IronKey

Mobile Data Security Blog

Home  »  Posts tagged "encrypted flash drive"

by

Thwarting the Insider Threat

 

Autumn is returning, reluctantly we’re turning our back on summer, and we are looking forward to the Holiday season. Undoubtedly, this comes with increased people taking vacations, working remotely, and the unlucky few taking their laptops on holidays. For many organizations, this is pretty risky business because the sensitive corporate information is now travelling along with their employees. Although many organizations rarely expect their loyal employees to steal company data, many are prepared for security attacks.

Following the Edward Snowden revelations in 2013, IT departments are now tasked with monitoring potential insider threats. Snowden’s work with US intelligence agencies put him in the position of a highly trusted employee, providing him with everything he needed to accomplish what he set out to do. There were no measures in place to prevent what was possibly the biggest information leak in the history of the US.

The risks come from those who intentionally misuse their access to data to cause a detrimental impact on the confidentiality and integrity of sensitive information.

Although there are a number of routes to secure intellectual property, if the authorities, from whom Snowden was stealing from, had a manageable and encrypted flash drive, such as an IronKey™ Windows To Go drive, they could have tracked the information from anywhere. Any activity on the drive could have been monitored from an on-premise or cloud-based management service. This would have ensured them the ability to restrict where the device could be used, or resort to remotely locking it down, so no one could access the data.

If data isn’t encrypted, its integrity can easily and quickly be compromised, and therefore it is essential to know where, and who, is accessing information. This can be difficult across a fragmented IT environment, however, companies need to be confident that if a device is considered to be compromised, they can remotely lock it down, wipe it, or initiate a self-destruct sequence to remove the data, to protect themselves and their stakeholders.

Protecting intellectual property should be a priority for all organizations. Disabling outdated user accounts when employees exit an organization, implementing policies with privileged account passwords, updating them regularly and limiting access to corporate systems, are all crucial to keeping data secure. That’s where the Windows to Go Drive comes in:  a secure, IT-managed, Microsoft certified USB drive that contains a fully functional corporate Windows desktop. Employees insert the Microsoft certified USB drives into their home computers, hot desks, or tablets that feature USB ports, and receive a secure desktop  as well as secure access to all applications they use in an office setting.

Unlike a virtualized or online remote access solution, this portable workspace offers full host computer isolation, which means documents cannot be saved to the host machine, but are saved to the USB drive.

This way, all data will remain secure without the threat of a potential data breach ensuring safety for all!

 

IronKey Workspace W700

by

The Problem With BYOD (Computers)

Sure, everybody is excited about BYOD. You can use your personal phone to make business calls and read your corporate email. But the real cost savings for BYOD is “bring your own computer- BYOC”. There is no need to purchase, maintain, and upgrade computers; we just let the employees do that.

But wait; there are two BIG issues with Bring Your Own Computer.  The first is an IT issue. The IT team has to install applications, security tools, and management software onto each employee’s laptop. That means IT has to support a range of computer types (including Macs) and OS versions, and deal with incompatible applications running on the employee’s personal device.

The second issue is all about end-user satisfaction. I can hear the screaming now.  “What do you mean you are going to install monitoring software, file scanning, corporate applications, and Internet proxies on MY PERSONAL COMPUTER??   How much space is that going to take? Does this mean Corporate can see my personal files?” My users will rebel.

Good news for IT and the end user –  both of these issues can be easily addressed with Windows To Go.  Let them use their personal hardware – Macs, PC laptops, tablets – but have them run their corporate workspace from an IronKey ”PC-on-a-Stick”  Windows To Go USB flash drive. They run IT’s corporate Windows image with locked-down security controls and policies, applications, and data, but IT never touches their personal hard drive. Complete isolation between work and personal environments!

If you want happy employees, let them use their personal PC, but have them use an IronKey Windows To Go drive and don’t touch their personal system.  This is truly win-win. IT saves a boatload of money and users have a portable corporate workspace they can plug into their personal laptop, a home computer, or a computer they borrow at work.  When was the last time you rolled out a major cost savings initiative and got happy users at the same time! BYOC – bring it on!

by

Savvy Security Users: IronKey USB 3.0 Hard Drives Now Available!

 

New IronKey™ USB 3.0 SuperSpeed Hard Drive – First to Offer Cloud Management

To all you savvy security users, here’s some great news! The IronKey Enterprise H300 USB 3.0 SuperSpeed external hard drives are now availableThese new devices can be managed in the cloud or on-premise with the same console used to manage IronKey Enterprise S/D 250 flash drives and IronKey Workspace W700/W500 devices for Windows To Go.

What does this mean for existing customers?

This product lets you enjoy the high-performance benefits of USB 3.0 while safeguarding up to 1TB of data on a USB hard drive.  If you want management capabilities, and are already using the IronKey Enterprise Management Console for IronKey Enterprise flash drives or our secure workspace devices, then all you need to do is add this device. Quick and easy! 

What does this mean for new customers?

Looking for an affordable, high-security external hard drive in today’s market? Look no further! New customers can select from two versions of the latest from IronKey: the IronKey Enterprise H300 and the IronKey Basic H300.  Both feature hardware encryption and a Section 508 compliant control panel available in eight languages, but with the IronKey Enterprise H300 hard drive, you’ll also get cloud-based, or on-premise, centralized management capabilities.

What platform is used to manage the IronKey Enterprise H300 drives?

The IronKey Enterprise H300 drives can be managed with the IronKey Enterprise Management Service or Server to establish a secure storage command center for administering the use of IronKey encrypted drives.  Both include advanced management features such as Active Malware Defense and the IronKey Silver Bullet Service so IT professionals can centrally administer policies, re-commission devices that are no longer in use and even remotely wipe, or disable, lost or stolen drives.  All you have to decide is whether you want your management capabilities in the cloud or housed internally. 

And if you happen to lose your password, don’t sweat it! The IronKey Enterprise H300 is the only drive on the market to offer secure password reset when a password is forgotten, without erasing all the content on the drive.

Where can I get an IronKey H300 hard drive?

The IronKey H300 hard drives are immediately available through Imation Mobile Security channel partners. The IronKey Basic H300 can also be purchased on our estore. Pricing is competitive, starting at $199 for 500GB and $249 for 1TB. Enterprise management licensing fees are additional for IronKey Enterprise H300 and start at $24 per year per user for management in the cloud.

What does this mean for you?

IronKey H300 hard drives offer the best value in the market today; enabling you to enjoy the high-performance benefits of USB 3.0 technology, cloud and server management capabilities, and of course, the highest security available.

 IronKey H300_LFT

by

California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.

by

The Thumb Drive Conundrum: Managed USB and Encrypted Flash Drives Attack the Insider Threat

The revelation that Edward Snowden absconded from NSA with secret files on a thumb drive has generated predictable gnashing of teeth about the use of portable USB drives in secure organizations. At the same time, government and business organizations are successfully implementing secure deployments of portable USB drives so that employees can transport data they need to be productive.

The technology issue is one of competing needs: To be productive, mobile employees need the mobility, offline storage and security afforded by USB drives. To secure data, IT needs control of how employees move information and what information is moved.

The fact is that today, IT can take control without blocking USB ports. We’re not sure what safeguards the NSA had in place, but there are technologies that could prevent or mitigate this kind of insider threat. For example, secure enterprise device management software can offer:

Device Location – with managed USB drives, software can show the locations of every managed device when they connect to the Internet on a map. This allows tracking of a device that has “gone rogue” and could aid in recovery.

The “Silver Bullet” – the ability to either password-disable or perform a remote kill to completely disable the device if it goes missing or someone is suspected of copying data they should not have on the drive.

Geofencing, IP Blocking – It is possible to add rule features so that unless the device meets certain conditions, the data is automatically wiped. For example, IT could enable “geofencing” so that if device is outside the country, the data is wiped – or if it is on an unapproved network, or outside a certain IP range.

Have a Consistent Data Security Policy

It’s really a matter of having a consistent policy for your data at rest.  Many organizations require their PCs and Macs to have full disk encryption enabled.  But that policy is not enforced when it comes to removable media like a USB drive.  By using a manageable and encrypted storage device you can maintain a secure policy for your data no matter where it goes.

If we look at the SANS Top 20 Security Controls, Critical Control #17 – Data Loss Prevention specifically addresses how best to handle sensitive data and prevent it from leaving your organization without permission.  The advice from SANS is to, “deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data,” and that “enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices.”

For workers who travel, teleworkers shifting between work and home, or contractors working with your data, a secure, managed USB thumb drive is more secure than online file sharing, and certainly better than unencrypted and unmanaged notebook computers, USB devices and smartphones. And management adds an extra layer of security against both external and insider threats.  IT can address a number of potential security threats by implementing policies that require uses to use encrypted flash drives.