Past attempts to create centralized security policy have had mixed results. For example, OMB Memo’s regarding portable device encryption (PDF link) were sometimes ignored by individual agencies. Security experts wonder if this time will be different…
“Unless they actually control some purse strings, all they can do is beg, plead, cajole and evangelize,” Schneier said. “They can’t really get anything done and that’s been traditionally the problem with cybersecurity czars.”
Data Security, Government
NEC announced the first USB3.0 host controller last week. The new USB3.0 spec has a theoretical throughput of 4.8 Gbps, which is a 10x improvement over USB2.0. The new SuperSpeed USB will also allow external devices to draw more power through the USB interface.
As a pioneer in USB Flash Drive security and the creator of the world’s first Firewire and eSATA Flash Drives, you can be sure that Kanguru will be at the forefront of any new developments in external storage including USB3.0.
Portable Storage
USB Flash Drives have become a fixture in the workplace due to their small size and large storage capacity. These two factors have also made them a security concern for the IT staff. Users often take advantage of the device portability and use corporate flash drives in unauthorized locations like home PC’s. With new management tools from Kanguru you can restrict your organization’s flash drives to only authorized locations.
Configuring Devices with Kanguru Administrator Tool
Select Kanguru flash drives can now be configured for IP/Domain Access Control using the Defender Administrator or Bio Administrator tools. Configuring devices is simple:
- Select “Enable Access Control”
- Choose between Blacklist or Whitelist approach
- Enter allowed or restricted IP Addresses and Domains
The devices will now check for an authorized IP/Domain whenever they are plugged in. Devices will be disabled on unauthorized machines.
Setting USB Usage Policies
IP/Domain Access Control gives you greater control over your USB usage policies. Examples include:
- Allow drives to be used inside the corporate domain, prevent employees from using at home
- Restrict usage to company-owned laptops only
- Prevent CLASSIFIED government devices from accessing UNCLASSIFIED networks
Unmanaged USB flash drives leave your control once you hand them out to users. Kanguru Administrator tools help you take back control over portable device policy.
Remotely Managing USB Devices
Even though your flash drives have left your hands, you can still update your USB policies remotely with Kanguru Remote Management Console. If the IP address or domain changes at a later date just create an action in the management console and devices will be updated the next time they are plugged in. This function can also be used to allow temporary access to a workstation. Use this to avoid angry executives who cannot access their presentation at a client’s site!
Data Security
The UK Ministry of Defence is losing laptops at a rate of one every 12 days. In addition, 20 USB Flash Drives have been reported missing year-to-date.
As quoted at ITPro, Ministry of State Bob Ainsworth claimed that “new processes, instructions and technological aids” were being used to “mitigate” human error. One would hope that these new procedures include embedded hardware-level encryption in all mobile devices.
Data Security, Government
A security tip from the US Computer Emergency Response Team (US-CERT): Cyber Security Tip ST08-001
How can you protect your data? The first step that US-CERT recommends is encryption…
Take advantage of security features - Use passwords and encryption on your USB drive to protect your data, and make sure that you have the information backed up in case your drive is lost
Data Backup, Data Security
Computing follows up on recent NHS security lapses and notes that “more organisations are waking up to the need to encrypt mobile devices”.
Butler Group’s Kellett added that using the economic downturn as an excuse for non-deployment was very misguided: “OK, we’re in a downturn – but we have to ensure that the business is firing on all cylinders and the last thing we want to be is on the front page of Computing surrounded with bad headlines.”
Data Security, Government, Healthcare
From the Daily Mail: Computer hard drive sold on eBay ‘had details of top secret U.S. missile defence system’
I think that headline pretty much speaks for itself. I’ll just throw in a plug for the Kanguru Hard Drive Duplicator, which has built-in hard drive wipe functionality. The HDD Duplicator uses a data wipe algorithm complying with US DOD 5220-22.M Standard. Simply deleting or re-formating a drive is not always sufficient to make data unrecoverable.
Data Security, Duplication
Oklahoma has recently suffered several data breaches involving lost laptops and USB flash drives. Oklahoma is not the only state to struggle with data security, but they are one of only four states that do not have a Chief Information Officer. With budgets shrinking, it will be interesting to see how States weigh the upfront cost of implementing encryption with the potentially higher cost of a data breach.
Tulsa World editorializes here. An Oklahoma State Rep blogs about proposed legislation here.
Data Security, Government
Last week the NHS reported four more data breach incidents, two involving USB flash drives containing sensitive personal info. In one case, someone took the effort to encrypt the data, but then affixed the password with a post-it note. In the other case, the flash drive was unprotected and left at a car wash.
Following an investigation, it became clear that the information contained on the memory stick was only looked at by the car wash attendant before returning it to the hospital.
It’s good to see health care organizations use encryption to protect patient data. Unfortunately, good policy can be defeated with a simple post-it note. Organizations can go a step further by remotely managing their portable devices. With prompt incident reporting, a lost drive can be deleted or disable before the any data can be accessed. And you have the audit logs to prove it.
Data Security, Government, Healthcare
Follow us on Twitter