Mobile Data Security Blog

Home  »  Posts tagged "IronKey"


Death, Taxes, And Being Hacked


There are some things in life that are inevitable – death and taxes at the top of the list.  To this list, I’m adding another modern day inevitability – being hacked!

You can be phished, clickjacked, spied on or attacked by a worm – the list of deadly attacks goes on. The types of malware and new attack vectors are growing at a frightening pace and trying to fight them off has become a daily concern.

Defending against cyber attacks and repairing the damage caused by hackers who break into security systems costs UK businesses a whopping £34 billion a year, according to the Centre for Economics and Business Research.  Around £18 billion of this comes from lost revenues, whilst the IT department spends the remaining £16 billion on trying to shore up defenses.

Then there are the fines.  In 2014, for example, holiday firm Think W3 suffered a serious hack in which 1,163,996 credit and debit card records were stolen. The ICO described the incident as a “staggering lapse” and issued a fine of £150,000.

And earlier this year, Barclays had to compensate 2,000 customers when their personal details were discovered on a stolen USB device – highlighting that data.

There is no escaping it – data breaches are on the increase and fines are only going to get bigger under sweeping changes to EU legislation. But all it takes is some common sense and a robust security strategy to ensure you aren’t in the firing line.


Don’t leave the doors open

When it comes to securing devices, the obvious option is encrypting and password protecting data. IT needs to install tamper-proof encryption software at the endpoint so that all data on the devices is encrypted by default. Solid security policies, when paired with advanced device management features such as remote lock and remote wipe, go a long way in protecting sensitive business data from falling into the wrong hands.


Act now

The clear message is that businesses need to get their houses in order when it comes to security. When the EU data protection regulation comes into force next year, businesses will not only need to be confident in their file transfer policies, but they will also need to be able to show a very clear audit trail.

It is not if you are going to be hacked, but when. And unlike death and taxes, this is something you can actively work to avoid.



CRUSH TEST: IronKey Windows To Go Drive vs ’85 Ford 150 Truck


That’s right.  We crush tested a 1.12 ounce IronKey™ Workspace W500 USB drive against a 1985 Ford F150 truck weighing 4,600 pounds. Odds are on the truck with its equivalent of 73,600 oz. to the IronKey Windows To Go device at 1.12 oz.  Right?  Not if it’s an IronKey.  Not only are IronKey drives the world’s most secure USB devices; they are also the most durable, ruggedized drives in the industry.  And we set out to prove it again at a press event at the Microsoft Technology Center (MTC) in Silicon Valley.

To demonstrate IronKey’s ruggedness to editors, Leon Brown drove his Ford 150 truck over theW500 device.  The result?  The IronKey device weighing a mere 1.12 oz., stood up to the crush test with only a few light surface scratches and booted a full Windows 10 desktop without any problems, just seconds after the test.  Now, imagine if your laptop was run over by a truck.  It would be broken, crumpled and all data would be destroyed.  It would also mean anywhere from $1,000 to $2,000 would go down the drain.

The event showcased the enterprise feature of Windows To Go working with Microsoft Windows 10. IronKey, Microsoft enthusiasts and key editors joined to discuss mobile workspace trends and Windows To Go as a secure way to solve BYOD, remote endpoint security, contractor enablement and more.  After the editors booted up their own IronKey workspace devices, Leon and Chris Louie conducted a hands-on lab to demonstrate how to provision and manage IronKey workspace drives.

And believe it or not, this wasn’t the most extreme test we’ve conducted.  Previous IronKey Special Ops tests have included our devices being run over by a tank, being put through the washing machine and more.  To see IronKey stand up to the Ford F150, watch a one minute video of the event here:



Introducing IronKey Workspace W200 – Affordable and Secure Windows To Go


W200 – The Basics

This morning we introduced the IronKey™ Workspace W200 – our most affordable Windows To Go device to date. The W200 is a USB 3.0 SuperSpeed Windows To Go device in a new lightweight ruggedized design. The device comes in black, includes the always present IronKey LED that signals when your device is running, and provides a loop so you can add to your keyring or a lanyard. Like all IronKey devices the W200 is waterproof, shockproof and meets MIL-STD-810G test specifications like its siblings. The W200 has excellent performance clocking Max Read speeds of 310MB/second and Max Write of 159MB/second.  I’ve compared this to my everyday W500 and don’t see any noticeable lag. Like all IronKey Windows To Go devices the W200 is Microsoft Certified and Windows 10 Ready and can be used with all IronKey deployment tools including our mass Provisioning Tool or scriptable Command Line Utility. The W200 allows for usage of Bitlocker To Go encryption so you make use of all your Microsoft skills in creating and protecting your mobile workforce.  The IronKey Workspace W200 devices are available now through our partners, starting at $96 for a 32GB device.

Top Use Cases

Where is the volume? The largest deployments of IronKey Windows To Go are coming from two types of customers. The first are those who have been saving money over deploying new hardware to employees and contractors. Telefónica Deutschland recently noted a savings of 2,500 Euros (USD approx. $2800) on hardware over a three-year period – and they’re not alone. We’re seen many organizations find they can buy 10-20 W200 devices for the price of a single laptop.

The second use case we’re seeing in volume is the “secure container” where IT is leveraging Windows To Go for consistency and security. Here how it works with VDI/VPN and Remote Workers – IT creates a Windows image that contains Windows OS, all the software to VPN in, the Citrix Receiver or VMWare Player and any security software they might need and hand those out to employees and contractors. Why? Well, the biggest answer is saving time and money for IT as it reduces support calls from users who have trouble and call in from home machines. In addition employees like it too – no longer are there the hassles of security scans and the perception of IT invading the home machine – just plug-in, boot and go.

What’s Next?

Keep an eye out on our website for some updates that I think you’ll really like.




Microsoft Licensing for Windows To Go – You Can Deploy It Now!



In my last blog post Ready for Windows 10? IronKey Windows To Go is Windows 10 Ready, I mentioned that I would cover Windows To Go licensing.  In this blog post, I’ll review three key points that I often cover for our customers when asked about Microsoft Licensing.

The key takeaway is that if you have a Volume License, you probably are already able to deploy Windows To Go today.  Now lets’ review those three key points: 


1.   Windows To Go is a “benefit” of Software Assurance

When you purchase a Microsoft Volume License, which most companies do for the cost savings over time, you either receive Software Assurance by default with all Enterprise Agreements (EA) or may purchase it as an addition. What I’ve learned after many conversations is that most SMBs and Enterprises already have a Volume License and more often than not have Software Assurance associated with it.

If you fall in to this category, then you’re all set. You can use the Windows To Go Creator included with your Enterprise Windows 10 or Windows 8 OS, or take advantage of IronKey’s mass provisioning tool or scripting capabilities for provisioning many devices.


2.   Not sure if you have a Volume License? It is easy to check.

You may be part of a company where you do not purchase your Microsoft licenses so here is what you can do. The first stop is to just check the operating system on your current PC by going to Control Panel, System and Security, and looking at the System details. If you have Windows 8/8.1 Enterprise, Windows 7 Enterprise, or Windows Vista Enterprise your company probably has an EA and therefore Software Assurance so you can go ahead and create IronKey Windows To Go devices today.

If you have other OS types like Pro, Professional, Ultimate or Business you may have a Volume License that allows it but you’ll want to ask. Your first stop is to ask your IT folks if they know, and if not, you can always track back to your reseller and ask for your companies Microsoft Licensing Agreement which will include what you need to know.


3.   Did anything change in Windows 10?

In terms of Windows To Go as a benefit of Software Assurance (and EAs)—  no change. The change that is coming with Windows 10 and Enterprise agreements is that Microsoft is making a new selection of features available only to purchasers of EAs and so I expect that we’ll see more people purchasing it over time. Some of the new Enterprise features will be fairly desirable—such as Long Term Servicing Branch will allow some PCs to remain on a stable OS for long periods of time (think kiosk) as is covered in Windows 10 for Enterprise blog post by Jim Alkove. Additionally there are a lot of new benefits to Software Assurance (as covered well by ZDNet here) such as the inclusion of Microsoft Desktop Optimization Pack (MDOP) and the of App-V functionality. As you’d expect, more features equal a higher price (making up for all the free Windows 10 upgrades Microsoft is providing to consumers) so we’ll see how it all shakes out.


IronKey’s Windows To Licensing Guide

I made a  WTG licensing reference guide that our team has found useful in addressing the many questions that arise out in the field.  Check out the licensing guide and feel free to email me with any questions you might have or alternatively you can reach out to your local Microsoft reseller for details specific to your situation.


In summary – you’re Windows To Go ready!

You’ve probably have the license you need so there is no reason to not try it out today. We’ve got a large number of customers providing Windows 10 to a portion of their workforce today using IronKey’s Microsoft Certified Windows To Go devices.




Hillary’s Lawyer’s “Thumb Drive is Secure” – Really?


So says Politico and others about the thumb drive, that Hillary Clinton’s lawyer has, containing 30,000 files off of her private email server.

By “secure”, they probably mean encrypted. That and $4 buys a latte at Starbucks.

To be secure, the drive must not only be encrypted, but have signed firmware. Most encrypted drives don’t.

Why does it matter? Malware like that created by Equation Group and others, can enter via a USB port, take up residence in a laptop or PC and phone home anything of interest to whomever put it there – ISIS, Russia, China, Kim DotCom….pick your poison.

How to be sure it’s really secure? You don’t need to ask the FBI, like Senate Judiciary Committee Chairman Chuck Grassley (R-Iowa) is doing.

Just ask the simple question of the manufacturer: Is your firmware signed? If it’s an IronKey™ drive, it is. And if it’s signed, it’s secure. For most other manufacturers’ drives, they will not have signed firmware. But ask, a few will.

If the answer is no, then the information is as public as tweets from Kim Kardashian.


Ready for Windows 10? IronKey Windows To Go is Windows 10 Ready


Windows 10 is just around the corner— with Terry Myerson announcing on Blogging Windows that Windows 10 Enterprise will be available to Volume Licensing customers beginning August 1st. The release of Windows 10 appears to be one of the most exciting releases for enterprise customers with a long list of compelling new features for security, update, and management flexibility. There are lots of good posts out there detailing predictions on what will be delivered in Windows 10 Enterprise, but in tandem with end user experience updates like the return of the Start Menu, this is the version of Windows we’ll all standardize on over time.

Windows 10: Go Ahead and Give it a Try!

Windows To Go remains a bright spot and as a key benefit of Software Assurance (and VDA licenses), the momentum will continue. As we announced at Microsoft Ignite, IronKey Windows To Go devices are now fully ready for Windows 10!  So what exactly does that mean?  If you have an IronKey Windows To Go device, you can install Windows 10 now.  Whether you’re testing builds from the Windows Insider Program or waiting for the first releases on August 1, IronKey’s Windows To Go devices can be deployed straightaway. We’re using our IronKey W300 and W500 devices to explore and test Windows 10 functionality for ourselves so feel free to give it a try.


If you’ve purchased our Mass Provisioning Tool and our scriptable Command Line Utility to produce many devices simultaneously, we are currently testing in this environment and will provide more information as we learn more. To date, the only restriction we’re seeing is that you’ll need to build Windows 8.1 devices from a Windows 8.1 PC, and Windows 10 devices from a Windows 10 PC.   From our testing efforts, and as we make use of the Windows DISM for some operations, we are seeing a need for version consistency with the current version of our tools. We’ll continue to investigate in order to make any updates as our testing proceeds. 

In short, IronKey Windows To Go is ready for Windows 10.

Haven’t Experienced Windows To Go? 

For those who haven’t yet experienced Windows To Go and want to give it a try, we’re offering a Windows To Go Intro Kit on our eStore.   Each Windows To Go Intro Kit features a 32GB IronKey Workspace W300 device with a 90-day trial version of Windows 8.1 pre-loaded, a right-angle USB adapter, and an IronKey lanyard for $89.00.  To purchase, visit IronKey eStore.  The kits will soon be available with Windows 10. 

Need to Learn More About Microsoft Licensing?

On an additional note, I’m often asked about licensing Windows for Windows To Go so I will be covering that in my next blog post. Here’s the simple summary— most Volume License holders have Software Assurance so they’re ready to deploy. If you’re not sure, I’ll be covering licensing in detail next month so please check back with us.  


IronKey Enterprise Management Server v6: Able to Run on vSphere ESXi

IronKey™ releases a long-time requested feature for our on-premises Enterprise Management Server, the ability to deploy virtually to VMware’s vSphere ESXi environments.

IronKey’s Enterprise Management, both on-premises and cloud hosted versions, remain the preferred method for organizations to manage their Windows To Go Workspace devices and secure storage devices from the same console. The release of IronKey Enterprise Management Server v6 increases deployment flexibility by removing the requirement for dedicated hardware (and the associated OS license) and supporting VMware’s popular ESXi platform. Specific host environment information is included on the IronKey Management web page, and you can always send any questions to any time.

If you are unfamiliar with IronKey Enterprise Management, the system is a highly scalable solution that provides IronKey customers the ability to manage devices securely – keep track of users, their devices, create and apply password policies as well as assist with password recovery. Some of the more popular functionality beyond the basics of user administration include the ability to reset devices, unlock Windows To Go devices for repair and updates remotely, and wipe or even render a device completely unrecoverable (detonation) remotely via our Silver Bullet command protocol.

Some additional features included with the Server v6release include support for new IronKey devices including the Enterprise S1000 ultra-fast USB 3.0 secure storage devices, our new Enterprise H350 FIPS 140-2 Level 3 certified or Enterprise H300 secure hard drives, and Smart Card access enabled W700SC Workspace devices. There are also a number of minor improvements for usability and performance.  And if preferred, the on-premises server management platform v6 can still run on your own dedicated hardware.




Our special guest blogger is Tav Venia, an IronKey sales engineer, who is based in the Washington DC area and serves our Federal and Enterprise clients. 

Unfortunately, we’ve all heard about the hack on the personnel records and social security numbers for more than 4 Million+ Federal Employees at a U.S. Government Agency.  Data lost, stolen, or hacked:  it just represents another failure to protect our federal data.  For this, and many other reasons, now more than ever it’s imperative that all types of data is securely protected— federal, classified, FOUO (For Official Use Only), defense, employee, personal, etc.   Now is the time to get out in front of any and all possible threats and attacks to assure ourselves that our data is safe and secure from what can turn into “Tomorrow’s Headline”.   

Government employees are more mobile— working in the office, in the field and from home— which increases the potential for even more data exposure risks.  The ability to securely store and transport data while on the move is a necessity.  As the Federal Team Sales Engineer, I see how our U.S. Government and Agency customers are using the IronKey™ line of hardware encrypted hard drives to securely store and protect their sensitive information, among many, many other reasons.  But with the release of our newest hard drive, the IronKey H350, government agencies can enjoy the speed and performance advantages of USB 3.0 technology while realizing the benefits of the world’s most secure USB devices including FIPS 140-2 Level 3 certification, AES-XTS 256-bit hardware encryption and centralized management.    

Our customers can now save, backup and move data wherever they may be much more rapidly taking advantage of the USB 3.0 speeds.  As technology advances, data files are exponentially growing in size, the ability to securely store and move data quickly and efficiently from the field back to the government or agency office is of even greater importance.  Forgotten password?  No worries. On managed enterprise hard drives, IronKey provides the only secure password reset mechanism that allows users to recover data without erasing the contents on the drive or using a backdoor to reset the password.  Additionally, when data is not being access or used, the IronKey H350 can protect and secure Data At Rest (DAR), another use case of importance to our U.S. Government and Agency customers.  

Personally, with my job, I am constantly on the move traveling from place to place.  I use the IronKey H350 to back up all of my laptop data because we have all been there when Windows crashes and/or becomes corrupted giving us the Blue Screen of Death (BSOD) rendering our data lost and unrecoverable.  This can be a result of a Windows error or a simple drop of your laptop which damages the hard drive.  I don’t ever want to be caught in a situation where I don’t have a backup of my data.  Thanks to my IronKey H350 USB 3.0 hard drive, it now takes less than an hour to back up all of my data, a process that used to take many hours using a USB 2.0 Hard Drive.


IronKey eUSB for ePO is Now McAfee SIA Certified

Recently I blogged about IronKey’s release of IronKey™ eUSB for McAfee ePolicy Orchestrator (ePO), an extension for ePO that provides administrators the ability to deploy and manage IronKey hardware encrypted devices. Well today we have even better news. The IronKey eUSB for McAfee ePO is now officially certified by McAfee Security Innovation Alliance (SIA). This in-depth certification process involves testing the product and reviewing the underlying code, which provides McAfee ePO managers the piece-of-mind of having a third party validate usability and compatibility for even the largest deployments.

Here at IronKey we are thrilled by this SIA Certification.   As noted by Intel Security Senior Vice President Tom Fountain, “The combination of ePolicy Orchestrator software and IronKey hardware-encrypted USB drives means our joint customers have what we believe is the best secure, managed data-transport solution available.”

So why should you be investing in hardware encrypted storage?  Today, having hardware encrypted devices is the best way to keep your data secure when roaming.  If the device is lost, misplaced or stolen, you have a double layer of security making your device impregnable – not to mention a centralized management control system that can actively destroy data when needed. Also, you can optionally run McAfee anti-virus to validate the fidelity of files stored on IronKey devices providing an additional layer of security.

Some wonder if it is worth the investment in having a hardware encrypted device that can run AV software. The answer is yes – the cost of a high security device easily outweighs the potential cost of a data breach. Ponemon Institute noted that the average cost of a data breach is $5.9M and the associated loss of business was $3.2M. Another recent survey published by SANS showed respondents ranking with the greatest exposure was malware, introduced by unmanaged devices at 13.6% and with unencrypted USB devices closely following at 8.9%.

Health and Human Services also had some shocking data points:

    • Blue Cross and Blue Shield of Tennessee lost 1M+ records due to unencrypted hard drives
    • Alaska Department of Health and Human Social Services paid a nearly $2M settlement due to data lost on an unencrypted USB flash drive
    • A company called Adult & Pediatric Dermatology lost 2,200 patient records due to an unencrypted USB flash drives

So if you’re an ePO administrator, there is good news for you. Don’t risk the cost of a data breach and use the newly certified IronKey eUSB for ePO by Intel Security. You will be thrilled in adding world class hardware encrypted storage devices and having the capability to manage them easily from your ePO console.


Keeping Patient and Hospital Information Safe

In September 2014, Forrester Research published a brief titled “Stolen and Lost Devices Are Putting Personal Healthcare Information at Risk”. Amongst the findings were two important trends:

Healthcare is becoming more mobile – approximately one-third of healthcare employees now work outside the office or clinic at least once a week.

Healthcare records are five times more likely to be lost due to device theft or accidental loss.

Today, personal healthcare information (PHI) records are more accessible than ever before. These PHI records contain important personal information such as social security numbers, medical history, and insurance information. Technological progression in the medical world is giving us advancements such as real time medical data on our smartphones and mobile messaging systems so hospital staff can get to patients faster. Although this progression is exciting, with all of this patient information floating around in technology, it makes it harder to keep our data safe.

With so much mobility, it’s not surprising that data protection has become a big problem. Mobile devices are simple to carry from one workplace to the next, but they can be easy to lose. To protect our data, we need a way to prevent unauthorized people from accessing the content of a lost or stolen device.

The solution is to use encrypted USB or external hard drives, such as the new IronKey™ S1000 3.0 USB. These secure storage devices combine encryption, which encodes data, making it unreadable to all but authorized users, with cloud-based management functionality that enables an organization to remotely wipe data from a device even if it is no longer in their possession.

Healthcare facilities need to address the realities of mobile work practices but they also need to protect the information in their care. The task is made a lot easier with a good device policy and the right tools.