Mobile Data Security Blog

Home  »  Posts tagged "hardware encryption"


IronKey eUSB for ePO is Now McAfee SIA Certified

Recently I blogged about IronKey’s release of IronKey™ eUSB for McAfee ePolicy Orchestrator (ePO), an extension for ePO that provides administrators the ability to deploy and manage IronKey hardware encrypted devices. Well today we have even better news. The IronKey eUSB for McAfee ePO is now officially certified by McAfee Security Innovation Alliance (SIA). This in-depth certification process involves testing the product and reviewing the underlying code, which provides McAfee ePO managers the piece-of-mind of having a third party validate usability and compatibility for even the largest deployments.

Here at IronKey we are thrilled by this SIA Certification.   As noted by Intel Security Senior Vice President Tom Fountain, “The combination of ePolicy Orchestrator software and IronKey hardware-encrypted USB drives means our joint customers have what we believe is the best secure, managed data-transport solution available.”

So why should you be investing in hardware encrypted storage?  Today, having hardware encrypted devices is the best way to keep your data secure when roaming.  If the device is lost, misplaced or stolen, you have a double layer of security making your device impregnable – not to mention a centralized management control system that can actively destroy data when needed. Also, you can optionally run McAfee anti-virus to validate the fidelity of files stored on IronKey devices providing an additional layer of security.

Some wonder if it is worth the investment in having a hardware encrypted device that can run AV software. The answer is yes – the cost of a high security device easily outweighs the potential cost of a data breach. Ponemon Institute noted that the average cost of a data breach is $5.9M and the associated loss of business was $3.2M. Another recent survey published by SANS showed respondents ranking with the greatest exposure was malware, introduced by unmanaged devices at 13.6% and with unencrypted USB devices closely following at 8.9%.

Health and Human Services also had some shocking data points:

    • Blue Cross and Blue Shield of Tennessee lost 1M+ records due to unencrypted hard drives
    • Alaska Department of Health and Human Social Services paid a nearly $2M settlement due to data lost on an unencrypted USB flash drive
    • A company called Adult & Pediatric Dermatology lost 2,200 patient records due to an unencrypted USB flash drives

So if you’re an ePO administrator, there is good news for you. Don’t risk the cost of a data breach and use the newly certified IronKey eUSB for ePO by Intel Security. You will be thrilled in adding world class hardware encrypted storage devices and having the capability to manage them easily from your ePO console.


Introducing the IronKey S1000 USB 3.0 Storage Drive


Meet the newest addition to the IronKey™ secure storage family of flash drives:  The IronKey S1000.  Building upon IronKey’s history of providing the world’s most secure USB storage devices, users now have a choice between IronKey’s industry-leading USB 2.0 and 3.0 devices.  Check out some of the highlights of the IronKey S1000:

Blazing Fast USB 3.0 Performance

Realize read speeds of up to 400 MB/sec and write speeds up to 300MB/sec. That’s double the performance of competing hardware-encrypted USB 3.0 flash drives and up to 10x faster than a USB 2.0 drive. Storage size has doubled too, with capacity up to 128GB.

Strongest USB Security Available Today

The S1000 protects files with Federal Information Processing Standards (FIPS) 140-2 Level 3 and National Institute of Standards and Technology (NIST)-approved XTS-AES 256-bit encryption, ensuring compliance with the most stringent government and industry regulations while allowing workers to remain mobile.  As with our other products, the S1000 requires code signing for firmware updates  and protects against attacks such as BadUSB and now the most recent Equation Group hard drive attacks to which other USB vendors are vulnerable.

Additionally, the IronKey S1000 military-grade, ruggedized design resists physical tampering and will self-destruct if unauthorized attempts to physically obtain access to the data are made.

Backed by a Lifetime Warranty

Our products are built to last.  They can withstand being run over by a Land Rover and multiple cycles in the washing machine.   In an industry first, we are offering a lifetime warranty for our IronKey S1000 family.  

The IronKey S1000 is available in two versions for maximum flexibility:  IronKey Basic S1000 and the centrally managed IronKey Enterprise S1000. 

Which product should I use?

If you have a desktop, laptop or tablet with USB 2.0 ports, the IronKey S250 and D250 devices are a perfect fit.  But if you have a desktop, laptop or tablet with USB 3.0 ports, you’ll want to look to the IronKey S1000 to take advantage of the faster speeds, enhanced encryption and the lifetime warranty.   


Secure Mobility Face-off: Windows To Go vs. Laptop and VDI

BYOD is a game changer for the mobile workforce, and IT leaders are waking up to the opportunity.

One case in point: State Tech reported that Fairfax County, VA is issuing Windows To Go drives to employees who work remotely, “improving productivity and reducing the number of employee-owned PCs that IT must support.”

“There’s nothing to install or configure. Employees simply plug the drives into their Windows 7– or Windows 8–compatible PCs or other devices, connect to the county network via a virtual private network, and work anytime, anywhere.”

Microsoft’s Windows To Go – an enterprise feature of Windows 8.1 – is a simple, cost effective way to liberate the corporate desktop from any single device by placing a full version of Windows 8.1, applications, security tools and policies onto a secure USB 3.0 stick. Employees and/or contractors now can work securely on most any laptop or tablet with a USB port.

Imation™ was an early proponent of the mobile USB workspace, so it’s gratifying to for us to see the growing excitement and adoption of Windows To Go among both enterprise and government organizations. As we meet forward-thinking IT leaders at seminars, trade shows, events around the world, it’s increasingly clear that Windows To Go represents an exciting and pragmatic new way to work for teleworkers, contractors and road warriors – and even students and teachers.

IT needs to keep evaluating new ways to increase security, manageability and flexibility for a mobile workforce while managing costs. In this context, we’re hearing from customers that Windows To Go delivers advantages over laptops in five key areas, as illustrated in our infographic, below:

  • Cost – The Windows To Go drive can be the D in the BYOD strategy, costing 1/5 to 1/10 what it would cost to deploy a laptop – a benefit for BYOD strategy and easing replacement costs for lost or stolen drives.
  • Security – The Ponemon Institute reports that only 31% of lost or stolen laptops were enabled for encryption. Standardizing on a Windows To Go certified, hardware encrypted USB 3.0 drive dramatically improves security from data breaches.
  • Manageability – Windows To Go lets you centrally manage the OS just as you do with laptops. In addition, innovations such as the IronKey Enterprise Service add the ability to track Windows To Go drives and do remote wipe or remote detonation if they are lost or stolen.
  • Deployment – Windows To Go drives are easy to deploy, lightweight to carry, and less costly to ship. And with provisioning tools, even hardware encrypted drives can be deployed centrally by the dozen.
  • Resilience – IDC report that 86% of organizations have had laptops lost or stolen, and more than half of those reported a security breach. A ruggedized, hardware encrypted drive like the IronKey Workspace W500™ resists both physical damage and physical tampering, and is useless to a thief if lost or stolen.

Of course, you can’t use a Windows To Go drive without a laptop. But when the work environment is on the move and BYOD is changing the rules of the game, Windows To Go delivers for IT and employees across multiple fronts.

We plan go into each of these advantages in more detail on the IronKey blog over the next few weeks, so watch this space. Comment below to share your thoughts in the meantime.

And if you want to learn more, download our latest whitepaper, an in-depth look at how organizations can use Windows To Go to empower and secure the mobile workforce.

Infographic Image


The Security You Need

Organizations have different security needs, and different departments require different levels of security. When we brought together portable USB security leaders MXI Security, IronKey™, and Imation’s Defender™ collection to form the Imation Mobile Security group, our opportunity was to bring together the best of these technology leaders, so we could have a portfolio of products to satisfy all security levels.

Today, we are announcing that we have unified these powerful technologies under the IronKey brand, one of the most trusted and recognized in the security business. Beyond the iconic IronKey secure flash drives, the Imation Defender Collection is now included under the IronKey brand.

The overall result of this rebranding is a simpler, more streamlined product set.  Customers now can turn to the IronKey portfolio for hardware encrypted USB flash and hard disk drives with biometric authentication, manage drives with the IronKey ACCESS ™ on-premise device management system, and find encrypted USB drives compatible with McAfee ePO software. All this in addition to the iconic IronKey 250 drives – called The World’s Most Secure Flash Drive™ — and the new IronKey Workspace family for Windows To Go.

secure-portable-storage-products-large (2)

IronKey Secure Portable Storage Products

Visit to view the full portfolio, and find the right solution for your organization.


Bring out the heavy hardware to protect passwords

Use strong passwords, un-guessable security codes and hardware encryption to defeat advanced threats

As long as you have a password in place, your data is protected, right? The number and types of breaches we saw in 2012 challenge this notion. From LinkedIn to eHarmony to Twitter, cyber thieves have been on the hunt to break the barriers of thousands of simple passwords. And what is most chilling? it’s not going to stop.

Passwords have been around since the dawn of the digital age, but they are not well understood. Simple, overused passwords can’t protect data from even low-skilled hackers. And people are people, and even when they are outfitted with The World’s Most Secure Flash Drive, need a reminder that making your password “password” is no longer (if ever) considered clever or safe.

With rising attention to data privacy and increasing risk of data breaches, there will be more encryption across all devices and platforms in 2013. Which means that it is never too soon to revisit the password. Here are four best practices organizations should follow to improve password strength their organization:

  1. Passwords must be longer, stronger and un-guessable
    Passwords protected in software are subject to offline brute force attacks, which is why web service hacks can be so devastating. Attackers can go through a database of passwords they have obtained and crack them at their leisure.  It is remarkable the number of individuals who use the password “password” or “123456”. These passwords are often the first ones breached by cyber-thieves, as can be noted in last years LinkedIn and Twitter breaches.

    • Instead, choose a unique password, with character complexity and a combination of both letters and numbers. A strong password should be at least 12 characters long. The rule is that the longer the password, the longer it will protect you. A good hacker can breach an 8-character password in a few days; a 15 character password might take a year.
    • To make the password even stronger, the character complexity should be at random, as complexity alone is not enough to stop a hacker in today’s digital age. Having a strong password makes offline attacks much more difficult for hackers.
  2. Remember Personal Information is Out There
    With today’s heavy social media presence, the names of your dog or your mother’s maiden name are no longer confidential information. The public has access to the information you post on your social media site, and unwittingly offer clues to clever hackers. When choosing security questions for password recovery, be mindful of the information that is public, and create passwords that revolve around something actually “private.”
  3. Use Hardware Encryption to Combat Advanced Software Threads
    Avoiding the threat of brute force attacks on passwords requires heavier hardware – hardware encryption, that is. A password protected in the right kind of hardware makes security simpler, because this kind of brute force attack to decrypt the password is not possible. The hardware will lock up after a low number of attempts (set by policy), and then the attack stops.

And finally, a bonus point: Remember to set strong policies and educate employees. Cyber-thieves are becoming more sophisticated, and strong passwords are the best defense. Organizations must create stricter guidelines for employee password security in order to keep their employee’s personal and the company’s corporate data secure.


Obama’s Executive Order and Critical Infrastructure Protection

The big news this week in cybersecurity was the Executive Order from President Obama regarding our nation’s critical infrastructure, a catch-all term that includes power plants, water treatment plants and a lot of other utilities and services that, if impeded, could impact our lives in significant ways.

Reading through the text, the Order mainly allows for information exchange between government entities tracking nefarious interests and the private organizations running the critical infrastructure those nefarious interests would aim to sabotage. Certainly, this sharing of data can only help. By learning what the government is hearing, the companies will no doubt be better armed to know where an attack might be coming from.

Perhaps the biggest positive result of the President’s move is that the spotlight is now on the issue of critical infrastructure protection, at least for the time being. And I think it’s easy for anyone to conclude that the executive order does not go nearly far enough in providing guidance or dictating rules so that the infrastructure can be best protected.

Critical infrastructure protection is a complicated beast, made ever the more complicated because of the changing nature of the workplace. As an example, we live in a world that is more and more mobile. Even the U.S. government is encouraging its agencies to support mobile work environments. But a mobile world introduces new attack vectors for those who wish to do harm, let alone the vectors that already exist in our interconnected computing environments.

It can be a daunting challenge to secure these environments. Organizations are being targeted through remote attacks and their employees are also being targeted as travelers so they bring back malicious threats into the organization. As we’ve seen on more than one occasion, employees at many organizations have inadvertently carried malware and other malicious software into their work areas and have accidentally installed that software onto IT infrastructure.

The security industry needs to give organizations an advantage over malicious software.  A comprehensive approach to cybersecurity will address these and other scenarios.

One place to start is where our IronKey solutions sit– providing secure, mobile workspaces that are centrally managed. This allows employees at any company, let alone those operating our critical infrastructure, to work in any environment without risking a security compromise.

Solutions that involve hardware encryption, encryption key management, and strong administrative and access management controls should be incorporated into any government-driven requirements for critical infrastructure IT systems.