Mobile Data Security Blog

Home  »  Posts tagged "encrypted flash drive"


CRUSH TEST: IronKey Windows To Go Drive vs ’85 Ford 150 Truck


That’s right.  We crush tested a 1.12 ounce IronKey™ Workspace W500 USB drive against a 1985 Ford F150 truck weighing 4,600 pounds. Odds are on the truck with its equivalent of 73,600 oz. to the IronKey Windows To Go device at 1.12 oz.  Right?  Not if it’s an IronKey.  Not only are IronKey drives the world’s most secure USB devices; they are also the most durable, ruggedized drives in the industry.  And we set out to prove it again at a press event at the Microsoft Technology Center (MTC) in Silicon Valley.

To demonstrate IronKey’s ruggedness to editors, Leon Brown drove his Ford 150 truck over theW500 device.  The result?  The IronKey device weighing a mere 1.12 oz., stood up to the crush test with only a few light surface scratches and booted a full Windows 10 desktop without any problems, just seconds after the test.  Now, imagine if your laptop was run over by a truck.  It would be broken, crumpled and all data would be destroyed.  It would also mean anywhere from $1,000 to $2,000 would go down the drain.

The event showcased the enterprise feature of Windows To Go working with Microsoft Windows 10. IronKey, Microsoft enthusiasts and key editors joined to discuss mobile workspace trends and Windows To Go as a secure way to solve BYOD, remote endpoint security, contractor enablement and more.  After the editors booted up their own IronKey workspace devices, Leon and Chris Louie conducted a hands-on lab to demonstrate how to provision and manage IronKey workspace drives.

And believe it or not, this wasn’t the most extreme test we’ve conducted.  Previous IronKey Special Ops tests have included our devices being run over by a tank, being put through the washing machine and more.  To see IronKey stand up to the Ford F150, watch a one minute video of the event here:



Introducing IronKey Workspace W200 – Affordable and Secure Windows To Go


W200 – The Basics

This morning we introduced the IronKey™ Workspace W200 – our most affordable Windows To Go device to date. The W200 is a USB 3.0 SuperSpeed Windows To Go device in a new lightweight ruggedized design. The device comes in black, includes the always present IronKey LED that signals when your device is running, and provides a loop so you can add to your keyring or a lanyard. Like all IronKey devices the W200 is waterproof, shockproof and meets MIL-STD-810G test specifications like its siblings. The W200 has excellent performance clocking Max Read speeds of 310MB/second and Max Write of 159MB/second.  I’ve compared this to my everyday W500 and don’t see any noticeable lag. Like all IronKey Windows To Go devices the W200 is Microsoft Certified and Windows 10 Ready and can be used with all IronKey deployment tools including our mass Provisioning Tool or scriptable Command Line Utility. The W200 allows for usage of Bitlocker To Go encryption so you make use of all your Microsoft skills in creating and protecting your mobile workforce.  The IronKey Workspace W200 devices are available now through our partners, starting at $96 for a 32GB device.

Top Use Cases

Where is the volume? The largest deployments of IronKey Windows To Go are coming from two types of customers. The first are those who have been saving money over deploying new hardware to employees and contractors. Telefónica Deutschland recently noted a savings of 2,500 Euros (USD approx. $2800) on hardware over a three-year period – and they’re not alone. We’re seen many organizations find they can buy 10-20 W200 devices for the price of a single laptop.

The second use case we’re seeing in volume is the “secure container” where IT is leveraging Windows To Go for consistency and security. Here how it works with VDI/VPN and Remote Workers – IT creates a Windows image that contains Windows OS, all the software to VPN in, the Citrix Receiver or VMWare Player and any security software they might need and hand those out to employees and contractors. Why? Well, the biggest answer is saving time and money for IT as it reduces support calls from users who have trouble and call in from home machines. In addition employees like it too – no longer are there the hassles of security scans and the perception of IT invading the home machine – just plug-in, boot and go.

What’s Next?

Keep an eye out on our website for some updates that I think you’ll really like.




Hillary’s Lawyer’s “Thumb Drive is Secure” – Really?


So says Politico and others about the thumb drive, that Hillary Clinton’s lawyer has, containing 30,000 files off of her private email server.

By “secure”, they probably mean encrypted. That and $4 buys a latte at Starbucks.

To be secure, the drive must not only be encrypted, but have signed firmware. Most encrypted drives don’t.

Why does it matter? Malware like that created by Equation Group and others, can enter via a USB port, take up residence in a laptop or PC and phone home anything of interest to whomever put it there – ISIS, Russia, China, Kim DotCom….pick your poison.

How to be sure it’s really secure? You don’t need to ask the FBI, like Senate Judiciary Committee Chairman Chuck Grassley (R-Iowa) is doing.

Just ask the simple question of the manufacturer: Is your firmware signed? If it’s an IronKey™ drive, it is. And if it’s signed, it’s secure. For most other manufacturers’ drives, they will not have signed firmware. But ask, a few will.

If the answer is no, then the information is as public as tweets from Kim Kardashian.


IronKey eUSB for ePO is Now McAfee SIA Certified

Recently I blogged about IronKey’s release of IronKey™ eUSB for McAfee ePolicy Orchestrator (ePO), an extension for ePO that provides administrators the ability to deploy and manage IronKey hardware encrypted devices. Well today we have even better news. The IronKey eUSB for McAfee ePO is now officially certified by McAfee Security Innovation Alliance (SIA). This in-depth certification process involves testing the product and reviewing the underlying code, which provides McAfee ePO managers the piece-of-mind of having a third party validate usability and compatibility for even the largest deployments.

Here at IronKey we are thrilled by this SIA Certification.   As noted by Intel Security Senior Vice President Tom Fountain, “The combination of ePolicy Orchestrator software and IronKey hardware-encrypted USB drives means our joint customers have what we believe is the best secure, managed data-transport solution available.”

So why should you be investing in hardware encrypted storage?  Today, having hardware encrypted devices is the best way to keep your data secure when roaming.  If the device is lost, misplaced or stolen, you have a double layer of security making your device impregnable – not to mention a centralized management control system that can actively destroy data when needed. Also, you can optionally run McAfee anti-virus to validate the fidelity of files stored on IronKey devices providing an additional layer of security.

Some wonder if it is worth the investment in having a hardware encrypted device that can run AV software. The answer is yes – the cost of a high security device easily outweighs the potential cost of a data breach. Ponemon Institute noted that the average cost of a data breach is $5.9M and the associated loss of business was $3.2M. Another recent survey published by SANS showed respondents ranking with the greatest exposure was malware, introduced by unmanaged devices at 13.6% and with unencrypted USB devices closely following at 8.9%.

Health and Human Services also had some shocking data points:

    • Blue Cross and Blue Shield of Tennessee lost 1M+ records due to unencrypted hard drives
    • Alaska Department of Health and Human Social Services paid a nearly $2M settlement due to data lost on an unencrypted USB flash drive
    • A company called Adult & Pediatric Dermatology lost 2,200 patient records due to an unencrypted USB flash drives

So if you’re an ePO administrator, there is good news for you. Don’t risk the cost of a data breach and use the newly certified IronKey eUSB for ePO by Intel Security. You will be thrilled in adding world class hardware encrypted storage devices and having the capability to manage them easily from your ePO console.


Could You Pass a Privacy Audit? Healthcare and Australia’s Privacy Regulations


Our special guest blogger, Elizabeth Parsons, is based in Melbourne and is responsible for growing the Imation Mobile Security business in Australia and New Zealand.  

Last year the Australian Federal Government ushered in a new set of Australian Privacy Principles (APPs) and in the process, dramatically overhauled the obligations of organisations regarding the collection, use, storage and security of personal data.  The changes were expected to have a big impact on data handling within the healthcare industry, as the regulations particularly targeted all Australian Government agencies, businesses with a turnover of more than $3 million or trade in personal information, and private health service providers.

Twelve months on, it’s timely to consider how well your organisation has responded to the new requirements, and to ask yourself:  Would your organisation pass a privacy audit if one was held tomorrow?

The Basics

One of the first changes that should have been introduced by every facility or institution is an updated, accessible privacy policy. This should advise individuals of your obligations, the kind of personal information collected, how it is collected, the purpose for collection, how an individual can access that information, and how they can make a complaint about any breaches of the APPs.

Following on from this, every organisation should also now have an internal guide to privacy compliance.  The aim of this is to ensure that the staff will understand the legal requirements when dealing with personal data. It should also articulate the organisation’s own rules and processes relating to collection and storage of data.

The Problem of Security

One of the most critical obligations under the APPs is security.  The eleventh privacy principle states:

“If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:

(a) from misuse, interference and loss; and

(b) from unauthorised access, modification or disclosure.”

And it’s here that, even today, many healthcare organisations find their privacy efforts falling short, because keeping data safe from accidental loss or malicious activity such as viruses, worms and hackers isn’t always straightforward or easy.

While most organisations have measures in place to secure data on the network, the main area of vulnerability is mobile data.  When a clinician carries patient data on their laptop from their consulting rooms to the hospital, what happens if the laptop is stolen?  Or when a USB stick is used to send information from one facility to another, what is the outcome if the USB is dropped and lost?

No matter whether confidential information is breached due to theft, malware, spyware, or just a simple accidental loss, there are serious consequences. Since 2014, failure to comply with Australia’s new privacy laws can leave an organisation liable for a fine of up to $1.7 million.

Doing away with mobility is not the answer.  The efficiencies and improvements to health outcomes arising from a more mobile health force are too great to ignore. Therefore, it’s clear healthcare facilities have to find a way to keep mobile data safe.

A Two-pronged Response

The solution is to adopt a two-pronged approach to mobile data security by only using drives that offer encryption supported by data management.

Encryption involves coding data on the drive so it remains unreadable to anyone who doesn’t have the right “key”.  If the USB or hard drive is lost or stolen, the contents remain obscured and inaccessible. One of the most appealing aspects of encryption is there are no technology barriers to its adoption, and compared to the cost of a data breach, the investment required is relatively insignificant.

The second part of the approach is a management capability that brings control to the data on the device.  For example, at some stage an employee will forget their password, rendering them unable to access the corporate network. With the right management capabilities, IT can not only reset the password but when the user logs on, they can cross-reference the IP address of their machine against a map in order to ascertain if the person is indeed who they say they are. If IT has any suspicions, they can remotely wipe the hardware device that the employee is working from and kill all encrypted data.  Management functions also enable IT to force a device to be in read-only mode, remotely make password changes and re-commission devices that are no longer in use.

Together, encryption and management ensure confidential and private information on USB and external drives to remain protected, even if the drive is lost or stolen and lands in someone else’s hands.

The 2014 changes to Australia’s privacy regulations have put the data management practices of Australia’s government agencies and private sector organisations under the spotlight. For the healthcare industry, securing confidential patient data has never been more important with the increasing amount of records being transferred to electronic records. Achieving the necessary degree of security requires more than good intentions. It demands a comprehensive mobile security solution built around strong encryption, robust identity management, and policy-based data management.



Introducing the IronKey S1000 USB 3.0 Storage Drive


Meet the newest addition to the IronKey™ secure storage family of flash drives:  The IronKey S1000.  Building upon IronKey’s history of providing the world’s most secure USB storage devices, users now have a choice between IronKey’s industry-leading USB 2.0 and 3.0 devices.  Check out some of the highlights of the IronKey S1000:

Blazing Fast USB 3.0 Performance

Realize read speeds of up to 400 MB/sec and write speeds up to 300MB/sec. That’s double the performance of competing hardware-encrypted USB 3.0 flash drives and up to 10x faster than a USB 2.0 drive. Storage size has doubled too, with capacity up to 128GB.

Strongest USB Security Available Today

The S1000 protects files with Federal Information Processing Standards (FIPS) 140-2 Level 3 and National Institute of Standards and Technology (NIST)-approved XTS-AES 256-bit encryption, ensuring compliance with the most stringent government and industry regulations while allowing workers to remain mobile.  As with our other products, the S1000 requires code signing for firmware updates  and protects against attacks such as BadUSB and now the most recent Equation Group hard drive attacks to which other USB vendors are vulnerable.

Additionally, the IronKey S1000 military-grade, ruggedized design resists physical tampering and will self-destruct if unauthorized attempts to physically obtain access to the data are made.

Backed by a Lifetime Warranty

Our products are built to last.  They can withstand being run over by a Land Rover and multiple cycles in the washing machine.   In an industry first, we are offering a lifetime warranty for our IronKey S1000 family.  

The IronKey S1000 is available in two versions for maximum flexibility:  IronKey Basic S1000 and the centrally managed IronKey Enterprise S1000. 

Which product should I use?

If you have a desktop, laptop or tablet with USB 2.0 ports, the IronKey S250 and D250 devices are a perfect fit.  But if you have a desktop, laptop or tablet with USB 3.0 ports, you’ll want to look to the IronKey S1000 to take advantage of the faster speeds, enhanced encryption and the lifetime warranty.   


Thwarting the Insider Threat


Autumn is returning, reluctantly we’re turning our back on summer, and we are looking forward to the Holiday season. Undoubtedly, this comes with increased people taking vacations, working remotely, and the unlucky few taking their laptops on holidays. For many organizations, this is pretty risky business because the sensitive corporate information is now travelling along with their employees. Although many organizations rarely expect their loyal employees to steal company data, many are prepared for security attacks.

Following the Edward Snowden revelations in 2013, IT departments are now tasked with monitoring potential insider threats. Snowden’s work with US intelligence agencies put him in the position of a highly trusted employee, providing him with everything he needed to accomplish what he set out to do. There were no measures in place to prevent what was possibly the biggest information leak in the history of the US.

The risks come from those who intentionally misuse their access to data to cause a detrimental impact on the confidentiality and integrity of sensitive information.

Although there are a number of routes to secure intellectual property, if the authorities, from whom Snowden was stealing from, had a manageable and encrypted flash drive, such as an IronKey™ Windows To Go drive, they could have tracked the information from anywhere. Any activity on the drive could have been monitored from an on-premise or cloud-based management service. This would have ensured them the ability to restrict where the device could be used, or resort to remotely locking it down, so no one could access the data.

If data isn’t encrypted, its integrity can easily and quickly be compromised, and therefore it is essential to know where, and who, is accessing information. This can be difficult across a fragmented IT environment, however, companies need to be confident that if a device is considered to be compromised, they can remotely lock it down, wipe it, or initiate a self-destruct sequence to remove the data, to protect themselves and their stakeholders.

Protecting intellectual property should be a priority for all organizations. Disabling outdated user accounts when employees exit an organization, implementing policies with privileged account passwords, updating them regularly and limiting access to corporate systems, are all crucial to keeping data secure. That’s where the Windows to Go Drive comes in:  a secure, IT-managed, Microsoft certified USB drive that contains a fully functional corporate Windows desktop. Employees insert the Microsoft certified USB drives into their home computers, hot desks, or tablets that feature USB ports, and receive a secure desktop  as well as secure access to all applications they use in an office setting.

Unlike a virtualized or online remote access solution, this portable workspace offers full host computer isolation, which means documents cannot be saved to the host machine, but are saved to the USB drive.

This way, all data will remain secure without the threat of a potential data breach ensuring safety for all!


IronKey Workspace W700


The Problem With BYOD (Computers)

Sure, everybody is excited about BYOD. You can use your personal phone to make business calls and read your corporate email. But the real cost savings for BYOD is “bring your own computer- BYOC”. There is no need to purchase, maintain, and upgrade computers; we just let the employees do that.

But wait; there are two BIG issues with Bring Your Own Computer.  The first is an IT issue. The IT team has to install applications, security tools, and management software onto each employee’s laptop. That means IT has to support a range of computer types (including Macs) and OS versions, and deal with incompatible applications running on the employee’s personal device.

The second issue is all about end-user satisfaction. I can hear the screaming now.  “What do you mean you are going to install monitoring software, file scanning, corporate applications, and Internet proxies on MY PERSONAL COMPUTER??   How much space is that going to take? Does this mean Corporate can see my personal files?” My users will rebel.

Good news for IT and the end user –  both of these issues can be easily addressed with Windows To Go.  Let them use their personal hardware – Macs, PC laptops, tablets – but have them run their corporate workspace from an IronKey ”PC-on-a-Stick”  Windows To Go USB flash drive. They run IT’s corporate Windows image with locked-down security controls and policies, applications, and data, but IT never touches their personal hard drive. Complete isolation between work and personal environments!

If you want happy employees, let them use their personal PC, but have them use an IronKey Windows To Go drive and don’t touch their personal system.  This is truly win-win. IT saves a boatload of money and users have a portable corporate workspace they can plug into their personal laptop, a home computer, or a computer they borrow at work.  When was the last time you rolled out a major cost savings initiative and got happy users at the same time! BYOC – bring it on!


Savvy Security Users: IronKey USB 3.0 Hard Drives Now Available!


New IronKey™ USB 3.0 SuperSpeed Hard Drive – First to Offer Cloud Management

To all you savvy security users, here’s some great news! The IronKey Enterprise H300 USB 3.0 SuperSpeed external hard drives are now availableThese new devices can be managed in the cloud or on-premise with the same console used to manage IronKey Enterprise S/D 250 flash drives and IronKey Workspace W700/W500 devices for Windows To Go.

What does this mean for existing customers?

This product lets you enjoy the high-performance benefits of USB 3.0 while safeguarding up to 1TB of data on a USB hard drive.  If you want management capabilities, and are already using the IronKey Enterprise Management Console for IronKey Enterprise flash drives or our secure workspace devices, then all you need to do is add this device. Quick and easy! 

What does this mean for new customers?

Looking for an affordable, high-security external hard drive in today’s market? Look no further! New customers can select from two versions of the latest from IronKey: the IronKey Enterprise H300 and the IronKey Basic H300.  Both feature hardware encryption and a Section 508 compliant control panel available in eight languages, but with the IronKey Enterprise H300 hard drive, you’ll also get cloud-based, or on-premise, centralized management capabilities.

What platform is used to manage the IronKey Enterprise H300 drives?

The IronKey Enterprise H300 drives can be managed with the IronKey Enterprise Management Service or Server to establish a secure storage command center for administering the use of IronKey encrypted drives.  Both include advanced management features such as Active Malware Defense and the IronKey Silver Bullet Service so IT professionals can centrally administer policies, re-commission devices that are no longer in use and even remotely wipe, or disable, lost or stolen drives.  All you have to decide is whether you want your management capabilities in the cloud or housed internally. 

And if you happen to lose your password, don’t sweat it! The IronKey Enterprise H300 is the only drive on the market to offer secure password reset when a password is forgotten, without erasing all the content on the drive.

Where can I get an IronKey H300 hard drive?

The IronKey H300 hard drives are immediately available through Imation Mobile Security channel partners. The IronKey Basic H300 can also be purchased on our estore. Pricing is competitive, starting at $199 for 500GB and $249 for 1TB. Enterprise management licensing fees are additional for IronKey Enterprise H300 and start at $24 per year per user for management in the cloud.

What does this mean for you?

IronKey H300 hard drives offer the best value in the market today; enabling you to enjoy the high-performance benefits of USB 3.0 technology, cloud and server management capabilities, and of course, the highest security available.

 IronKey H300_LFT


California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.