Windows To Go on an IronKey Workspace drive, everything from a data stand point is happening on the IronKey Workspace — the hard drive in the host computer is locked away from your workspace-on-a-stick.

As you can see, the IronKey Workspace looks great… a slick, simple, iconic design. The hard metal case is designed to resist damage and water, and to prevent unwanted tampering. Inside, AES 256 hardware encryption makes the data unreadable without a password, and the IronKey Cryptochip makes the encryption keys unreachable by even sophisticated bad guys.

But enough about the specs.  How does this thing work? Let’s get started.

The IronKey Workspace W500 is based on the iconic IronKey design.

In your typical enterprise, IT would use Windows To Go to either provision the drive for users, or to allow individuals to make their own Windows To Go devices on certified drives. The result is a corporate OS image on each IronKey Workspace. For this review, the IronKey Workspace had already been provisioned with a trial copy of Windows 8.0.

To get started, I plugged the drive into the USB port and pressed the power button. We immediately see something new — a Windows 8 symbol on my laptop PC — which normally runs Windows 7. If my PC hadn’t already been configured to boot from USB, I would have needed to make a quick adjustment to the Boot Options by hitting F12 during the initial boot up process.

Booting up Windows To Go

The drive opened up a preboot environment and asked for an admin password.

Entering the IronKey Workspace's preboot environment.

The IronKey unlocker explained that the drive needs to reboot. This is a security feature for the hardware encrypted drive. It ensures that no one can get near Windows or the data on the drive until they have proved who they are to the Cryptochip.  The preboot process also ensures that the IronKey Workspace connects to and accounts for the hardware configuration on the host PC — network connection, camera, sound, and more.

The IronKey Workspace reboots for extra security in Windows To Go.

And, after about 2 minutes, it was up and running on Windows 8. I spent a minute or so in the Windows 8 control panel to align the PC screen and the monitor, and I was ready to go! By the way, the next time I booted up the IronKey Workspace, because the device had already profiled the hardware on this machine, the boot process took about half the time.

Windows To Go runs the OS from the IronKey USB stick, but it let's you take advantage of the PC's hardware.

Another first time process — Windows 8 noted necessary updates to the anti-spyware and anti-virus programs. These were handled seamlessly. It also asked for a product key; as a trial copy, we didn’t need to do this.

A quick Windows 8 software update.

Now let’s put this PC on a Stick through its paces. The camera worked….

Windows To Go working seamlessly.

…as did the speakers, and the network connection. Tip: If you’re in an office don’t forget to turn down the volume before clicking on the latest from Macklemore & Lewis!

That's "Can't Hold Us" by Macklemore & Lewis on Windows To Go.

One point to note: The Windows Store is not available on Windows To Go workspaces in Windows 8.0. The Store will be available on Windows To Go workspaces made with Windows 8.1 when it ships in a month or so.

Windows Store comes to Windows To Go in Windows 8.1.

Web conferencing was seamless.

Discussing our next trade show via web conference.

We don’t have Office on the Windows 8 trial, so I downloaded and installed Evernote for Windows onto the IronKey Workspace to write this review. Installation was as quick and easy as it would have been on the hard drive. In fact everything I did was fast.  Even though I was running off of the external IronKey Workspace drive, the PC performed every bit as well (and maybe even a little better) as it would if it had been running off the internal hard drive.

Working on Evernote for Windows on the IronKey Workspace for Windows To Go.

In Evernote, I was able to type at top speed with zero latency. This ability to work productively offline is a key advantage of Windows To Go over online-only solutions like VDI.

Conclusion:

Overall, as I wrote this review, checked email, participated in a web conference, listened to music and took pictures, it was easy to forget that I was running the OS and applications on a USB drive instead of the hard drive.

And for Windows To Go and the IronKey Workspace, that’s exactly what you want.

by

3 Tips For Enabling Data Security and Mobility at Government Agencies

October marks the end of the US federal government’s fiscal year, and Imation’s mobile security experts are very busy discussing the benefit of our solutions with IT staffs at various agencies. We typically see an increase in interest near the end of the fiscal year, but there are a couple of reasons why our IronKey secure USB solutions are more top-of mind this year than in the past.

There is an increased focus from government agencies on enabling computer mobility. Like many other sectors, government agencies understand that mobile devices make employees more productive, a fact which was backed up as recently as May in an 1105 Government Information Group report. IronKey secure USB data storage devices and IronKey Workspace Windows To Go solutions enable end user mobility, as government employees can take their data and desktop environments with them wherever they go securely.

Microsoft Windows 8 spotlights how USB devices can serve as a secure, mobile computing alternative for BYOD. Microsoft cites Windows To Go, which enables a fully functioning Windows desktop to be booted from a USB device, as a key enterprise feature of Windows 8. Government agencies are taking notice.

At the same time, government IT staffs are justifiably concerned about security. The same 1105 Government Information Group report cited earlier notes that agencies are providing their employees with agency-issued devices, primarily because they are worried about the lack of control. A government mobility policy in these situations shifts away from BYOD, since employees cannot bring their own devices.

Any solution involving mobile devices (whether through employee devices or agency-provided devices) must include policies and technology to protect against data leakage or misused data.

In general, we offer these tips as part of such policies:

1) Access control: Agencies must establish and enforce strict methods for granting device access.

2) Auditing: IT departments should schedule frequent audits to make sure that devices are in the right hands and are being used appropriately.

3) Remote kill: Government agencies should deploy mobile solutions that enable remote kill capabilities, so that devices can be erased or destroyed if they fall into the wrong hands.

by

Enabling BYOD with a Secure Windows To Go IronKey Workspace

We have now announced Microsoft certification and general availability of our IronKey Workspace W500. Microsoft’s certification process is a rigorous one, so we are extremely pleased to put this stamp of approval on our latest Windows To Go solution. And we’re excited to bring our secure PC on a Stick platform to the Windows To Go solution set.

According to Intel’s IT Manager survey on the current state of BYOD, one of the two largest barriers to BYOD adoption is that the devices used by employees cannot support security, encryption or remote wipe.  The IronKey Workspace W500 solves IT managers’ security concerns with its hardware based encryption, ability to issue ‘silver bullet’ commands to remote wipe the device, and centralized management.  The IronKey Workspace W500 is truly an IT provisioned, IT managed and IT secured device that fits into your network.

intel barriers snap

Source: Intel

Gartner predicts that half of companies will require BYOD in 2017, and as this trend spreads from mobile phones and smartphones to the PC, our Windows To Go workspace offerings position us strongly in this space. Strong market interest in our solutions backs up this trend – for example, we have initiated pilots large organizations that are interested in deploying thousands of devices. Use cases we are seeing include:

  • Executive travelers are seeking to bring a secure device to insecure countries, instead of a laptop.
  • Government agency looking to provide a way for employees to telework securely, using the workspace device on their home PCs.
  • A hospital is looking at providing secure workspaces to medical residents instead of providing PCs –a 10X cost savings.
  • Top universities are testing IronKey Workspaces for their students to use in computer labs, and then to allow them to bring their computing environment home.

Our new IronKey Workspace W500 represents a powerful, secure PC on a Stick offering for enterprise customers. This is a high-performance, ruggedized, high-security platform for organizations who see opportunity in using Windows To Go to support their BYOD initiatives.

You can learn more about the IronKey Workspace solutions at http://www.ironkey.com/en-US/secure-workspace/index.html.

by

California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.

by

The Security You Need

Organizations have different security needs, and different departments require different levels of security. When we brought together portable USB security leaders MXI Security, IronKey™, and Imation’s Defender™ collection to form the Imation Mobile Security group, our opportunity was to bring together the best of these technology leaders, so we could have a portfolio of products to satisfy all security levels.

Today, we are announcing that we have unified these powerful technologies under the IronKey brand, one of the most trusted and recognized in the security business. Beyond the iconic IronKey secure flash drives, the Imation Defender Collection is now included under the IronKey brand.

The overall result of this rebranding is a simpler, more streamlined product set.  Customers now can turn to the IronKey portfolio for hardware encrypted USB flash and hard disk drives with biometric authentication, manage drives with the IronKey ACCESS ™ on-premise device management system, and find encrypted USB drives compatible with McAfee ePO software. All this in addition to the iconic IronKey 250 drives – called The World’s Most Secure Flash Drive™ — and the new IronKey Workspace family for Windows To Go.

secure-portable-storage-products-large (2)

IronKey Secure Portable Storage Products

Visit www.ironkey.com to view the full portfolio, and find the right solution for your organization.

by

The 4 Benefits of USB 3.0—Are You Ready For This?

The USB flash drive is back. Often an afterthought in the buzz about BYOD, USB flash drives is once again becoming increasingly indispensable tools for the mobile worker.

What’s driving the resurgence of the USB stick?

  1. Windows To Go – Windows 8 Enterprise features Windows To Go, which lets you create a bootable, full featured Windows 8 desktop that runs securely from a certified USB drive. The solution is ideal for teleworkers and contractors who might want to use their own compatible computer setup but in a secure corporate environment. 
  2. Speed – Compared to the 12 Mbps speed of USB 1.1 and the 450 Mbps of USB 2.0, the “SuperSpeed” interface of USB 3.0 tries to live up to its name with a theoretical 5.0 Gbps (5,120Mbps) of bandwidth.
  3. Power – With a constantly expanding list of accessories and portable devices, bus-powered hardware has been pushing the limits of what USB 2.0 could handle. First, the 3.0 specification allows up to 80% more power consumption for devices running at “SuperSpeed.” Second, USB 3.0 includes an enhanced version of the USB-B connector called Powered-B, which allows USB accessories to draw power from peripheral devices, as well as hosts.
  4. Crossover Connection – In trying to establish a more robust ecosystem of USB devices, new features are implemented in the USB 3.0 to allow for cross-communication between hardware. USB 3.0 includes an established method of host-to-host communication through a crossover USB A to USB A cable. Additionally, USB 3.0 builds on the “USB On-The-Go” principles of allowing portable devices, such as smartphones, to act as either a USB device or a USB host, increasing their feature set and usability with existing USB devices.

It is this speed and power that make USB 3.0 drives the platform for USB drives certified for Windows To Go. Using USB 3.0 drives like our IronKey Workspace deliver a seamless experience booting and running Windows and productivity applications from a USB drive rather than the internal hard drive. This next iteration of the USB is really exciting as increased speeds, power and connection will prove beneficial to the mobile workforce.