IronKey

Mobile Data Security Blog

Home  »  Archive by category "Windows To Go"

by

Equation Group Attack on Hard Drives – What Can Your Organization Do?

 

This week Moscow-based Kaspersky Lab published a report that examines a group of hackers, the Equation group, and the depths they have gone to for many years to spy.  The report outlines the attacks in detail and highlights, “the group’s attack technologies exceed anything we have ever seen before.  This is the ability to infect the hard drive firmware.”

As you consider your options, keep in mind there are a number of approaches to prevent the Equation group’s attack against hard drives.  

 A fundamental feature that every enterprise bound hard drive should have is preventing its firmware from being altered by an unauthorized agent.  The best protection against this vulnerability is to use code signing for firmware updates. Such devices will not allow unsigned firmware to be loaded onto the device.  As a further level of protection if somehow unsigned firmware was present on the device, it simply will not operate.

For your external hard drives I suggest these be replaced as soon as possible with drives that support firmware signing.

Protecting your internal hard drives is more difficult.  These drives could be infected at any time by self-replicating code such as “Fanny”, physical media (e.g. CD-ROMS), USB devices susceptible to BadUSB, and Web-based exploits. Swapping out internal hard drives is an expensive and time consuming proposition.  One option is to immediately switch to a Windows To Go flash drive that supports firmware signing for all of your critical systems as a hard drive replacement. 

Windows To Go equips users with a portable Windows corporate image.  It uses the flash drive as the system disk, completely insulating the user from the risk of any hard drive infections on the onboard hard drive. This is significantly less costly than replacing the computer’s internal hard drive with a FIPS-approved hard drive and can be easily done in the field without having to pull apart the computer. And, as an added benefit, Windows To Go drives can be centrally managed enabling organizations to track the devices and disable them if lost or stolen.

IronKey™ secure USB hard drive, flash storage and Windows To Go devices are not vulnerable to the Equation group’s malware or the BadUSB attack. IronKey’s leadership in security, including its use of digital signatures in all controller firmware, makes its products immune to these threats.

 

 

by

SE Diaries: My Own Use Cases for Windows To Go

Our special guest blogger is Matt Drake, an IronKey sales engineer, who joined the company in 2013. 

As an IronKey™ sales engineer covering Asia Pac, I am always on the road constantly relying on my Windows To Go device. While my corporate laptop is my primary machine, I never leave home without my IronKey Workspace W500 64GB setup. This device allows me to utilize any Windows compatible PC as my corporate desktop. The separation of hardware and software components opens up a lot more flexibility for how people can consume IT.  My IronKey flash drive acts as my second work PC and personal crisis solution.

I have had the misfortune in the last six months with having two significant IT issues; both taking several days to resolve. Despite being a home-based worker who travels regularly (with no IT department at the end of the corridor to leap to my rescue), in both cases, my down time was minimal.

 A few months ago, I fired up my laptop and found it was unable to connect to any network, wired or wireless. So what did I do? I simply grabbed my W500 and booted my “broken” laptop into Windows To Go. Bingo. Everything worked as it should. This had the double advantage of proving the issue was software related, helping speed up the resolution, but more importantly, allowing me to carry on until our support team implemented a solution.

 Then, a few weeks later I had a laptop screen failure. Yes, this was fixed a day and a half later by the hardware vendor’s onsite support, but without my Windows To Go device as a backup, I would have been limited to using my laptop at home with a desktop monitor. Not great if you have to do customer visits. Instead I borrowed my wife’s MacBook and took that to the meeting, booting into my Corporate Windows desktop using my W500.

Fortunately IT failures are not regular events. They do happen, and often at the most inappropriate moments. Having a Windows To Go device in your pocket or brief case can save your bacon. I make sure I use mine fairly frequently so mail does not get too out of sync and Windows updates are not too far behind. I also use a real-time backup service on my primary laptop. The syncing of documents to either a cloud service or corporate file share not only provides a backup, but is also helpful for accessing data across multiple devices.  

Another key use of Workspace devices is to test software. When Microsoft released the Windows 10 Technical Preview, they stressed that it should not be used as a primary device. As a home based worker I have limited additional hardware to test software – no problem. I installed Windows 10 onto an IronKey W300 Windows To Go device. Adding Microsoft Office makes it a useable tool for most of my work, so I can happily explore this exciting new OS, safe in the knowledge my “real” corporate desktop is a quick reboot away.

 This is how I use Windows To Go to help me be more productive. What about you?

by

The Value of Encryption

With high profile security breaches such as the iCloud hack and the leak of celebrities’ private photographs hitting the headlines, the concern for the security of our own personal information and sensitive data is mounting. Apple’s response to the data breach was to increase the level of security following the incident with the introduction of default encryption on phones, demonstrating the importance of encryption as a safeguard to protect data.

Encryption is simply the translation of data into code, using a defined algorithm, and is considered one of the most effective means of ensuring data security. Access to encrypted files requires a key or password that enables you to decrypt it by restoring it to its original form. Whilst most data transmitted over a network is sent in clear text, by incorporating encryption algorithms, users can protect data and make sure that only the intended recipient can decode and read the information.

Although there are many different types of encryption, they all serve the same purpose: to keep our data protected and secure. Storing any sensitive information is inherently risky, but in order to do this effectively, action must be taken to reduce the risks of inappropriate disclosure.

Given that a large amount of data can be stored on USB’s, smartphones and tablets, there is a real danger that personal information could be compromised should such a device end up in the wrong hands. We recently published research which found that over one third of respondents would look at, or try to open/access a device if they found one , showing that even when mislaid devices are found by conscientious members of the public, the devices may be examined and opened.

The problem is that users want devices that are easy to manage, hassle-free and allow them to go about their lives securely. Measures such as optional encryption do not fit into this lifestyle. Users will not hunt down new security features, either because they don’t know they need them, or perhaps think they already have them.

Whether it is personal or corporate data, security needs to be a necessity, and users should be provided with everything they need to protect their intellectual property.

For businesses, encryption can be a simple and effective means to protect sensitive information. Being able to manage and track the encrypted data, knowing who has accessed it, from what location and on what devices that information resides is also essential.

A Windows To Go device is a securely encrypted, IT-managed USB drive that gives businesses control over what happens to sensitive data, and is easy to use. It contains a fully functional corporate Windows desktop. Employees insert the Microsoft certified USB drives into their home computers, hot desks, or tablets that feature USB ports, and they receive a secure desktop and secure access to all applications and data they use in an office setting.

Unlike a virtualised or online remote access solution, the portable workspace offers full host computer isolation, meaning documents cannot be saved to the host machine but are saved to the USB drive, which can be locked down and remote wiped if required, and all data will remain secure without the threat of a potential data breach.

Encryption is a valuable and essential tool for securing your data. Don’t give users the opportunity to be unprotected; security needs to be a default – not an option.

by

OMG – eWaste?!

 

The guys in engineering hired some contractors in India and were ready to send them a few laptops :“Stop!” I said.

“Contractors are a perfect use case for Windows to Go. Load up everything your contractors need on a secure PC-on-a-Stick™, including our IT-secured OS, applications, data, and VPN,  and then just mail them the devices – simple and quick. They can run from any computer they want. When they are done, you can remotely disable the device in case they “forget” to return them.”

“Naw, we’ve got a couple of older laptops sitting around and that’s the way we’ve always done it,” replied our head engineer.

“Well, do you what you want but remember I recommended that you switch to this cool, new technology.” I warned.

Two weeks later I checked with the guys and the computers were still hung up in customs. They had shipped them together and thought the total value had crossed some threshold that required more paperwork.

Another week passed and what do you know, the engineers were in my office.

One of the engineers asked, “can you put together a couple of WTG drives for us?”

“Sure can, will just take a few minutes. What happened to the laptops stuck in customs?” I inquired.

They stared at their shoes and looked a bit sheepish. Finally, one spoke up.

“Well, India has instituted a new regulation and they considered those laptops eWaste so they sent them both back to us”.

“E-Waste?!”  I laughed out loud. “So now you want to take my advice and send your contractors WTG devices – glad to see you have smartened up. And by the way, when those older “e-Waste” laptops get back here, they’ll run way faster with your WTG devices so don’t even think about asking for replacements. WTG adds years to a computer’s useful lifetime.” I said matter-of-factly.  E-Waste – ha!

by

The Problem With BYOD (Computers)

Sure, everybody is excited about BYOD. You can use your personal phone to make business calls and read your corporate email. But the real cost savings for BYOD is “bring your own computer- BYOC”. There is no need to purchase, maintain, and upgrade computers; we just let the employees do that.

But wait; there are two BIG issues with Bring Your Own Computer.  The first is an IT issue. The IT team has to install applications, security tools, and management software onto each employee’s laptop. That means IT has to support a range of computer types (including Macs) and OS versions, and deal with incompatible applications running on the employee’s personal device.

The second issue is all about end-user satisfaction. I can hear the screaming now.  “What do you mean you are going to install monitoring software, file scanning, corporate applications, and Internet proxies on MY PERSONAL COMPUTER??   How much space is that going to take? Does this mean Corporate can see my personal files?” My users will rebel.

Good news for IT and the end user –  both of these issues can be easily addressed with Windows To Go.  Let them use their personal hardware – Macs, PC laptops, tablets – but have them run their corporate workspace from an IronKey ”PC-on-a-Stick”  Windows To Go USB flash drive. They run IT’s corporate Windows image with locked-down security controls and policies, applications, and data, but IT never touches their personal hard drive. Complete isolation between work and personal environments!

If you want happy employees, let them use their personal PC, but have them use an IronKey Windows To Go drive and don’t touch their personal system.  This is truly win-win. IT saves a boatload of money and users have a portable corporate workspace they can plug into their personal laptop, a home computer, or a computer they borrow at work.  When was the last time you rolled out a major cost savings initiative and got happy users at the same time! BYOC – bring it on!

by

The Cost of Cybercrime

 

Hackers are holding the world to ransom with cyber-attacks costing the global economy more than £238 billion a year¹. These attacks damage the global economy almost as much as illegal drugs and piracy, with financial losses from cyber theft resulting in a potential 150,000 European job losses.¹ Cybercrime is a growing menace which is proving to be an ever growing challenge for individuals and businesses. US retailing giant Target saw its earnings drop 46% after an attack that leaked more than 40 million customer credit card details², whilst eBay and Office have also been ‘hit’ this year, with customer data compromised.

Despite these devastating implications, the public, corporates and their employees continue to be careless with their valuable and highly confidential data –residing on laptops, tablets and mobile devices. Cyber espionage and theft of individuals’ personal information is believed to have affected more than 800 million people during 2013¹, and our mobile working culture has made data security an even greater challenge.

With IDC estimating that over one million smartphones were shipped last year³, someone somewhere in your company is using a personal, mobile device to connect to a corporate network and download sensitive data – making your organization a sitting target for cybercriminals. Companies must equip their employees with the means to protect corporate data from threats such as identity theft and cyber espionage, whilst mitigating the dangers associated with unsecured devices and free Wi-Fi hotspots.

Mobile devices need to maintain the same high levels of security as office-based desktops and servers, with only IT provisioned laptops or tablets connected to corporate networks. But, the best way of ensuring hackers can’t gain access to your company data, is by storing all your data on a secure fully encrypted Windows To Go USB flash drive. It provides employees with an IT managed and provisioned Windows workspace that replicates their secure office desktop environment, on any device that the USB is plugged into. This also means IT departments do not need to deploy individual computers but rather can deploy the Windows To Go workspace on USB drives which saves time, resources and introduces vast cost savings.

Staff awareness plays a crucial role in protecting the company network against cybercrime. Often under-estimating the inherent security risks of using personal devices in the office, employees must be educated to handle these responsibly – on a proactive, ongoing basis rather than waiting until a security breach occurs, when it’s too late.

With so many high profile security breaches making the headlines, organizations want to know that corporate data is secure at all times, regardless of where it resides, whilst employees need the flexibility to work remotely. Cybercrime can have a devastating impact on your business in terms of cost and reputation. Your organization can’t afford to be tomorrow’s headline…

 

Sources:

¹McAfee report, June 2014 – Net Losses: Estimating the Global Cost of Cybercrime

² http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

³ International Data Corporation (IDC)Worldwide Quarterly Mobile Phone Tracker, Jan 2014

 

 

 


 

 

 

by

Computer Breakdown – How My Windows To Go Drive Came to the Rescue

 

You know I’m a fan of Windows to Go . There are so many benefits it is hard to describe them all. The other day I was attending a tradeshow in San Francisco, staying in a swank hotel overlooking the bar next door. I brought my laptop so I could work in my room, but as you might imagine it was running from my PC on a Stick. The laptop was just my workhorse. After dinner, I headed back to my room and powered up the PC, and… NADA! It went part way through its boot sequence and then froze. I rebooted multiple times, pulled out the power supply, even did my reincarnation voodoo dance, but all to no avail. Of course I needed to urgently update a slide presentation before an analyst meeting in the morning – what was I to do??

I was at the show with one of my sales guys, and I knew he would be out drinking most of the night. I quick texted him and got him to drop off his laptop before he headed out. He mumbled something about not wanting to give me his password but I assured him it was not needed – I wouldn’t touch the hard drive on his precious laptop.

I plugged in my USB drive, booted his laptop, and up came my workspace, including the not-yet-completed slide presentation.

“Cool! I’d like to know how you did that, but I’m just a salesman. Also, I’ve got to have that laptop back in the morning without your stuff all over it,” he said.

“No worries, all my work goes into this little PC on a Stick.” I replied with a smile.

Well, the next morning I returned his laptop unscathed, met my colleague, borrowed his laptop to boot my WTG device, and walked him through the presentation. He was so enamored with my WTG drive that he hardly paid attention to my presentation but promised he would give me a very favorable write-up.

by

Travel Light and Secure

 

Hi, I’m Peter. I’m a Senior IT guy working for a big, growing enterprise.  I set the strategy and I’m responsible for the execution of IT infrastructure in my organization.   I need to worry about cost, security, and keeping my customers happy. We have pretty solid IT processes leveraging Microsoft tools, so I’m not about to set my IT team on some wild new solution that requires years to integrate. Recently, after a big meeting with the execs on cutting costs, I came across Windows to Go from Microsoft. Here is a solution that is secure, can save tons of money, make my customers happy, and fits into my IT workflow – Freakin’ SWEET!  My CISO stood up and applauded when I presented this to senior MGMT.  Needless to say I’ve become a big fan. In fact, they call me Windows To Go Guy around here. There are so many ways to apply this technology across my organization. I don’t get a commission on this stuff – I just love cool technology that makes sense. Here’s my blog entry:

Disclaimer: This blog is based on real Windows To Go ® use cases.  The character is fictitious to protect the names of our customers.  Any resemblance to actual customers is coincidental and not intentional.

I’m a Windows to Go guy. I carry my workspace around with me in my pocket, wherever I go. I don’t have to worry about hiding a laptop under the car seat. I don’t have to worry about it sliding off the seat during a sudden stop and I don’t need to try fit it under my coat during a sudden downpour.

One evening after work I had promised to stop at the local store to pick up some groceries. In line ahead of me were some military personnel dressed in camo. I noticed one person was carrying her laptop.
“Hey folks, I really appreciate what you guys do for our Country, but tell me, what’s with the laptop in the grocery store-are you expecting an email from the president?” I joked.

The corporal replied, “Military rules- laptops can’t leave our side. We even take them into the bathroom”.

“That stinks,” I replied.  “Let me show you something,” I replied. I whipped out my IronKey Workspace W500™, my PC on a Stick™ and explained that this was my laptop, FIPS secured against the worst imaginable attacker. It is virtually indestructible too, and I intentionally dropped it onto the hard tile floor to make my point.

“I have got to get my hands on one of those” she said.

“You are right about that, we can make your next bathroom or grocery stop a much more pleasant experience.” I replied.

by

Day One IT Integration for Mergers Using Windows To Go

 

A good friend of mine heads up IT for a successful Silicon Valley networking company. I met him for a beer recently and he looked as down as I’d seen him when his company was dealing with the Heartbleed issue. His company had just gone through a painful acquisition of a global high tech company and he was responsible for ensuring a smooth day one transition. As you know on the day of the acquisition, all the new employees need to have email access, intranet access, connections to corporate servers, VPN access, corporate wireless etc. They also need to continue accessing their existing services to make sure there is no disruption of the business. It can be an IT project management nightmare and my friend had miraculously pulled it off without a hitch.

“Why so blue, Superman?” I asked. “I hear you are the hero of IT!”

“Yeah, but guess what? We just announced another acquisition with 1000 employees, and this one closes in 6 weeks!” he replied. “Never fear, my friend. Let me buy you another beer and introduce you to my workspace in a pocket, PC on a stick,” I said with confidence.

I proceeded to lay out the following plan. Suppose you configure 1000 Windows To Go devices that provide all the applications, access tools and rules, and even personalized documents welcoming each new employee. Then on day one you welcome everyone to the new company and hand them their Windows to Go devices. They plug these into their existing work computers and, voila, they are fully operational on their new corporate systems. But they still need to access their old systems to do their day job. So, you unplug your PC on a Stick™  device to access your old system and plug it back in to access the new. Now, IT can do a step-wise conversion of groups and departments over the next weeks and months starting with the highest priority groups.

“I’m buying the beers…” he replied as a grin came to his brightened face. “This hero stuff is getting easier all the time!”

by

IronKey Workspace W700 Drives with FIPS 140-2 L3 Set New Standard in Mobile Workspaces

 

Great news for government and other highly-regulated enterprises that require a FIPS 140-2 Level 3 Windows To Go drive— IronKey Workspace W700 ™ drives are now available!   Our W700 PC on a Stick™ drives are the first Microsoft-certified Windows To Go devices to be FIPS 140-2 Level 3 validated. Now you can enjoy all the benefits of Windows To Go while meeting strict data security mandates.

Why is this Significant for Government Agencies?

If your agency is looking to provide mobile workspaces for your contractors, field workers, employees who want to BYOD or telework, this solution is a “no brainer”.  The Windows To Go approach is up to 90 percent more cost effective and more secure than issuing a new laptop or using VDI.  Visit our use case section to learn how agencies are using Windows To Go today (link to Use Case section).

What is Windows To Go?

Windows to Go is an enterprise feature of Windows 8.1 that lets people be productive from almost any location they choose to work by inserting the Windows To Go USB drive into any compatible PC of their choice. An organization’s corporate image, operating system, applications and data are all contained on the Microsoft-certified IronKey Workspace USB drive. The host PC boots completely off the Windows To Go drive using local resources such as monitors, CPUs and network connections.  The Windows To Go drive can be centrally managed and offers remote wipe features to protect against loss and theft. The Windows To Go solution is ideal for mobile workers, teleworkers and contractors, fueling secure “Bring Your Own Device” (BYOD) strategies that allow employees to use their home PCs for work.

IronKey Workspace W700