IronKey

Mobile Data Security Blog

Home  »  Archive by category "Uncategorized"

by

Windows XP Users – Have No Fear – Windows To Go is Here

 

It doesn’t have to be doomsday for the Enterprise hold outs looking to migrate off Windows XP.   With security and cost considerations heavily weighing on the decision to upgrade, the time to make the move is now.  And the good news is that there is a viable way to more easily transition off Windows XP to the latest Windows OS: the path is Windows To Go.  Microsoft Windows To Go is Windows 8.1 on a USB flash drive that you can boot on any compatible PC.  Simply put, it’s a PC on a Stick.  Now you may be asking yourself questions such as “How do I get Windows To Go,”  “How much does it cost,” and “How secure is it?”

Windows To Go, one of the most exciting enterprise features of Windows 8.1, enables workers to be productive from any location using a compatible PC of their choice. This solution is ideal for mobile workers, teleworkers, contractors and organizations that want to extend the life of their old computing machines.   Now, just imagine how easily you can manage the XP end of life issue. Instead of re-imaging all of your machines, just hand out Windows 8.1 desktops on USB sticks for use on your employees’ existing machines.  Thanks to Windows To Go, your employees can now use the latest Microsoft 8.1 OS while your organization realizes significant cost savings.

How do I get Windows To Go?  First let’s address the licensing aspect.  Organizations can get Windows To Go licenses for free if they have a Microsoft Software Assurance Agreement.  This means that with the Windows To Go rights under Software Assurance, an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.    If there is not an agreement in place, contact your local Microsoft representative.  Also, organizations don’t necessarily need to outfit their entire organization with the license; only those employees who need it.

Microsoft only supports Microsoft-certified Windows To Go USB drives. Certified drives are optimized to meet the necessary requirements for booting and running Windows 8.1 from a USB drive.  Enter IronKey USB drives, which have earned a reputation for being the world’s most secure storage flash drives.

With IronKey Workspace drives, workers can be equipped with a fully manageable corporate Windows 8.1 OS image complete with all their applications and security policies— all provisioned on a Microsoft-certified USB 3.0 drive.   You don’t even need to worry about malware or other security risks as the Windows To Go device boots directly off the workspace device— and not the potentially unsecured host machine.  Once the drive is installed into a compatible computer, the user can access the host PC’s hardware and resources such as monitors, CPUs and network connections.  With our advanced options including centralized device management and provisioning, IronKey Workspace can transform any compatible computer into an IT-provisioned, IT-managed and IT-secured workstation for a fraction of the price of issuing a laptop.

How much does it cost?  In the last year, several IronKey Workspace devices with various features in different capacities have become available.  The products start at US $129 with the hardware encrypted drives starting at US $175.

How secure is it?  The IronKey Workspace product line offers different levels of security– ranging from Bitlocker encryption to AES 256-bit hardware encryption.  The newest product, the IronKey Workspace 700, is currently undergoing FIPS Level-140-2 Level 3 certification, which will make this the most secure Windows To Go drive on the market.

So if you’re looking to move off of Windows XP, consider Windows To Go and IronKey Workspace a secure and cost-efficient way to make this a smooth transition.

 

by

Encryption and Management are the Keys to Securing the Mobile Workforce: Secure Mobility Face-off, Part 2

 

I’m perplexed. Why don’t more companies encrypt their employees’ sensitive data? There is no technology barrier and the cost is insignificant compared to the cost of a data breach.

In a world where a data breach can cause tens or hundreds of thousands of dollars in fines that are only magnified by negative publicity, why wouldn’t every organization simply enforce encryption on data at rest – in servers, on laptops, and on USB drives – as a basic standard for doing business?

The need for encryption everywhere is further magnified by BYOD. IT leaders are waking up to the opportunity to extend BYOD strategies to PCs using technology like Windows To Go to reduce costs and improve productivity.

With Windows To Go, users can now put their entire Windows 8.1 operating system with their applications on a certified Microsoft USB drive, e.g., your whole PC on a Stick. The drive should be encrypted and ideally hardware encrypted to protect your private files from both brute force and physical attacks.

Strong Mobile Device Security – Encryption + Management

But encryption only gets you so far. What if a formerly trusted employee walks off with their drive, or what if their password is compromised? As an IT customer at a university recently told us:

“An unmanaged USB is like a time bomb.”

Encryption and management go hand in hand. Management improves the user experience by automating authentication for lost passwords. Systems like IronKey Enterprise Management allow devices to be tracked whenever they are plugged into an Internet-connected PC, and even enable remote kill commands, so that a lost device can be completely disabled from afar.

This capability means that in a BYOD scenario, a hardware encrypted, IT managed Windows To Go PC on a Stick actually offers greater security than the typical PC deployment!

If you want to learn more, see our latest whitepaper for an in-depth look at how organizations can use Windows To Go to empower and secure their mobile workforce.

 

 

by

Secure Mobility Face-off: Windows To Go vs. Laptop and VDI

BYOD is a game changer for the mobile workforce, and IT leaders are waking up to the opportunity.

One case in point: State Tech reported that Fairfax County, VA is issuing Windows To Go drives to employees who work remotely, “improving productivity and reducing the number of employee-owned PCs that IT must support.”

“There’s nothing to install or configure. Employees simply plug the drives into their Windows 7– or Windows 8–compatible PCs or other devices, connect to the county network via a virtual private network, and work anytime, anywhere.”

Microsoft’s Windows To Go – an enterprise feature of Windows 8.1 – is a simple, cost effective way to liberate the corporate desktop from any single device by placing a full version of Windows 8.1, applications, security tools and policies onto a secure USB 3.0 stick. Employees and/or contractors now can work securely on most any laptop or tablet with a USB port.

Imation was an early proponent of the mobile USB workspace, so it’s gratifying to for us to see the growing excitement and adoption of Windows To Go among both enterprise and government organizations. As we meet forward-thinking IT leaders at seminars, trade shows, events around the world, it’s increasingly clear that Windows To Go represents an exciting and pragmatic new way to work for teleworkers, contractors and road warriors – and even students and teachers.

IT needs to keep evaluating new ways to increase security, manageability and flexibility for a mobile workforce while managing costs. In this context, we’re hearing from customers that Windows To Go delivers advantages over laptops in five key areas, as illustrated in our infographic, below:

  • Cost – The Windows To Go drive can be the D in the BYOD strategy, costing 1/5 to 1/10 what it would cost to deploy a laptop – a benefit for BYOD strategy and easing replacement costs for lost or stolen drives.
  • Security – The Ponemon Institute reports that only 31% of lost or stolen laptops were enabled for encryption. Standardizing on a Windows To Go certified, hardware encrypted USB 3.0 drive dramatically improves security from data breaches.
  • Manageability – Windows To Go lets you centrally manage the OS just as you do with laptops. In addition, innovations such as the IronKey Enterprise Service add the ability to track Windows To Go drives and do remote wipe or remote detonation if they are lost or stolen.
  • Deployment – Windows To Go drives are easy to deploy, lightweight to carry, and less costly to ship. And with provisioning tools, even hardware encrypted drives can be deployed centrally by the dozen.
  • Resilience – IDC report that 86% of organizations have had laptops lost or stolen, and more than half of those reported a security breach. A ruggedized, hardware encrypted drive like the IronKey Workspace W500 resists both physical damage and physical tampering, and is useless to a thief if lost or stolen.

Of course, you can’t use a Windows To Go drive without a laptop. But when the work environment is on the move and BYOD is changing the rules of the game, Windows To Go delivers for IT and employees across multiple fronts.

We plan go into each of these advantages in more detail on the IronKey blog over the next few weeks, so watch this space. Comment below to share your thoughts in the meantime.

And if you want to learn more, download our latest whitepaper, an in-depth look at how organizations can use Windows To Go to empower and secure the mobile workforce.

Infographic Image

by

Remote Working: Embracing Benefits and Overcoming Challenges

Remote working is here to stay. KPMG’s 2013 Global Assignment Policies and Practices (GAPP) survey reveals that organizations around the world “continue to invest in global mobility programs despite increasing regulatory and compliance challenges.” Whether or not your business opts for “use your own device” or “use our device,” it’s clear that any organization large or small must have the technology necessary to support a remote workforce.

The benefits mobility brings to organizations are many: the ability to tap a broader talent pool no longer contingent on geography, productivity gains as employees can work anytime and anywhere, and the cost savings associated with “hot-desking” and “hoteling.”

For employees, flexibility is paramount. Whether it’s to avoid a nightmarish commute, the need for unconventional hours, or the requirement to be on the road, the ability to work like you’re in the office can tip the productivity scale.

On the flipside, the challenge is to provide employees with technology that helps them be as productive as they would be on their office desktop. They need to feel part of the organization even when they are offsite. And it’s vital that all sensitive corporate information be protected, at all times, and that any work is done in complete compliance with corporate IT security policies.

Gartner’s most recent research, “Bring Your Own Device: The Facts and the Future,” predicts that by 2017, half of employers will require employees to supply their own devices. While employee-owned cell phones and tablets are fast becoming the norm, the jury is out as to whether or not PCs and laptops will become a part of the mix. Connecting the family PC to the organization’s network could be a disaster waiting to happen.

Win-Win: the secure portable workspace

Windows To Go, a feature of Windows 8 Enterprise, enables “PCs on a stick,” offering a new approach to mainstream enterprise and government organizations. Employers provide a secure, IT-managed USB drive that contains a fully functional corporate Windows desktop, bootable from pretty much any PC. Employees insert the Microsoft certified USB drives into their home computers, hot desks, or tablets that feature USB ports, and they receive a secure desktop and secure access to all applications they use in an office setting.

Unlike a virtualized or online remote access solution, the portable workspace offers full host computer isolation—documents cannot be saved to the host machine but are saved to the USB drive. At the same time, all of the hardware resources of the host computer are available to the user. Employees have access to the host machine’s network connection, sound, microphone, and camera. They experience graphics performance of the native machines. Employees will be able to use applications at full resolution, including the ability to view two documents at once instead of just one. Finally, the employee never has to worry about the speed or reliability of a network connection.

Among the handful of Windows To Go certified devices, the IronKey Workspace W500 is the device that meets all of an employee’s needs and IT’s security challenges. The IronKey Workspace W500 is designed to be rugged, dust and water resistant. It’s gone through Microsoft’s certification and Imation’s own rigorous read/write testing for use as a Windows To Go workspace. Users get sequential read performance of up to 400 MB/second and sequential write speeds of up to 316 MB/second. The W500’s 256-bit AES hardware encryption combines with strong, built-in password protection capabilities. IronKey devices can be managed by the IronKey Enterprise Server, so that the IT team can track and control the devices to effectively protect data, manage device inventory, lifecycle and maintenance. The management system offers full remote policy management, device tracking and, should the need ever arise, the ability to revoke users’ credentials. Just because the device is out of the office does not mean it is out of IT control.

With Windows To Go, organizations can implement a bring your own device strategy that provides an ideal work environment for the employee while providing the optimal level security for IT, no workarounds necessary.

by

California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.

by

The Thumb Drive Conundrum: Managed USB and Encrypted Flash Drives Attack the Insider Threat

The revelation that Edward Snowden absconded from NSA with secret files on a thumb drive has generated predictable gnashing of teeth about the use of portable USB drives in secure organizations. At the same time, government and business organizations are successfully implementing secure deployments of portable USB drives so that employees can transport data they need to be productive.

The technology issue is one of competing needs: To be productive, mobile employees need the mobility, offline storage and security afforded by USB drives. To secure data, IT needs control of how employees move information and what information is moved.

The fact is that today, IT can take control without blocking USB ports. We’re not sure what safeguards the NSA had in place, but there are technologies that could prevent or mitigate this kind of insider threat. For example, secure enterprise device management software can offer:

Device Location – with managed USB drives, software can show the locations of every managed device when they connect to the Internet on a map. This allows tracking of a device that has “gone rogue” and could aid in recovery.

The “Silver Bullet” – the ability to either password-disable or perform a remote kill to completely disable the device if it goes missing or someone is suspected of copying data they should not have on the drive.

Geofencing, IP Blocking – It is possible to add rule features so that unless the device meets certain conditions, the data is automatically wiped. For example, IT could enable “geofencing” so that if device is outside the country, the data is wiped – or if it is on an unapproved network, or outside a certain IP range.

Have a Consistent Data Security Policy

It’s really a matter of having a consistent policy for your data at rest.  Many organizations require their PCs and Macs to have full disk encryption enabled.  But that policy is not enforced when it comes to removable media like a USB drive.  By using a manageable and encrypted storage device you can maintain a secure policy for your data no matter where it goes.

If we look at the SANS Top 20 Security Controls, Critical Control #17 – Data Loss Prevention specifically addresses how best to handle sensitive data and prevent it from leaving your organization without permission.  The advice from SANS is to, “deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data,” and that “enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices.”

For workers who travel, teleworkers shifting between work and home, or contractors working with your data, a secure, managed USB thumb drive is more secure than online file sharing, and certainly better than unencrypted and unmanaged notebook computers, USB devices and smartphones. And management adds an extra layer of security against both external and insider threats.  IT can address a number of potential security threats by implementing policies that require uses to use encrypted flash drives.

by

Bring out the heavy hardware to protect passwords

Use strong passwords, un-guessable security codes and hardware encryption to defeat advanced threats

As long as you have a password in place, your data is protected, right? The number and types of breaches we saw in 2012 challenge this notion. From LinkedIn to eHarmony to Twitter, cyber thieves have been on the hunt to break the barriers of thousands of simple passwords. And what is most chilling? it’s not going to stop.

Passwords have been around since the dawn of the digital age, but they are not well understood. Simple, overused passwords can’t protect data from even low-skilled hackers. And people are people, and even when they are outfitted with The World’s Most Secure Flash Drive, need a reminder that making your password “password” is no longer (if ever) considered clever or safe.

With rising attention to data privacy and increasing risk of data breaches, there will be more encryption across all devices and platforms in 2013. Which means that it is never too soon to revisit the password. Here are four best practices organizations should follow to improve password strength their organization:

  1. Passwords must be longer, stronger and un-guessable
    Passwords protected in software are subject to offline brute force attacks, which is why web service hacks can be so devastating. Attackers can go through a database of passwords they have obtained and crack them at their leisure.  It is remarkable the number of individuals who use the password “password” or “123456”. These passwords are often the first ones breached by cyber-thieves, as can be noted in last years LinkedIn and Twitter breaches.

    • Instead, choose a unique password, with character complexity and a combination of both letters and numbers. A strong password should be at least 12 characters long. The rule is that the longer the password, the longer it will protect you. A good hacker can breach an 8-character password in a few days; a 15 character password might take a year.
    • To make the password even stronger, the character complexity should be at random, as complexity alone is not enough to stop a hacker in today’s digital age. Having a strong password makes offline attacks much more difficult for hackers.
  2. Remember Personal Information is Out There
    With today’s heavy social media presence, the names of your dog or your mother’s maiden name are no longer confidential information. The public has access to the information you post on your social media site, and unwittingly offer clues to clever hackers. When choosing security questions for password recovery, be mindful of the information that is public, and create passwords that revolve around something actually “private.”
  3. Use Hardware Encryption to Combat Advanced Software Threads
    Avoiding the threat of brute force attacks on passwords requires heavier hardware – hardware encryption, that is. A password protected in the right kind of hardware makes security simpler, because this kind of brute force attack to decrypt the password is not possible. The hardware will lock up after a low number of attempts (set by policy), and then the attack stops.

And finally, a bonus point: Remember to set strong policies and educate employees. Cyber-thieves are becoming more sophisticated, and strong passwords are the best defense. Organizations must create stricter guidelines for employee password security in order to keep their employee’s personal and the company’s corporate data secure.

by

Imation and the IronKey Brand

A Powerful Platform for Secure USB Storage

I hope you’ve seen our announcement today, that Imation will unify its Mobile Security portfolio around the IronKey brand.

Of course, some of you might be thinking: What’s the big deal about a brand?  Well, it actually is a big deal, for us and for you, too.  Here’s some background.
Read More

by

Using Telework to Keep Government Open

Secure mobile solutions, telework, and BYOD support government and business continuity

In February 2010, relentless blizzards, later termed “Snowmageddon,” forced government agencies in and around the DC area to shut their doors for a record-breaking five days. The price tag for the closings: roughly $71 million a day, according to OPM (Office of Personnel Management) Director John Berry.
Read More